PaymentsPlus
http://paymentsplus.com.au/ 2.1.5 Blind SQL Injection Vulnerability 090710 current version 2.20, 2.1.5 not listed on dev...
Music Manager
LFI http://danieljamesscott.org/software/4-joomla-extensions/4-music-manager.html
IXXO Cart
http://www.php-shop-system.com/ SQLi LFI XSS Vulnerability
Minify4Joomla
http://waltercedric.com/ LFI and xss 090710 No longer available to download
quickfaq
http://www.schlu.net sqli 090710
EasyBlog
http://stackideas.com/products/easyblog.html xss (new report) july 10,2010 developer reported fix available on site
staticxt
http://extensions.joomla.org/extensions/edition/custom-code-in-content/2184 no version number provided
Health & Fitness Stats
http://joomla-extensions.instantiate.co.uk/jcomponents/healthstats Persistent XSS Vulnerability july 10,2010
Rapid Recipe
http://www.rapid-source.com Persistent XSS Vulnerability last known fix version 1.7.2 july 10,2010
mysms
http://www.willcodejoomlaforfood.de/ Upload Vulnerability july 10,2010 290710 released the version 1.5.12.