Akeeba Backup ist eine Komponente zum sichern einer kompletten Joomla! Installation incl. der Datenbank und der Dateien, die aus der altbekannten und bewährten Komponente Joomlapack hervorgegangen ist. So kann eine komplette Joomla! Webseite auf Mausklick zuverlässig gesichert und wieder hergestellt werden - auf dem gleichen Server oder einem beliebigen anderen, der die Voraussetzungen für den Betrieb von Joomla! erfüllt.
Dropbox ist ein Filehosting-Dienst, der bis zu 2 GB Speicherplatz im Internet kostenlos zur Verfügung stellt. Mit Akeeba Backup Professional können Sie ein Backupprofil einrichten und diesen Speicherplatz automatisch für Backups nutzen. Der von Dropbox zur Verfügung gestellte Desktop-Client ermöglicht zudem eine einfache Verwaltung Ihrer Backup-Dateien.
Dazu zählen z.B. Web Application Firewalls (WAF), die auch kostenlos erhältlich sind und durchaus einen sinnvollen, zusätzlichen Schutz bieten können. Zumindest kann sogenannten 'Script-Kiddies' der Spass deutlich erschwert werden.
Joomla (hervorgegangen aus dem Open Source Projekt Mambo) ist ein freies Content-Management-System (CMS) zur Erstellung von Webseiten und steht unter der GNU General Public License. Es ist in der aktuellen Version 3.6.5 in PHP 5 geschrieben und verwendet MySQL als Datenbank. Zusammen mit WordPress, TYPO3 und Drupal gehört es zu den bekanntesten und meistverwendeten Open-Source-Content-Management-Systemen.
-
K2 Plugin for sh404SEF version 1.6.0 released
Blog - JoomlaWorks Sep 14, 2020 | 17:28 pm
Read more...
The K2 Plugin for sh404SEF version 1.6.0 is now available to download for subscribers. This is a bug fix release that addresses compatibility with K2 v2.10.3+ and improves support for PHP 7.x in general.Here's what's been added or changed in the K2 Plugin[…] -
Social Chat, 1.5 and Below, SQL Injection Iacopo Guarneri
Vulnerable Extensions Sep 13, 2020 | 21:14 pmSocial Chat, 1.5 and Below, 3rd party extension, SQL Injection Iacopo Guarneri
Read more... -
[20200801] - Core - XSS in mod_latestactions
Security Announcements Aug 25, 2020 | 13:00 pmProject: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 3.9.0-3.9.20Exploit type: XSSReported Date: 2020-August-21Fixed Date: 2020-August-25CVE Number: CVE-2020-24599DescriptionLack of escaping in mod_latestactions allows XSS attacks.Affected InstallsJoomla! CMS versions 3.9.0 - 3.9.20SolutionUpgrade to version 3.9.21ContactThe JSST at the Joomla! Security Centre.Reported By: Peter Martin
Read more... -
[20200803] - Core - Directory traversal in com_media
Security Announcements Aug 25, 2020 | 13:00 pmProject: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 2.5.0-3.9.20Exploit type: Directory TraversalReported Date: 2020-February-02Fixed Date: 2020-August-25CVE Number: CVE-2020-24597DescriptionLack of input validation allows com_media root paths outside of the webroot.Affected InstallsJoomla! CMS versions 2.5.0 - 3.9.20SolutionUpgrade to version 3.9.21ContactThe JSST at the Joomla! Security Centre.Reported By: Hoang[…]
Read more... -
[20200802] - Core - Open redirect in com_content vote feature
Security Announcements Aug 25, 2020 | 13:00 pmProject: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.0.0-3.9.20Exploit type: Open RedirectReported Date: 2020-July-05Fixed Date: 2020-August-25CVE Number: CVE-2020-24598DescriptionLack of input validation in com_content leads to an open redirect.Affected InstallsJoomla! CMS versions 3.0.0 - 3.9.20SolutionUpgrade to version 3.9.21ContactThe JSST at the Joomla! Security Centre.Reported By: Ahmad Kamaran Jamil
Read more... -
[20200701] - Core - CSRF in com_installer ajax_install endpoint
Security Announcements Jul 14, 2020 | 13:00 pmProject: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.7.0-3.9.19Exploit type: CSRFReported Date: 2020-May-07Fixed Date: 2020-July-14CVE Number: CVE-2020-XXXXXDescriptionA missing token check in the ajax_install endpoint com_installer causes a CSRF vulnerability.Affected InstallsJoomla! CMS versions 3.7.0 - 3.9.19SolutionUpgrade to version 3.9.20ContactThe JSST at the Joomla! Security Centre.Reported[…]
Read more... -
[20200702] - Core - Missing checks can lead to a broken usergroups table record
Security Announcements Jul 14, 2020 | 13:00 pmProject: Joomla!SubProject: CMSImpact: ModerateSeverity: LowVersions: 2.5.0-3.9.19Exploit type: Incorrect Access ControlReported Date: 2020-April-04Fixed Date: 2020-July-14CVE Number: CVE-2020-15699DescriptionMissing validation checks at the usergroups table object can result into an broken site configuration.Affected InstallsJoomla! CMS versions 2.5.0 - 3.9.19SolutionUpgrade to version 3.9.20ContactThe JSST at[…]
Read more... -
[20200703] - Core - CSRF in com_privacy remove-request feature
Security Announcements Jul 14, 2020 | 13:00 pmProject: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.9.0-3.9.19Exploit type: CSRFReported Date: 2020-May-07Fixed Date: 2020-July-14CVE Number: CVE-2020-15695DescriptionA missing token check in the remove request section of com_privacy causes a CSRF vulnerability.Affected InstallsJoomla! CMS versions 3.9.0 - 3.9.19SolutionUpgrade to version 3.9.20ContactThe JSST at the Joomla! Security Centre.Reported[…]
Read more... -
[20200704] - Core - Variable tampering via user table class
Security Announcements Jul 14, 2020 | 13:00 pmProject: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.0.0-3.9.19Exploit type: Incorrect Access ControlReported Date: 2020-Jun-02Fixed Date: 2020-July-14CVE Number: CVE-2020-15697DescriptionInternal read-only fields in the User table class could be modified by users.Affected InstallsJoomla! CMS versions 3.9.0 - 3.9.19SolutionUpgrade to version 3.9.20ContactThe JSST at the Joomla! Security[…]
Read more... -
[20200705] - Core - Escape mod_random_image link
Security Announcements Jul 14, 2020 | 13:00 pmProject: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.0.0-3.9.19Exploit type: XSSReported Date: 2020-Jun-08Fixed Date: 2020-July-14CVE Number: CVE-2020-15696DescriptionLack of input filtering and escaping allows XSS attacks in mod_random_imageAffected InstallsJoomla! CMS versions 3.0.0 - 3.9.19SolutionUpgrade to version 3.9.20ContactThe JSST at the Joomla! Security Centre.Reported By: Phil Taylor
Read more... -
[20200706] - Core - System Information screen could expose redis or proxy credentials
Security Announcements Jul 14, 2020 | 13:00 pmProject: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.0.0-3.9.19Exploit type: Information DisclosureReported Date: 2020-Jun-17Fixed Date: 2020-July-14CVE Number: CVE-2020-15698DescriptionInadequate filtering in the system information screen could expose redis or proxy credentialsAffected InstallsJoomla! CMS versions 3.0.0 - 3.9.19SolutionUpgrade to version 3.9.20ContactThe JSST at the Joomla! Security Centre.Reported[…]
Read more... -
Simple Image Gallery Pro v3.8.0 released
Blog - JoomlaWorks Jun 10, 2020 | 15:51 pm
Read more...
Simple Image Gallery Pro v3.8.0 is now available to download for subscribers. This new release improves upon existing features, extends Flickr support to galleries (beyond albums/sets) and adds PHP 7.4 & Postgres compatibility.Here's what's been added or changed in Simple Image[…] -
[20200605] - Core - CSRF in com_postinstall
Security Announcements Jun 2, 2020 | 13:00 pmProject: Joomla!SubProject: CMSImpact: LowSeverity: LowVersions: 3.7.0-3.9.18Exploit type: CSRFReported Date: 2020-May-08Fixed Date: 2020-June-02CVE Number: CVE-2020-13760DescriptionMissing token checks in com_postinstall cause CSRF vulnerabilities.Affected InstallsJoomla! CMS versions 3.7.0 - 3.9.18SolutionUpgrade to version 3.9.19ContactThe JSST at the Joomla! Security Centre.Reported By: Bui Duc Anh[…]
Read more... -
AllVideos 6.1.0 now available - adds Mixcloud support
Blog - JoomlaWorks May 22, 2020 | 14:13 pm
Read more...
Version 6.1.0 of AllVideos is now available. This new release introduces support for Mixcloud embeds and improves support for PHP 7.4.Here's what's been added or changed in this new release of AllVideos:Added support for Mixcloud embeds. Just use the pattern[…] -
K2 v2.10.3 now available
blog Apr 29, 2020 | 20:21 pm
Read more...
K2 v2.10.3 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance & bugfix release, which refines the backend user interface (building upon the changes that were introduced with v2.10.0 to v2.10.2), improves client-size (frontend) caching & resolves broken auto-generated feeds[…] -
hwdplayer,4.2,SQL Injection
Vulnerable Extensions Apr 9, 2020 | 21:37 pmhwdplayer,4.2,SQL InjectionPossible abandonware also
Read more... -
Getting Snowflake (the open source graphical SSH/SFTP client) to run on macOS
Blog - JoomlaWorks Feb 12, 2020 | 09:58 am
Read more...
I don't usually write similar blog posts, but I've been really enjoying Snowflake recently. What's Snowflake you ask? Well, it's a new open source graphical SSH/SFTP client which makes working with remote servers a breeze. It works like Panic's Coda when[…] -
Simple Image Gallery (free) v4.1.0 released
Blog - JoomlaWorks Jan 28, 2020 | 18:30 pm
Read more...
Simple Image Gallery (free) version 4.1.0 is now available to download. This is a maintenance release.Here's what's been added or changed in Simple Image Gallery (free) with the release of v4.1.0:Allow the plugin to accept WEBP images as source images[…] -
AllVideos v6.0.0 released - now Joomla 4 compatible!
Blog - JoomlaWorks Jan 17, 2020 | 17:26 pm
Read more...
Version 6.0.0 of AllVideos is now available. This is a feature release, which also introduces full support with the upcoming Joomla version 4 release.Here's what's been added or changed in this new release of AllVideos:Fully compatible with the upcoming Joomla[…] -
Simple Image Gallery (free) v4.0.0 released - now Joomla 4 compatible!
Blog - JoomlaWorks Jan 11, 2020 | 18:13 pm
Read more...
Simple Image Gallery (free) version 4.0.0 is now available to download. This marks our first extension update that supports the upcoming Joomla version 4 (currently in "beta").Here's what's been added or changed in Simple Image Gallery (free) with the release[…] -
RadioWave v1.2.0 released
Blog - JoomlaWorks Jan 8, 2020 | 19:37 pm
Read more...
RadioWave v1.2.0 has just been released. This is a bugfix and feature-improvement release.Here's what's been added or changed in RadioWave with the release of v1.2.0:Fixed time parsing for the OnAir template override (K2 Content module) which caused the module's output[…] -
SocialConnect v1.10.0 released
Blog - JoomlaWorks Jan 7, 2020 | 16:12 pm
Read more...
SocialConnect v1.10.0 is now available to download for subscribers. This new release improves compatibility with recent API changes in Facebook and LinkedIn.Here's what's been added or changed in SocialConnect with the release of v1.10.0:Facebook authorization in SocialConnect's settings will now[…] -
AllVideos v5.2.0 released
Blog - JoomlaWorks Dec 20, 2019 | 18:43 pm
Read more...
Version 5.2.0 of AllVideos is now available. This is a bugfix release and it also improves compatibility with PHP 7.4.Here's what's been added or changed in this new release of AllVideos:Improves PHP 7.4 compatibility.Fixes the "loop" control for HTML5 media[…] -
K2 v2.10.2 released - now with a 100% mobile-friendly backend user interface!
blog Dec 11, 2019 | 22:02 pm
Read more...
K2 v2.10.2 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance & security release: it concludes the backend user interface changes that were introduced with v2.10.0 and is now 100% mobile-friendly and it also addresses[…] -
Retiring the K2 templates section
blog Dec 8, 2019 | 16:05 pm
Read more...
As we're preparing to launch a new website for getk2.org, we have decided to make an important change in the K2 Extensions Directory (KED).We stopped accepting new entries for templates in the KED about 2 weeks ago and this week[…] -
K2 v2.10.1 released
blog Nov 26, 2019 | 18:17 pm
Read more...
K2 v2.10.1 is now available to download for Joomla versions 1.5 to 3.x. This is a maintenance release that addresses a few bugs that were introduced with v2.10.0 released a couple weeks ago and we urge everyone using v2.10.0 to[…] -
K2 v2.10.0 released
blog Nov 15, 2019 | 01:04 am
Read more...
K2 v2.10.0 is now available to download for Joomla versions 1.5 to 3.x. This release introduces a refreshed backend design as well as feature improvements or additions (like Google Structured Data) and as always, performance improvements everywhere.To install K2 for[…] -
K2 v2.9.0 released
blog Sep 21, 2018 | 16:14 pm
Read more...
K2 v2.9.0 is now available to download for Joomla 1.5 to 3.x. In short, this release improves compatibility with the latest releases of Joomla 3.8.x & improves frontend performance overall.To install K2 for the first time or update your existing[…] -
Rapicode, Multiple Extensions, Back Door
Vulnerable Extensions Mar 30, 2018 | 13:30 pmRapicode, nultiple extensions, current versions, back doorExtensions affected are:-Rapi Content TickerRapi Content CarouselRapi Cookie ConsentRapi CountdownRapi PreloaderRapi Loading Progress BarRapi Page AnimateAt the moment the back door seems to be loading mining code, it can be used to load arbitrary[…]
Read more... -
Google Map Landkarten,4.2.3,SQL Injection
Vulnerable Extensions Mar 15, 2018 | 17:48 pmGoogle Map Landkarten from joomla-24.de, versions 4.2.3 and previous, SQL Injection
Read more... -
Fastball, SQL Injection
Vulnerable Extensions Mar 8, 2018 | 11:25 amFastball by Fastball Productions, versions yet to be determined but probably all, SQL Injection
Read more... -
File Download Tracker,3.0,SQL Injection
Vulnerable Extensions Mar 7, 2018 | 23:41 pmFile Download Tracker by techsolsystem.com, 3.0, SQL Injection
Read more... -
SquadManagement,1.0.3,SQL Injection
Vulnerable Extensions Mar 7, 2018 | 11:04 amSquadManagement by Lars Hildebrandt, versions 1.0.3 and previous, SQL Injection
Read more... -
JMS Music,1.1.1,SQL Injection
Vulnerable Extensions Mar 5, 2018 | 10:08 amJMS Music by Joomasters, versions 1.1.1 and previous, SQL Injection
Read more... -
JS Autoz ,1.0.9,SQL Injection
Vulnerable Extensions Mar 3, 2018 | 13:14 pmJS Autoz by Joomsky.com, 1.0.9 and previous, SQL Injection
Read more... -
Realpin,1.5.04,SQL Injection
Vulnerable Extensions Mar 1, 2018 | 12:07 pmRealpin by Marcel Törpe, versions 1.5.04 and previous, SQL Injection
Read more... -
K2 v2.8.0 released
blog Aug 18, 2017 | 12:59 pm
Read more...
K2 v2.8.0 is now available to download for Joomla 1.5 to 3.x. This release improves the content management workflow and UI, is fully compatible with PHP 7.x and the latest Joomla 3.7.x, while at the same time addressing various issues from[…] -
K2 v2.7.1 released
blog Aug 4, 2016 | 01:12 am
Read more...
K2 v2.7.1 is now available to download for Joomla 1.5 to 3.x. This is a minor release addressing various issues from performance to UI, to bug fixes and security.To install K2 for the first time or update your existing K2[…] -
K2 Plugin for sh404SEF
Updated Extensions - JoomlaWorks Mar 29, 2016 | 13:34 pm
Read more...
A plugin for supporting K2 in sh404SEF.Use the plugin to configure K2 URLs when using sh404SEF in a multitude of options.Unlike the previous built-in implementation for sh404SEF, this new plugin provides new URL manipulation options and it has dual compatibility[…] -
K2 v2.7.0 released
blog Mar 18, 2016 | 05:26 am
Read more...
Start your update engines! K2 v2.7.0 is now available to download for Joomla 1.5 to 3.x. With a new improved user interface for the component in the Joomla backend, updated and now responsive-friendly default HTML overrides, Joomla 3.5 support, PHP[…] -
K2 Next to be presented in JoomlaDay Brasil 2015
blog Aug 31, 2015 | 16:14 pm
Read more...
(originally posted in the JoomlaWorks blog) It's been a while, I know. You see, Joomla is not the only organization undergoing changes. So are we :)We are happy to announce that K2 Next will be officially presented in the upcoming JoomlaDay[…] -
SocialConnect
Updated Extensions - JoomlaWorks Jan 23, 2013 | 14:06 pm
Read more...
SocialConnect is the only Joomla extension that allows you to integrate your Joomla site with social networks and identity providers for user authentication, posting content directly to social networks and 3rd-party comment system integration.FeaturesLet your users register to your website[…] -
K2
Updated Extensions - JoomlaWorks Nov 5, 2012 | 22:00 pm
Read more...
K2 is the popular powerful content extension for Joomla with CCK-like features. It provides an out-of-the box integrated solution featuring rich content forms for items (think of Joomla articles with additional fields for article images, videos, image galleries and attachments),[…] -
Disqus Comments (for Joomla)
Updated Extensions - JoomlaWorks Jul 25, 2012 | 21:00 pm
Read more...
Disqus Comments (for Joomla) integrates the Disqus comments system & service into any Joomla based website. Disqus (pronounced 'discuss') is a service and tool for web comments and discussions - currently the most popular comments-as-a-service provider worldwide. It makes commenting[…] -
Simple RSS Feed Reader
Updated Extensions - JoomlaWorks Jul 11, 2012 | 21:00 pm
Read more...
Adding RSS/Atom syndicated content inside your Joomla website is now super-easy and simple with the 'Simple RSS Feed Reader' module from JoomlaWorks. All you have to do is add a few feeds to the module parameters, publish the module in[…] -
Frontpage SlideShow
Updated Extensions - JoomlaWorks Jul 11, 2012 | 21:00 pm
Read more...
Now fully responsive & Joomla 1.5 - 3.x compatible! Frontpage SlideShow is the easiest & most eye-catching way to display your featured articles or products in your Joomla website. It creates an uber cool slideshow with text snippets laying on[…] -
Simple Image Gallery
Updated Extensions - JoomlaWorks Jul 11, 2012 | 21:00 pm
Read more...
Adding image galleries inside your Joomla articles is now super-easy and simple, using the magical "Simple Image Gallery" plugin for Joomla. The plugin can turn any folder of images located inside your Joomla website into a grid-style image gallery with[…] -
AllVideos
Updated Extensions - JoomlaWorks Jul 11, 2012 | 21:00 pm
Read more...
AllVideos (by JoomlaWorks) is the universal media player for Joomla and a classic must-have extension for any Joomla based website.Use the plugin to easily embed video & audio content from all major 3rd party media providers (YouTube, Vimeo, Dailymotion, Twitch,[…] -
Simple Image Gallery Pro
Updated Extensions - JoomlaWorks Jul 11, 2012 | 21:00 pm
Read more...
NEW VERSION 3.8 released in June 2020!Adding image galleries inside your Joomla articles has never been easier! Using the "Simple Image Gallery PRO" extension from JoomlaWorks you can quickly display a folder of images on your server as a stylish[…]
Aufgrund der Popularität und bekannter Sicherheitsprobleme werden Joomla-Installationen immer wieder zur Zielscheibe von Angriffen, insbesondere in Form sogenannter Defacements. Laut einer IBM-Studie aus dem Jahr 2008 ist die Zahl der Sicherheitslücken bei Webapplikationen allerdings generell drastisch angestiegen, so dass prinzipiell alle Systeme von diesem Problem betroffen sind. Insbesondere WordPress ist in dieser Hinsicht mindestens genauso gefährdet.