June 08, 2007
It has been discovered that the extensions macina_banners and its descendant ric_rotation are exposed to an SQL injection issue because they fail to properly sanitize user-supplied input.
DetailsFebruary 21, 2007
A problem has been discovered where the internal form engine can be used for sending arbitrary mail headers, using it for purposes which it is not meant for.
DetailsJanuary 29, 2007
It has been discovered that the extension mm_forum is vulnerable to multiple SQL Injection attacks and multiple XSS flaws alongside other vulnerabilities.
DetailsJanuary 24, 2007
A header injection problem has been found in the extension tipafriend
DetailsDecember 20, 2006
A critical problem has been discovered in plugin class.tx_rtehtmlarea_pi1.php that is used for spell-checking in the rtehtmlarea extension.
DetailsDecember 05, 2006
A problem has been discovered with thumbs.php providing access to unwanted files
DetailsOctober 10, 2006
A problem has been discovered with fe_adminLib.inc bein vulnerable for Cross-Site Scripting (XSS)
DetailsSeptember 11, 2006
A problem has been discovered with indexed search being vulnerable to Cross-Site-Scripting (XSS)
DetailsSeptember 02, 2006
A problem has been discovered with tip-a-friend being vulnerable to Cross-Site-Scripting (XSS)
DetailsMay 12, 2006
Two problems (path traversal and SQL injection) have been discovered in the extension dam_downloads
Details
