Moset's Tree <= 2.1.6 for Joomla! does not use anti-CSRF tokens in its admin forms.

JMyLife 1.0.15 has been released. There are no new features in this release, only bug fixes.

To download an update, click on Account Maintenance in the login module and view your order - the latest release is linked at the bottom. JMyLife is set up as a complete upgrade package - no need to uninstall previous versions first!

JMyLife 1.0.14 is now available.

1.0.14 contains a security upgrade

The guys over at YGN posted a video today of a 0-day Joomla! 1.5.20 XSS flaw. I've taken a look and have a quick fix that should prevent exploitation.

After a pretty long delay, JMyLife 1.0.13 is finally available! This new release brings with it support for XMap, the popular Joomla! sitemap extension, as well as a new way for your users to share - story attachments!

Today, I threw together a site and released a new project into the wild: Biziant Sentry.

Biziant Sentry is currently in alpha and is not recommended for use on production sites! I've released this in the hopes that the community will come together and help make this project the best that it can be!

SOBI2's admin panel doesn't explicitly check for _POST requests, nor does it have a nonce.

There is a file upload vulnerability in version 1.8.8 and earlier of JomSocial, the popular community extension for Joomla!.

I know it shouldn't bother me, but I've got to ask - what's so hard about my last name?

My 4 year old drew the face, and I cut it out... here comes Hallowe'en!