Akeeba Backup ist eine Komponente zum sichern einer kompletten Joomla! Installation incl. der Datenbank und der Dateien, die aus der altbekannten und bewährten Komponente Joomlapack hervorgegangen ist. So kann eine komplette Joomla! Webseite auf Mausklick zuverlässig gesichert und wieder hergestellt werden - auf dem gleichen Server oder einem beliebigen anderen, der die Voraussetzungen für den Betrieb von Joomla! erfüllt.
Dropbox ist ein Filehosting-Dienst, der bis zu 2 GB Speicherplatz im Internet kostenlos zur Verfügung stellt. Mit Akeeba Backup Professional können Sie ein Backupprofil einrichten und diesen Speicherplatz automatisch für Backups nutzen. Der von Dropbox zur Verfügung gestellte Desktop-Client ermöglicht zudem eine einfache Verwaltung Ihrer Backup-Dateien.
Dazu zählen z.B. Web Application Firewalls (WAF), die auch kostenlos erhältlich sind und durchaus einen sinnvollen, zusätzlichen Schutz bieten können. Zumindest kann sogenannten 'Script-Kiddies' der Spass deutlich erschwert werden.
Joomla (hervorgegangen aus dem Open Source Projekt Mambo) ist ein freies Content-Management-System (CMS) zur Erstellung von Webseiten und steht unter der GNU General Public License. Es ist in der aktuellen Version 3.6.5 in PHP 5 geschrieben und verwendet MySQL als Datenbank. Zusammen mit WordPress, TYPO3 und Drupal gehört es zu den bekanntesten und meistverwendeten Open-Source-Content-Management-Systemen.
-
[20190801] - Core - Hardening com_contact contact form
Security Announcements Aug 13, 2019 | 15:00 pmProject: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 1.6.2 - 3.9.10Exploit type: Incorrect Access ControlReported Date: 2019-April-09Fixed Date: 2019-August-13CVE Number: CVE-2019-15028DescriptionInadequate checks in com_contact could allowed mail submission in disabled forms.Affected InstallsJoomla! CMS versions 1.6.2 - 3.9.10SolutionUpgrade to version 3.9.11ContactThe JSST at the[…]
Read more... -
AllVideos v5.0.0 released - now with web-native media playback
Blog - JoomlaWorks Jul 31, 2019 | 17:25 pm
Read more...
We have just released a major update to AllVideos, version 5.0.0, for Joomla versions 1.5 to 3.x.It introduces web-native media playback with no 3rd party dependencies.Here's what's been added or changed in this new release of AllVideos:AllVideos now supports web-native media only (for[…] -
Kiji & nuModusVersus updated to v1.1.0 - sunsetting NewsWorth, Nokkori, Tamashi & The Conversationalist
Blog - JoomlaWorks Jul 27, 2019 | 10:09 am
Read more...
Both Kiji & nuModusVersus have just been updated to v1.1.0. These are bugfix and feature-improvement releases.Here's what's been added or changed in both Kiji & nuModusVersus with the release of v1.1.0:Lots of K2 related fixes/improvements including: use the new K2 modal introduced in v2.9.0,[…] -
[20190701] - Core - Filter attribute in subform fields allows remote code execution
Security Announcements Jul 9, 2019 | 15:00 pmProject: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 3.9.7 - 3.9.8Exploit type: Remote Code ExecutionReported Date: 2019-June-20Fixed Date: 2019-July-09CVE Number: CVE-2019-14654DescriptionInadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.Affected InstallsJoomla! CMS versions 3.9.7[…]
Read more... -
Simple Image Gallery Pro v3.6.7 released
Blog - JoomlaWorks Jul 8, 2019 | 19:20 pm
Read more...
Simple Image Gallery Pro v3.6.7 is now available to download for subscribers. This is a bugfix release.Here's what's been added or changed in Simple Image Gallery Pro with the release of v3.6.7:Resolve a permissions check in Joomla versions between 3.0.0 and 3.5.0, which[…] -
[20190601] - Core - CSV injection in com_actionlogs
Security Announcements Jun 11, 2019 | 02:00 amProject: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.9.0 through 3.9.6Exploit type: CSV InjectionReported Date: 2019-April-29Fixed Date: 2019-June-11CVE Number: CVE-2019-12765DescriptionThe CSV export of com_actionslogs is vulnerable to CSV injection.Affected InstallsJoomla! CMS versions 3.9.0 through 3.9.6SolutionUpgrade to version 3.9.7ContactThe JSST at the Joomla! Security[…]
Read more... -
[20190602] - Core - XSS in subform field
Security Announcements Jun 11, 2019 | 02:00 amProject: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 3.6.0 through 3.9.6Exploit type: XSSReported Date: 2019-January-01Fixed Date: 2019-June-11CVE Number: CVE-2019-12766DescriptionThe subform fieldtype does not sufficiently filter or validate input of subfields, this leads to XSS attack vectors.Affected InstallsJoomla! CMS versions 3.6.0 through 3.9.6SolutionUpgrade to[…]
Read more... -
[20190603] - Core - ACL hardening of com_joomlaupdate
Security Announcements Jun 11, 2019 | 02:00 amProject: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.8.13 through 3.9.6Exploit type: Incorrect Access ControlReported Date: 2019-April-10Fixed Date: 2019-June-11CVE Number: CVE-2019-12764DescriptionThe update server URL of com_joomlaupdate can be manipulated by non Super-Admin users.Affected InstallsJoomla! CMS versions 3.8.13 through 3.9.6SolutionUpgrade to version 3.9.7ContactThe JSST[…]
Read more... -
[20190502] - Core - By-passing protection of Phar Stream Wrapper Interceptor
Security Announcements May 8, 2019 | 02:00 amProject: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.9.3 through 3.9.5Exploit type: Object InjectionReported Date: 2019-March-27Fixed Date: 2019-May-07DescriptionIn Joomla 3.9.3, the vulnerability of insecure deserialization when executing Phar archives was addressed by removing the known attack vector in the Joomla core. In order[…]
Read more... -
[20190501] - Core - XSS in com_users ACL debug views
Security Announcements May 7, 2019 | 17:00 pmProject: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 1.7.0 through 3.9.5Exploit type: XSSReported Date: 2019-April-29Fixed Date: 2019-May-07CVE Number: CVE-2019-11809DescriptionThe debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector.Affected InstallsJoomla! CMS versions 1.7.0 through[…]
Read more... -
Simple Image Gallery Pro v3.6.6 released
Blog - JoomlaWorks Apr 17, 2019 | 20:27 pm
Read more...
Simple Image Gallery Pro v3.6.6 has just been released. This is a maintenance release.Here's what's been added or changed in Simple Image Gallery Pro with the release of v3.6.6:Fixed modal URL in frontend editing that affected Joomla 3.x users under certain SEF/path setups.Updated frontend[…] -
[20190401] - Core - Directory Traversal in com_media
Security Announcements Apr 9, 2019 | 17:00 pmProject: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 1.5.0 through 3.9.4Exploit type: Directory TraversalReported Date: 2019-March-13Fixed Date: 2019-April-08CVE Number: CVE-2019-10945DescriptionThe Media Manager component does not properly sanitise the folder parameter, allowing attackers to act outside the media manager root directory.Affected InstallsJoomla! CMS versions 1.5.0[…]
Read more... -
[20190402] - Core - Helpsites refresh endpoint callable for unauthenticated users
Security Announcements Apr 9, 2019 | 17:00 pmProject: Joomla!SubProject: CMSImpact: LowSeverity: HighVersions: 3.2.0 through 3.9.4Exploit type: ACL ViolationReported Date: 2019-March-13Fixed Date: 2019-April-08CVE Number: CVE-2019-10946DescriptionThe "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users.Affected InstallsJoomla! CMS versions 3.2.0 through 3.9.4SolutionUpgrade to version[…]
Read more... -
[20190403] - Core - Object.prototype pollution in JQuery $.extend
Security Announcements Apr 9, 2019 | 17:00 pmProject: Joomla!SubProject: CMSImpact: LowSeverity: ModerateVersions: 3.0.0 through 3.9.4Exploit type: XSSReported Date: 2019-March-25Fixed Date: 2019-April-09CVE Number: CVE-2019-11358DescriptionThe $.extend method of JQuery is vulnerable to Object.prototype pollution attacks.Affected InstallsJoomla! CMS versions 3.0.0 through 3.9.4SolutionUpgrade to version 3.9.5ContactThe JSST at the Joomla! Security[…]
Read more... -
SocialConnect v1.9.0 released
Blog - JoomlaWorks Apr 8, 2019 | 18:29 pm
Read more...
SocialConnect v1.9.0 has just been released. It mainly improves compatibility with Twitter and LinkedIn API updates (either already in force or soon to be enforced).Here's what's been added or changed in SocialConnect with the release of v1.9.0:Updated for recent Twitter API changes that[…] -
RadioWave v1.1.0 released
Blog - JoomlaWorks Apr 3, 2019 | 19:12 pm
Read more...
RadioWave v1.1.0 has just been released. This is a bugfix and feature-improvement release.Here's what's been added or changed in RadioWave with the release of v1.1.0:Lots of K2 related fixes/improvements: use the new K2 modal introduced in v2.9.0, remove Google+ sharing[…] -
Simple Image Gallery Pro v3.6.5 released
Blog - JoomlaWorks Feb 25, 2019 | 13:39 pm
Read more...
Simple Image Gallery Pro v3.6.5 has just been released. This is a feature-improvement release.Here's what's been added or changed in Simple Image Gallery Pro with the release of v3.6.5:Added a new "File size limit per uploaded image" option in the component's[…] -
New milestone for K2 translations & an important message to the translation teams!
Blog - JoomlaWorks Feb 15, 2019 | 18:38 pm
Read more...
Wow! K2 translations have reached a new milestone! There are now 89 active language teams (out of 114 in total) with 849 active translators (out of 964 registered). As we are nearing the launch of K2 v2.10, translation teams have[…] -
Simple Image Gallery Pro v3.6.4 released
Blog - JoomlaWorks Feb 8, 2019 | 17:13 pm
Read more...
Simple Image Gallery Pro v3.6.4 has just been released. This is both a bugfix and feature-improvement release.Here's what's been added or changed in Simple Image Gallery Pro with the release of v3.6.4:New galleries added directly via the gallery form will not[…] -
Simple RSS Feed Reader v3.7.0 released
Blog - JoomlaWorks Feb 2, 2019 | 18:15 pm
Read more...
Today we're releasing v3.7.0 of Simple RSS Feed Reader, one of the most popular feed reader modules in the Joomla community.Here's what's added or changed in Simple RSS Feed Reader with the release of v3.7.0:Better filtering for imported linksUpdate JoomlaWorks[…] -
K2 v2.9.0 released
blog Sep 21, 2018 | 18:14 pm
Read more...
K2 v2.9.0 is now available to download for Joomla 1.5 to 3.x. In short, this release improves compatibility with the latest releases of Joomla 3.8.x & improves frontend performance overall.To install K2 for the first time or update your existing[…] -
Rapicode, Multiple Extensions, Back Door
Live VEL Mar 30, 2018 | 20:30 pmRapicode, nultiple extensions, current versions, back doorExtensions affected are:-Rapi Content TickerRapi Content CarouselRapi Cookie ConsentRapi CountdownRapi PreloaderRapi Loading Progress BarRapi Page AnimateAt the moment the back door seems to be loading mining code, it can be used to load arbitrary[…]
Read more... -
Google Map Landkarten,4.2.3,SQL Injection
Live VEL Mar 15, 2018 | 23:48 pmGoogle Map Landkarten from joomla-24.de, versions 4.2.3 and previous, SQL Injection
Read more... -
Fastball, SQL Injection
Live VEL Mar 8, 2018 | 18:25 pmFastball by Fastball Productions, versions yet to be determined but probably all, SQL Injection
Read more... -
File Download Tracker,3.0,SQL Injection
Live VEL Mar 8, 2018 | 06:41 amFile Download Tracker by techsolsystem.com, 3.0, SQL Injection
Read more... -
Simple Calendar,3.1.9,SQL Injection
Live VEL Mar 7, 2018 | 18:26 pmSimple Calendar by Fabrizio Albonico, versions 3.1.9 and previous, SQL Injection
Read more... -
SquadManagement,1.0.3,SQL Injection
Live VEL Mar 7, 2018 | 18:04 pmSquadManagement by Lars Hildebrandt, versions 1.0.3 and previous, SQL Injection
Read more... -
JMS Music,1.1.1,SQL Injection
Live VEL Mar 5, 2018 | 17:08 pmJMS Music by Joomasters, versions 1.1.1 and previous, SQL Injection
Read more... -
JS Autoz ,1.0.9,SQL Injection
Live VEL Mar 3, 2018 | 20:14 pmJS Autoz by Joomsky.com, 1.0.9 and previous, SQL Injection
Read more... -
Realpin,1.5.04,SQL Injection
Live VEL Mar 1, 2018 | 19:07 pmRealpin by Marcel Törpe, versions 1.5.04 and previous, SQL Injection
Read more... -
Joomla! Pinterest Clone Social Pinboard,2.0,SQL Injection
Live VEL Feb 28, 2018 | 19:37 pmJoomla! Pinterest Clone Social Pinboard from apptha.com, 2.0, multiple SQL Injection vulnerabilities
Read more... -
K2 v2.8.0 released
blog Aug 18, 2017 | 14:59 pm
Read more...
K2 v2.8.0 is now available to download for Joomla 1.5 to 3.x. This release improves the content management workflow and UI, is fully compatible with PHP 7.x and the latest Joomla 3.7.x, while at the same time addressing various issues from[…] -
K2 v2.7.1 released
blog Aug 4, 2016 | 03:12 am
Read more...
K2 v2.7.1 is now available to download for Joomla 1.5 to 3.x. This is a minor release addressing various issues from performance to UI, to bug fixes and security.To install K2 for the first time or update your existing K2[…] -
K2 Plugin for sh404SEF
Updated Extensions - JoomlaWorks Mar 29, 2016 | 15:34 pm
Read more...
A plugin for supporting K2 in sh404SEF.Use the plugin to configure K2 URLs when using sh404SEF in a multitude of options.Unlike the previous built-in implementation for sh404SEF, this new plugin provides new URL manipulation options and it has dual compatibility[…] -
K2 v2.7.0 released
blog Mar 18, 2016 | 06:26 am
Read more...
Start your update engines! K2 v2.7.0 is now available to download for Joomla 1.5 to 3.x. With a new improved user interface for the component in the Joomla backend, updated and now responsive-friendly default HTML overrides, Joomla 3.5 support, PHP[…] -
K2 v3 to be presented in JoomlaDay Brasil 2015
blog Aug 31, 2015 | 18:14 pm
Read more...
(originally posted in the JoomlaWorks blog) It's been a while, I know. You see, Joomla is not the only organization undergoing changes. So are we :)Part of this change is the introduction of new awesome products for Joomla including new templates,[…] -
Video course on K2 for Joomla 3
blog Mar 10, 2015 | 18:59 pm
Read more...
Hi everyone. I'm Antonio Mercurio from Italy. I'm passioned about opensource software such as Joomla, Drupal, Wordpress and many others. I made a video course on K2 for Joomla 3 in Italian on the Udemy platform. The video course is[…] -
Videocorso sul componente K2 versione 2.6.9 per Joomla 3
blog Mar 10, 2015 | 18:50 pm
Read more...
Ciao a tutti. Sono Antonio Mercurio dall'Italia. Per passione mi occupo di realizzare guide in formato e-book disponibili su Amazon e Google Play Store e di videoguide su youtube. Volevo informare la comunità di K2 che ho realizzato un videocorso[…] -
K2 v2.6.9 released
blog Dec 8, 2014 | 22:36 pm
Read more...
K2 version 2.6.9 is now available to download. This is a quick maintenance release which addresses the item time problem introduced from changes in the Joomla API in the latest Joomla 3.3.x releases. The creation/modified time in K2 items would[…] -
Update of the K2 Import / Export tool
blog Sep 14, 2014 | 21:39 pm
Read more...
The tool to export data from K2 to a CSV file and to import data from a CSV file to K2 just got updated. 2.1 for Joomla 3.x changes: small bugfixesbetter date checksimport/export Hints + Item Parameters 1.3 for Joomla[…] -
First beta of K2 version 3 is here
blog Jul 22, 2014 | 00:51 am
Read more...
Wow! What a ride!The first public beta release of K2 version 3 is finally here!It's been more than a year's work so far designing the application and actually building it, and now we're just a few months away from the[…] -
SocialConnect
Updated Extensions - JoomlaWorks Jan 23, 2013 | 15:06 pm
Read more...
SocialConnect allows your visitors to easily connect to your Joomla site using their favorite social network. But it's not just that - it brings a whole new meaning to the word "community" for Joomla and it's a perfect companion to[…] -
K2
Updated Extensions - JoomlaWorks Nov 5, 2012 | 23:00 pm
Read more...
K2 is the popular powerful content extension for Joomla with CCK-like features. It provides an out-of-the box integrated solution featuring rich content forms for items (think of Joomla articles with additional fields for article images, videos, image galleries and attachments),[…] -
Disqus Comments (for Joomla)
Updated Extensions - JoomlaWorks Jul 25, 2012 | 23:00 pm
Read more...
Disqus Comments (for Joomla) integrates the Disqus comments system & service into any Joomla based website. Disqus (pronounced 'discuss') is a service and tool for web comments and discussions - currently the most popular comments-as-a-service provider worldwide. It makes commenting[…] -
Simple Image Gallery
Updated Extensions - JoomlaWorks Jul 11, 2012 | 23:00 pm
Read more...
Adding image galleries inside your Joomla articles is now super-easy and simple, using the magical "Simple Image Gallery" plugin for Joomla. The plugin can turn any folder of images located inside your Joomla website into a grid-style image gallery with[…] -
Simple RSS Feed Reader
Updated Extensions - JoomlaWorks Jul 11, 2012 | 23:00 pm
Read more...
Adding RSS/Atom syndicated content inside your Joomla website is now super-easy and simple with the 'Simple RSS Feed Reader' module from JoomlaWorks. All you have to do is add a few feeds to the module parameters, publish the module in[…] -
Frontpage SlideShow
Updated Extensions - JoomlaWorks Jul 11, 2012 | 23:00 pm
Read more...
NEW VERSION 3.12 released in Oct 2018! Now fully responsive & Joomla 1.5 - 3.x compatible! Frontpage SlideShow is the easiest & most eye-catching way to display your featured articles or products in your Joomla website. It creates an uber[…] -
Simple Image Gallery Pro
Updated Extensions - JoomlaWorks Jul 11, 2012 | 23:00 pm
Read more...
NEW VERSION 3.6.7 released in July 2019!Adding image galleries inside your Joomla articles has never been easier! Using the "Simple Image Gallery PRO" extension from JoomlaWorks you can quickly display a folder of images on your server as a stylish[…] -
AllVideos
Updated Extensions - JoomlaWorks Jul 11, 2012 | 23:00 pm
Read more...
AllVideos (by JoomlaWorks) is truly THE all-in-one media management solution for Joomla and a classic must-have extension for any Joomla based website.Use the plugin to easily embed video & audio content from all major 3rd party media providers (YouTube, Vimeo,[…]
Aufgrund der Popularität und bekannter Sicherheitsprobleme werden Joomla-Installationen immer wieder zur Zielscheibe von Angriffen, insbesondere in Form sogenannter Defacements. Laut einer IBM-Studie aus dem Jahr 2008 ist die Zahl der Sicherheitslücken bei Webapplikationen allerdings generell drastisch angestiegen, so dass prinzipiell alle Systeme von diesem Problem betroffen sind. Insbesondere WordPress ist in dieser Hinsicht mindestens genauso gefährdet.