Event Manager, 2.1.4 and below, multiple vulnerabilities

Published: Tuesday, 18 August 2015

Event Manager, 2.1.4 and below, SQLi and Unrestricted File Upload

Fixed in version 2.1.4.2

Notice: http://www.joomlaeventmanager.net/project/changelog-jem-2...

Read more: Event Manager, 2.1.4 and below, multiple vulnerabilities

Memorix component, any version (abandonware), SQL Injection

Published: Sunday, 16 August 2015

Memorix extension [com_memorix], abandonware, SQL Injection

Note: since this extension's website doesn't exist we can classify it as abandonware, until further notice....

Read more: Memorix component, any version (abandonware), SQL Injection

WFLab Joomshopping carousel module,1.1.2 beta and below,SQLi

Published: Sunday, 09 August 2015

Joomshopping module carousel by WFLab.ru [mod_jshopping_products_wfl], 1.1.2 beta and below, SQL Injection

 ...

Read more: WFLab Joomshopping carousel module,1.1.2 beta and below,SQLi

Informations component, any version (abandonware), SQL Injection

Published: Sunday, 16 August 2015

Informations component (com_informations), any version, SQL Injection

Note: since this extension's website doesn't exist we can classify it as abandonware, until further notice....

Read more: Informations component, any version (abandonware), SQL Injection

Araticlhess Module [mod_araticlhess]/[mod_araticlhes], all versions, fake/backdoor

Published: Friday, 31 July 2015

Araticlhess Module [mod_araticlhess]/[mod_araticlhes] is a fake module, which is intended to be injected into a hacked website and remain unrecognized.

Known versions often contain only XML file (not really required) and one or more PHP files which are in fact some backdoor/hacking scripts.

It is unknown if this module ever existed...

Read more: Araticlhess Module [mod_araticlhess]/[mod_araticlhes], all versions, fake/backdoor