Mosets Tree 2.1.6 Template Overwrite CSRF

Posted in Joomla!
2010-11-18 18:06:25 +0000 UTC

Moset's Tree <= 2.1.6 for Joomla! does not use anti-CSRF tokens in its admin forms.

JMyLife 1.0.15 Released

Posted in JMyLife
2010-10-31 08:18:25 +0000 UTC

JMyLife 1.0.15 has been released. There are no new features in this release, only bug fixes.

To download an update, click on Account Maintenance in the login module and view your order - the latest release is linked at the bottom. JMyLife is set up as a complete upgrade package - no need to uninstall previous versions first!

JMyLife 1.0.14 Released

Posted in JMyLife
2010-10-29 07:42:53 +0000 UTC

JMyLife 1.0.14 is now available.

1.0.14 contains a security upgrade

Temporary Joomla 1.5.20 XSS Hotfix

Posted in Joomla!
2010-10-07 21:47:22 +0000 UTC

The guys over at YGN posted a video today of a 0-day Joomla! 1.5.20 XSS flaw. I've taken a look and have a quick fix that should prevent exploitation.

JMyLife 1.0.13 Released

Posted in JMyLife
2010-10-07 10:21:32 +0000 UTC

After a pretty long delay, JMyLife 1.0.13 is finally available! This new release brings with it support for XMap, the popular Joomla! sitemap extension, as well as a new way for your users to share - story attachments!

Biziant Sentry Alpha Release

Posted in Joomla!
2010-10-05 00:52:58 +0000 UTC

Today, I threw together a site and released a new project into the wild: Biziant Sentry.

Biziant Sentry is currently in alpha and is not recommended for use on production sites! I've released this in the hopes that the community will come together and help make this project the best that it can be!

SOBI2 Code Injection CSRF Exploit

Posted in Joomla!
2010-10-04 05:00:00 +0000 UTC

SOBI2's admin panel doesn't explicitly check for _POST requests, nor does it have a nonce.

JomSocial 1.8.8 Shell Upload Vulnerability

Posted in Joomla!
2010-09-30 22:05:36 +0000 UTC

There is a file upload vulnerability in version 1.8.8 and earlier of JomSocial, the popular community extension for Joomla!.

What's In A Name?

Posted in Other
2010-09-23 23:01:30 +0000 UTC

I know it shouldn't bother me, but I've got to ask - what's so hard about my last name?

Ęthan's Jack-O-Lantern

Posted in Other
2010-09-18 02:28:59 +0000 UTC

My 4 year old drew the face, and I cut it out... here comes Hallowe'en!