Jeffchannell - jeffchannell.com - Jeff Channell
General Information:
Latest News:
Joomla! 1.6/1.7/2.5 Privilege Escalation Vulnerability 16 Mar 2012 | 07:47 am
Joomla! 1.6.x/1.7.x/2.5.0-2.5.2 suffers from a privilege escalation vulnerability that allows users to be registered into any group not having 'core.admin' privileges. Read more...
Joomla! Remember Me Cookie Encryption Issues 29 Sep 2011 | 04:11 pm
There is a serious problem with the way Joomla! handles the "remember me" login cookie. It is possible to decrypt the contents of this cookie and alter the serialized data inside, which could possibly...
Joomla! TinyMCE DOS 6 Apr 2011 | 03:23 am
Back in February, I reported an issue with TinyMCE to the Joomla! Security Strike Team. Since then, they "fixed" it in 1.6.1, but failed to do so for 1.5.23. Joomla! 1.5.x ships with a script that is ...
Joomla! 1.6.0 Multiple Minor Vulnerabilities 9 Mar 2011 | 04:47 am
Now that 1.6.1 is officially released, I figured I'd go ahead and publish a few of the "sensitive" bugs I found in 1.6.0. Read more...
Joomla! JFilterInput XSS Bypass 2 Feb 2011 | 03:21 am
Joomla! 1.5 and 1.6 rely on the JFilterInput class to sanitize user-supplied html. This class attempts to parse any given string for html code, checks the code against a whitelist of elements and attr...
JMyLife 1.0.16 Released 3 Dec 2010 | 08:24 am
I'm happy to announce the availability of JMyLife 1.0.16. This release brings the ability to filter by date ranges and a new Frontend Edit mode.
Mosets Tree 2.1.6 Template Overwrite CSRF 19 Nov 2010 | 07:06 am
Moset's Tree <= 2.1.6 for Joomla! does not use anti-CSRF tokens in its admin forms. Read more...
JMyLife 1.0.15 Released 31 Oct 2010 | 07:18 pm
JMyLife 1.0.15 has been released. There are no new features in this release, only bug fixes. To download an update, click on Account Maintenance in the login module and view your order - the latest r...
JMyLife 1.0.14 Released 29 Oct 2010 | 07:42 pm
JMyLife 1.0.14 is now available. 1.0.14 contains a security upgrade Read more...
Temporary Joomla 1.5.20 XSS Hotfix 8 Oct 2010 | 09:47 am
The guys over at YGN posted a video today of a 0-day Joomla! 1.5.20 XSS flaw. I've taken a look and have a quick fix that should prevent exploitation. Read more...
