O:9:"MagpieRSS":23:{s:6:"parser";i:0;s:12:"current_item";a:0:{}s:5:"items";a:20:{i:0;a:9:{s:5:"title";s:36:"Security Bypass and Remote Execution";s:4:"link";s:95:"http://feedproxy.google.com/~r/modxsecurity/~3/SDYSxSMp0do/security-bypass-and-remote-execution";s:11:"description";s:1541:"<strong>Product:</strong> MODX Revolution<br />
<strong>Severity:</strong> Extremely Critical<br />
<strong>Versions:</strong> 2.1.0–2.2.7<br />
<strong>Vulnerability type:</strong> Security Bypass<br />
<strong>Report date:</strong> 2013-Jun-4<br />
<strong>Fixed date:</strong> 2013-Jun-4<br />
<br />
<strong>Description</strong><br />
Two vulnerabilities were discovered in MODX that allow users to bypass security. Attackers could exploit this to remotely execute arbitrary code on the targeted server. <br />
<br />
<strong>Affected Releases</strong><br />
All MODX Revolution releases from and including 2.1.0–2.2.7 are affected. Revolution 2.0.8 and below are not affected.<br />
<br />
<strong>Solutions</strong><br />
There are two possible solutions:<br />
<ol class="dis-ol"><br />
<li> Upgrade to <a href="http://modx.com/download/" target="_blank" rel="nofollow">MODX Revolution 2.2.8</a>, or</li>
<li> Install this <a href="http://modx.com/extras/package/securitypatch20130604" target="_blank" rel="nofollow">plugin patch</a> until upgrade to 2.2.8+ is completed.</li>
</ol>
<br />
<strong>Acknowledgement</strong><br />
We would like to thank valued community members Fi1osof and Agel_Nash for bringing this issue to our attention.<br />
<br />
<strong>Additional Information</strong><br />
For additional information, please use the <a href="http://modx.com/company/contact/" target="_blank" rel="nofollow">MODX Contact Form</a><img src="http://feeds.feedburner.com/~r/modxsecurity/~4/SDYSxSMp0do" height="1" width="1"/>";s:8:"comments";s:88:"http://forums.modx.com/thread/84893/security-bypass-and-remote-execution#dis-post-468080";s:7:"pubdate";s:31:"Tue, 04 Jun 2013 09:55:36 +0000";s:4:"guid";s:88:"http://forums.modx.com/thread/84893/security-bypass-and-remote-execution#dis-post-468080";s:10:"feedburner";a:1:{s:8:"origlink";s:88:"http://forums.modx.com/thread/84893/security-bypass-and-remote-execution#dis-post-468080";}s:7:"summary";s:1541:"<strong>Product:</strong> MODX Revolution<br />
<strong>Severity:</strong> Extremely Critical<br />
<strong>Versions:</strong> 2.1.0–2.2.7<br />
<strong>Vulnerability type:</strong> Security Bypass<br />
<strong>Report date:</strong> 2013-Jun-4<br />
<strong>Fixed date:</strong> 2013-Jun-4<br />
<br />
<strong>Description</strong><br />
Two vulnerabilities were discovered in MODX that allow users to bypass security. Attackers could exploit this to remotely execute arbitrary code on the targeted server. <br />
<br />
<strong>Affected Releases</strong><br />
All MODX Revolution releases from and including 2.1.0–2.2.7 are affected. Revolution 2.0.8 and below are not affected.<br />
<br />
<strong>Solutions</strong><br />
There are two possible solutions:<br />
<ol class="dis-ol"><br />
<li> Upgrade to <a href="http://modx.com/download/" target="_blank" rel="nofollow">MODX Revolution 2.2.8</a>, or</li>
<li> Install this <a href="http://modx.com/extras/package/securitypatch20130604" target="_blank" rel="nofollow">plugin patch</a> until upgrade to 2.2.8+ is completed.</li>
</ol>
<br />
<strong>Acknowledgement</strong><br />
We would like to thank valued community members Fi1osof and Agel_Nash for bringing this issue to our attention.<br />
<br />
<strong>Additional Information</strong><br />
For additional information, please use the <a href="http://modx.com/company/contact/" target="_blank" rel="nofollow">MODX Contact Form</a><img src="http://feeds.feedburner.com/~r/modxsecurity/~4/SDYSxSMp0do" height="1" width="1"/>";s:14:"date_timestamp";i:1370339736;}i:1;a:9:{s:5:"title";s:67:"MODX Evolution 1.0.7 (and prior) ForgotManager plugin Vulnerability";s:4:"link";s:124:"http://feedproxy.google.com/~r/modxsecurity/~3/BJ-pgFzh4nA/modx-evolution-1-0-7-and-prior-forgotmanager-plugin-vulnerability";s:11:"description";s:1516:"<strong>Product:</strong> MODX Evolution<br />
<strong>Risk:</strong> Very High<br />
<strong>Severity:</strong> Critical<br />
<strong>Versions:</strong> 1.0.7<br />
<strong>Vulnerabilty Type:</strong> Permissions, Privileges, and Access Control; Input Validation; SQL Injection<br />
<strong>Report Date:</strong> 2013-Jan-4<br />
<strong>Fixed Date:</strong> 2013-Jan-8<br />
<br />
<strong>Description</strong><br />
The Forgot Manager Login plugin distributed with all versions of MODX Evolution (and 0.9.x) contains a vulnerability that allows users to gain unauthorized access to the MODX Manager. <br />
<br />
<strong>Affected Releases</strong><br />
All MODX 0.9.x/Evolution releases prior to and including MODX Evolution 1.0.7 (with ForgotManager plugin active) are affected.<br />
<br />
<strong>Solutions</strong><br />
There are three ways to resolve or mitigate the issue:<br />
<ol class="dis-ol"><br />
<li>Disable Forgot Manager Login plugin</li>
<li>Upgrade <a href="http://modx.com/extras/package/forgotmanagerlogin" target="_blank" rel="nofollow">Forgot Manager Login</a> to version 1.1.6</li>
<li>Upgrade to <a href="http://modx.com/download/evolution/" target="_blank" rel="nofollow"> MODX Evolution 1.0.8</a>.</li>
</ol>
<br />
<strong>NOTE</strong><br />
A special thanks to community member Jako for reporting this issue directly to MODX so a resolution could be made available before details were.<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/BJ-pgFzh4nA" height="1" width="1"/>";s:8:"comments";s:117:"http://forums.modx.com/thread/81545/modx-evolution-1-0-7-and-prior-forgotmanager-plugin-vulnerability#dis-post-449818";s:7:"pubdate";s:31:"Tue, 08 Jan 2013 04:28:14 +0000";s:4:"guid";s:117:"http://forums.modx.com/thread/81545/modx-evolution-1-0-7-and-prior-forgotmanager-plugin-vulnerability#dis-post-449818";s:10:"feedburner";a:1:{s:8:"origlink";s:117:"http://forums.modx.com/thread/81545/modx-evolution-1-0-7-and-prior-forgotmanager-plugin-vulnerability#dis-post-449818";}s:7:"summary";s:1516:"<strong>Product:</strong> MODX Evolution<br />
<strong>Risk:</strong> Very High<br />
<strong>Severity:</strong> Critical<br />
<strong>Versions:</strong> 1.0.7<br />
<strong>Vulnerabilty Type:</strong> Permissions, Privileges, and Access Control; Input Validation; SQL Injection<br />
<strong>Report Date:</strong> 2013-Jan-4<br />
<strong>Fixed Date:</strong> 2013-Jan-8<br />
<br />
<strong>Description</strong><br />
The Forgot Manager Login plugin distributed with all versions of MODX Evolution (and 0.9.x) contains a vulnerability that allows users to gain unauthorized access to the MODX Manager. <br />
<br />
<strong>Affected Releases</strong><br />
All MODX 0.9.x/Evolution releases prior to and including MODX Evolution 1.0.7 (with ForgotManager plugin active) are affected.<br />
<br />
<strong>Solutions</strong><br />
There are three ways to resolve or mitigate the issue:<br />
<ol class="dis-ol"><br />
<li>Disable Forgot Manager Login plugin</li>
<li>Upgrade <a href="http://modx.com/extras/package/forgotmanagerlogin" target="_blank" rel="nofollow">Forgot Manager Login</a> to version 1.1.6</li>
<li>Upgrade to <a href="http://modx.com/download/evolution/" target="_blank" rel="nofollow"> MODX Evolution 1.0.8</a>.</li>
</ol>
<br />
<strong>NOTE</strong><br />
A special thanks to community member Jako for reporting this issue directly to MODX so a resolution could be made available before details were.<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/BJ-pgFzh4nA" height="1" width="1"/>";s:14:"date_timestamp";i:1357619294;}i:2;a:9:{s:5:"title";s:60:"MODX Evolution 1.0.6 (and prior) Unauthorized Manager Access";s:4:"link";s:117:"http://feedproxy.google.com/~r/modxsecurity/~3/LYb16Yy-U1E/modx-evolution-1-0-6-and-prior-unauthorized-manager-access";s:11:"description";s:1532:"<strong>Product:</strong> MODX Evolution<br />
<strong>Risk:</strong> Very High<br />
<strong>Severity:</strong> Critical<br />
<strong>Versions:</strong> 1.0.6 and all previous releases<br />
<strong>Vulnerabilty Type:</strong> Permissions, Privileges, and Access Control; Input Validation; SQL Injection<br />
<strong>Report Date:</strong> 2012-Nov-26<br />
<strong>Fixed Date:</strong> 2012-Nov-26<br />
<br />
<strong>Description</strong><br />
The Forgot Manager Login plugin distributed with all versions of MODX Evolution (and 0.9.x) contains a vulnerability that allows users to gain unauthorized access to the MODX Manager. <br />
<br />
<strong>Affected Releases</strong><br />
All MODX 0.9.x/Evolution releases prior to and including MODX Evolution 1.0.6 are affected.<br />
<br />
<strong>Solutions</strong><br />
There are three ways to resolve or mitigate the issue:<br />
<ol class="dis-ol"><br />
<li>Disable Forgot Manager Login plugin</li>
<li>Upgrade <a href="http://modx.com/extras/package/forgotmanagerlogin" target="_blank" rel="nofollow">Forgot Manager Login</a> to version 1.1.4</li>
<li>Upgrade to <a href="http://modx.com/download/evolution/" target="_blank" rel="nofollow"> MODX Evolution 1.0.7</a>.</li>
</ol>
<br />
<strong>NOTE</strong><br />
A special thanks to community member Agel_Nash for reporting the full scope of this issue directly to MODX so a resolution could be made available before details were.<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/LYb16Yy-U1E" height="1" width="1"/>";s:8:"comments";s:110:"http://forums.modx.com/thread/80701/modx-evolution-1-0-6-and-prior-unauthorized-manager-access#dis-post-444667";s:7:"pubdate";s:31:"Mon, 26 Nov 2012 03:33:34 +0000";s:4:"guid";s:110:"http://forums.modx.com/thread/80701/modx-evolution-1-0-6-and-prior-unauthorized-manager-access#dis-post-444667";s:10:"feedburner";a:1:{s:8:"origlink";s:110:"http://forums.modx.com/thread/80701/modx-evolution-1-0-6-and-prior-unauthorized-manager-access#dis-post-444667";}s:7:"summary";s:1532:"<strong>Product:</strong> MODX Evolution<br />
<strong>Risk:</strong> Very High<br />
<strong>Severity:</strong> Critical<br />
<strong>Versions:</strong> 1.0.6 and all previous releases<br />
<strong>Vulnerabilty Type:</strong> Permissions, Privileges, and Access Control; Input Validation; SQL Injection<br />
<strong>Report Date:</strong> 2012-Nov-26<br />
<strong>Fixed Date:</strong> 2012-Nov-26<br />
<br />
<strong>Description</strong><br />
The Forgot Manager Login plugin distributed with all versions of MODX Evolution (and 0.9.x) contains a vulnerability that allows users to gain unauthorized access to the MODX Manager. <br />
<br />
<strong>Affected Releases</strong><br />
All MODX 0.9.x/Evolution releases prior to and including MODX Evolution 1.0.6 are affected.<br />
<br />
<strong>Solutions</strong><br />
There are three ways to resolve or mitigate the issue:<br />
<ol class="dis-ol"><br />
<li>Disable Forgot Manager Login plugin</li>
<li>Upgrade <a href="http://modx.com/extras/package/forgotmanagerlogin" target="_blank" rel="nofollow">Forgot Manager Login</a> to version 1.1.4</li>
<li>Upgrade to <a href="http://modx.com/download/evolution/" target="_blank" rel="nofollow"> MODX Evolution 1.0.7</a>.</li>
</ol>
<br />
<strong>NOTE</strong><br />
A special thanks to community member Agel_Nash for reporting the full scope of this issue directly to MODX so a resolution could be made available before details were.<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/LYb16Yy-U1E" height="1" width="1"/>";s:14:"date_timestamp";i:1353900814;}i:3;a:9:{s:5:"title";s:53:"MODX Website Compromise Update: Revolution Still Safe";s:4:"link";s:111:"http://feedproxy.google.com/~r/modxsecurity/~3/wj00scFO8ho/modx-website-compromise-update-revolution-still-safe";s:11:"description";s:517:"<strong>MODX Revolution is Still Safe</strong><br />
After exhaustive investigation, at this point we have determined the recent modx.com security breach used custom code authored specifically for our website. It was not a result of code contained in any core releases of MODX Revolution. While we have taken additional steps to further secure our website, we will follow up with a more complete response in the coming weeks.<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/wj00scFO8ho" height="1" width="1"/>";s:8:"comments";s:104:"http://forums.modx.com/thread/79153/modx-website-compromise-update-revolution-still-safe#dis-post-436674";s:7:"pubdate";s:31:"Tue, 11 Sep 2012 11:10:08 +0000";s:4:"guid";s:104:"http://forums.modx.com/thread/79153/modx-website-compromise-update-revolution-still-safe#dis-post-436674";s:10:"feedburner";a:1:{s:8:"origlink";s:104:"http://forums.modx.com/thread/79153/modx-website-compromise-update-revolution-still-safe#dis-post-436674";}s:7:"summary";s:517:"<strong>MODX Revolution is Still Safe</strong><br />
After exhaustive investigation, at this point we have determined the recent modx.com security breach used custom code authored specifically for our website. It was not a result of code contained in any core releases of MODX Revolution. While we have taken additional steps to further secure our website, we will follow up with a more complete response in the coming weeks.<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/wj00scFO8ho" height="1" width="1"/>";s:14:"date_timestamp";i:1347361808;}i:4;a:9:{s:5:"title";s:23:"MODX Website Compromise";s:4:"link";s:82:"http://feedproxy.google.com/~r/modxsecurity/~3/f-jdLv-VmuY/modx-website-compromise";s:11:"description";s:2285:"On Wednesday August 29, a hacker exploited a Local File Inclusion (LFI) vector in an older release of MODX Revolution we had running on one of our servers. This issue had already been fixed as part of the MODX Revolution 2.2.4 release. We locked down the site while we investigated the compromise. <br />
<br />
Yes, one of the MODX web properties was not up to date and this was <em>really</em> not smart. We got burned, and this is our mea culpa. We have upgraded our websites to 2.2.4, changed all passwords related to our internal infrastructure, and set new policies going forward.<br />
<br />
<strong>Your Passwords are Safe</strong><br />
<br />
No passwords or hashed passwords were disclosed. MODX does not store passwords on the affected websites by design (see Update 2 below), using a custom SSO application hosted on an external, secure server. Passwords are hashed and salted multiple times, with unique salts per user. Despite no access to passwords being disclosed, you may consider changing any non-unique passwords used across multiple websites. <br />
<br />
<strong>We’re Sorry</strong><br />
<br />
We sincerely and profusely apologize for any inconvenience our lapse in diligence caused. We promise to do our utmost to be proactive going forward, taking every step we can to ensure we do not repeat this in the future.<br />
<br />
<strong>Please Upgrade Your Sites</strong><br />
<br />
Security requires constantly staying on top of your websites; it’s an ongoing process and not a destination. As with any software, it’s important to to keep up to date when new updates come out. Upgrade your sites to the latest MODX versions when they’re released—no excuses.<br />
<br />
<em>Update 1</em>: We clarified wording to accurately reflect that the actual passwords/hashed passwords were not disclosed.<br />
<br />
<em>Update 2</em>: Further clarification that the user table field shared publicly by the culprit does not contain any passwords (we repurposed the field). It does contain: <br />
<ul class="dis-ul"><br />
<li>Salts not used by our SSO</li>
<li>&quot;cachepwd&quot; (also not used by our SSO) which expires within minutes of creation.</li>
</ul><img src="http://feeds.feedburner.com/~r/modxsecurity/~4/f-jdLv-VmuY" height="1" width="1"/>";s:8:"comments";s:75:"http://forums.modx.com/thread/79060/modx-website-compromise#dis-post-435698";s:7:"pubdate";s:31:"Mon, 03 Sep 2012 11:12:01 +0000";s:4:"guid";s:75:"http://forums.modx.com/thread/79060/modx-website-compromise#dis-post-435698";s:10:"feedburner";a:1:{s:8:"origlink";s:75:"http://forums.modx.com/thread/79060/modx-website-compromise#dis-post-435698";}s:7:"summary";s:2285:"On Wednesday August 29, a hacker exploited a Local File Inclusion (LFI) vector in an older release of MODX Revolution we had running on one of our servers. This issue had already been fixed as part of the MODX Revolution 2.2.4 release. We locked down the site while we investigated the compromise. <br />
<br />
Yes, one of the MODX web properties was not up to date and this was <em>really</em> not smart. We got burned, and this is our mea culpa. We have upgraded our websites to 2.2.4, changed all passwords related to our internal infrastructure, and set new policies going forward.<br />
<br />
<strong>Your Passwords are Safe</strong><br />
<br />
No passwords or hashed passwords were disclosed. MODX does not store passwords on the affected websites by design (see Update 2 below), using a custom SSO application hosted on an external, secure server. Passwords are hashed and salted multiple times, with unique salts per user. Despite no access to passwords being disclosed, you may consider changing any non-unique passwords used across multiple websites. <br />
<br />
<strong>We’re Sorry</strong><br />
<br />
We sincerely and profusely apologize for any inconvenience our lapse in diligence caused. We promise to do our utmost to be proactive going forward, taking every step we can to ensure we do not repeat this in the future.<br />
<br />
<strong>Please Upgrade Your Sites</strong><br />
<br />
Security requires constantly staying on top of your websites; it’s an ongoing process and not a destination. As with any software, it’s important to to keep up to date when new updates come out. Upgrade your sites to the latest MODX versions when they’re released—no excuses.<br />
<br />
<em>Update 1</em>: We clarified wording to accurately reflect that the actual passwords/hashed passwords were not disclosed.<br />
<br />
<em>Update 2</em>: Further clarification that the user table field shared publicly by the culprit does not contain any passwords (we repurposed the field). It does contain: <br />
<ul class="dis-ul"><br />
<li>Salts not used by our SSO</li>
<li>&quot;cachepwd&quot; (also not used by our SSO) which expires within minutes of creation.</li>
</ul><img src="http://feeds.feedburner.com/~r/modxsecurity/~4/f-jdLv-VmuY" height="1" width="1"/>";s:14:"date_timestamp";i:1346670721;}i:5;a:9:{s:5:"title";s:70:"MODX Evolution 1.0.5 (and prior) Remote Script Execution Vulnerability";s:4:"link";s:127:"http://feedproxy.google.com/~r/modxsecurity/~3/wGzha324jfk/modx-evolution-1-0-5-and-prior-remote-script-execution-vulnerability";s:11:"description";s:1416:"<strong>Product:</strong> MODX Evolution<br />
<strong>Risk:</strong> Very High<br />
<strong>Severity:</strong> Critical<br />
<strong>Versions:</strong> 1.0.5 and all previous releases<br />
<strong>Vunerability type:</strong> Remote Script Execution*<br />
<strong>Report Date:</strong> 2012-Feb-16<br />
<strong>Fixed Date:</strong> 2012-Feb-20<br />
<br />
<strong>Description</strong><br />
<br />
A vigilant community member sent us a security notice to let us know that he found a security issue in a compromised site running MODX Evolution 1.0.5. <br />
<br />
Upon investigation, we determined that MODX Evolution had been sanitizing global GPC (GET/POST/Cookie or Request) variables in a way that allowed any Snippet within MODX that echoed user input (i.e. a website form field) from the GPC variables back to the output (for display) to inadvertently execute the MODX tags provided in the input field.<br />
 <br />
*Remote script execution requires specific configurations of add-ons included in the core.<br />
<br />
<strong>Affected Releases</strong><br />
All MODX 0.9.x/Evolution releases prior to and including MODX Evolution 1.0.5 are affected.<br />
<br />
<strong>Solution</strong><br />
Upgrade to <a href="http://modx.com/download/evolution/" target="_blank" rel="nofollow"> MODX Evolution 1.0.6</a><img src="http://feeds.feedburner.com/~r/modxsecurity/~4/wGzha324jfk" height="1" width="1"/>";s:8:"comments";s:120:"http://forums.modx.com/thread/74423/modx-evolution-1-0-5-and-prior-remote-script-execution-vulnerability#dis-post-412760";s:7:"pubdate";s:31:"Mon, 20 Feb 2012 04:44:07 +0000";s:4:"guid";s:120:"http://forums.modx.com/thread/74423/modx-evolution-1-0-5-and-prior-remote-script-execution-vulnerability#dis-post-412760";s:10:"feedburner";a:1:{s:8:"origlink";s:120:"http://forums.modx.com/thread/74423/modx-evolution-1-0-5-and-prior-remote-script-execution-vulnerability#dis-post-412760";}s:7:"summary";s:1416:"<strong>Product:</strong> MODX Evolution<br />
<strong>Risk:</strong> Very High<br />
<strong>Severity:</strong> Critical<br />
<strong>Versions:</strong> 1.0.5 and all previous releases<br />
<strong>Vunerability type:</strong> Remote Script Execution*<br />
<strong>Report Date:</strong> 2012-Feb-16<br />
<strong>Fixed Date:</strong> 2012-Feb-20<br />
<br />
<strong>Description</strong><br />
<br />
A vigilant community member sent us a security notice to let us know that he found a security issue in a compromised site running MODX Evolution 1.0.5. <br />
<br />
Upon investigation, we determined that MODX Evolution had been sanitizing global GPC (GET/POST/Cookie or Request) variables in a way that allowed any Snippet within MODX that echoed user input (i.e. a website form field) from the GPC variables back to the output (for display) to inadvertently execute the MODX tags provided in the input field.<br />
 <br />
*Remote script execution requires specific configurations of add-ons included in the core.<br />
<br />
<strong>Affected Releases</strong><br />
All MODX 0.9.x/Evolution releases prior to and including MODX Evolution 1.0.5 are affected.<br />
<br />
<strong>Solution</strong><br />
Upgrade to <a href="http://modx.com/download/evolution/" target="_blank" rel="nofollow"> MODX Evolution 1.0.6</a><img src="http://feeds.feedburner.com/~r/modxsecurity/~4/wGzha324jfk" height="1" width="1"/>";s:14:"date_timestamp";i:1329713047;}i:6;a:9:{s:5:"title";s:78:"MODx Evo 1.0.4 (and prior) SQL Injection and Directory Traversal Vulnerabities";s:4:"link";s:135:"http://feedproxy.google.com/~r/modxsecurity/~3/SukP2a2DUDk/modx-evo-1-0-4-and-prior-sql-injection-and-directory-traversal-vulnerabities";s:11:"description";s:1449:"<strong>Status: Solved</strong><br />
Product: MODx Evolution<br />
Severity: High<br />
Versions: 1.0.4 and prior<br />
Advisory Date: 2011-01-26<br />
Fixed Date: 2011-01-19<br />
Impact:<br />
 a) A remote attacker may access or view arbitrary files on the server.<br />
 b) A remote attacker may execute arbitrary PHP code as a result of SQL injection.<br />
<br />
<strong>Description</strong><br />
JPCERT/CC has issued the following advisories:<br />
 a) <a href="http://jvn.jp/en/jp/JVN95385972/index.html" target="_blank" rel="nofollow">http://jvn.jp/en/jp/JVN95385972/index.html</a><br />
 b) <a href="http://jvn.jp/en/jp/JVN54092716/index.html" target="_blank" rel="nofollow">http://jvn.jp/en/jp/JVN54092716/index.html</a><br />
<br />
<strong>Solution</strong><br />
Upgrade to MODx Revolution 1.0.5 available here:  <a href="http://modxcms.com/download.html#ga" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/download.html#ga" target="_blank" rel="nofollow']); return false;">http://modxcms.com/download.html#ga</a><br />
Read the <a href="http://modxcms.com/forums/index.php/topic,60045.0.html" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/forums/index.php/topic,60045.0.html" target="_blank" rel="nofollow']); return false;">Release Announcement</a> for Evolution 1.0.5.<br /><img src="http://feeds.feedburner.com/~r/modxsecurity/~4/SukP2a2DUDk" height="1" width="1"/>";s:8:"comments";s:124:"http://forums.modx.com/thread/268/modx-evo-1-0-4-and-prior-sql-injection-and-directory-traversal-vulnerabities#dis-post-1674";s:7:"pubdate";s:31:"Fri, 28 Jan 2011 02:13:31 +0000";s:4:"guid";s:124:"http://forums.modx.com/thread/268/modx-evo-1-0-4-and-prior-sql-injection-and-directory-traversal-vulnerabities#dis-post-1674";s:10:"feedburner";a:1:{s:8:"origlink";s:124:"http://forums.modx.com/thread/268/modx-evo-1-0-4-and-prior-sql-injection-and-directory-traversal-vulnerabities#dis-post-1674";}s:7:"summary";s:1449:"<strong>Status: Solved</strong><br />
Product: MODx Evolution<br />
Severity: High<br />
Versions: 1.0.4 and prior<br />
Advisory Date: 2011-01-26<br />
Fixed Date: 2011-01-19<br />
Impact:<br />
 a) A remote attacker may access or view arbitrary files on the server.<br />
 b) A remote attacker may execute arbitrary PHP code as a result of SQL injection.<br />
<br />
<strong>Description</strong><br />
JPCERT/CC has issued the following advisories:<br />
 a) <a href="http://jvn.jp/en/jp/JVN95385972/index.html" target="_blank" rel="nofollow">http://jvn.jp/en/jp/JVN95385972/index.html</a><br />
 b) <a href="http://jvn.jp/en/jp/JVN54092716/index.html" target="_blank" rel="nofollow">http://jvn.jp/en/jp/JVN54092716/index.html</a><br />
<br />
<strong>Solution</strong><br />
Upgrade to MODx Revolution 1.0.5 available here:  <a href="http://modxcms.com/download.html#ga" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/download.html#ga" target="_blank" rel="nofollow']); return false;">http://modxcms.com/download.html#ga</a><br />
Read the <a href="http://modxcms.com/forums/index.php/topic,60045.0.html" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/forums/index.php/topic,60045.0.html" target="_blank" rel="nofollow']); return false;">Release Announcement</a> for Evolution 1.0.5.<br /><img src="http://feeds.feedburner.com/~r/modxsecurity/~4/SukP2a2DUDk" height="1" width="1"/>";s:14:"date_timestamp";i:1296180811;}i:7;a:9:{s:5:"title";s:42:"Critical PHP Bug Security Notice and Patch";s:4:"link";s:101:"http://feedproxy.google.com/~r/modxsecurity/~3/L6gFqKf7bu4/critical-php-bug-security-notice-and-patch";s:11:"description";s:3414:"Earlier this week, a PHP Security Notice was made due to a critical bug in PHP that could cause PHP to fail should a value of 2.2250738585072011e-308 be set to a PHP value.<br />
<br />
More information can be found here:<br />
<ul class="dis-ul"><li><a href="http://bugs.php.net/bug.php?id=53632" target="_blank" rel="nofollow">http://bugs.php.net/bug.php?id=53632</a></li>
<li><a href="http://www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/" target="_blank" rel="nofollow">http://www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/</a></li></ul>
<br />
This bug can affect MODx installations. MODx Revolution has been patched in GitHub for this. It is <strong>highly</strong> recommended that all MODx Revolution users patch their MODx installations with the fix made in this commit: <a href="https://github.com/modxcms/revolution/commit/3d8175c010374a3662fb86492fe7e808df0bae66" target="_blank" rel="nofollow">https://github.com/modxcms/revolution/commit/3d8175c010374a3662fb86492fe7e808df0bae66</a> (do not copy the entire modx.class.php file, just the affected lines)<br />
<br />
To patch for Revolution, simply paste the following lines into the file &quot;core/model/modx/modx.class.php&quot; after line 30 (after the comments):<br />
<div class="dis-code"><pre class="brush: php; toolbar: false">if (strstr(str_replace('.','',serialize($_REQUEST)), '22250738585072011')) {
  header('Status: 422 Unprocessable Entity'); die();
}</pre></div><br />
<br />
Alternatively, if you don’t have FTP or SSH access to your server, you can download <a href="http://modxcms.com/extras/package/789" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/extras/package/789" target="_blank" rel="nofollow']); return false;">a Plugin-based patch</a> via Package Management, in &quot;Hotfixes &amp; Security Updates&quot; -&gt; &quot;Hotfix&quot; -&gt; &quot;bug-3350&quot;. Installing it will patch your installation with a Plugin. (While the Plugin will work, MODX recommends patching the files if possible.)<br />
<br />
To patch for Evolution, simply add the above lines at the top of the &quot;manager/includes/protect.inc.php&quot; file.<br />
<br />
Since this is a PHP bug, and not a MODx bug, this will affect any and all MODx installations on server architecture that uses the x87 FPU and hasn’t forced SSE or float-store.<br />
<br />
<strong>LATE UPDATE:</strong><br />
<br />
The MODX Team has released Revolution 2.0.6-pl2 which adds a workaround for this PHP bug, as well as a couple other issues. You can download it here: <a href="http://modxcms.com/download/" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/download/" target="_blank" rel="nofollow']); return false;">http://modxcms.com/download/</a>. Upgrading is not required if you applied the patch above.<br />
<br />
Changelog for 2.0.6-pl2:<br />
<div class="dis-code"><pre class="brush: php; toolbar: false">
MODx Revolution 2.0.6-pl2 (January 6, 2011)
====================================
- &#91;#3350&#93; Fix for PHP bug: http://bugs.php.net/bug.php?id=53632
- &#91;#3347&#93; Fix issue where renaming a file broke the browsing of directory tree
- Fix issue where FC tvDefault rules, regardless of active state, are always run
 </pre></div><img src="http://feeds.feedburner.com/~r/modxsecurity/~4/L6gFqKf7bu4" height="1" width="1"/>";s:8:"comments";s:90:"http://forums.modx.com/thread/267/critical-php-bug-security-notice-and-patch#dis-post-1673";s:7:"pubdate";s:31:"Thu, 06 Jan 2011 09:43:30 +0000";s:4:"guid";s:90:"http://forums.modx.com/thread/267/critical-php-bug-security-notice-and-patch#dis-post-1673";s:10:"feedburner";a:1:{s:8:"origlink";s:90:"http://forums.modx.com/thread/267/critical-php-bug-security-notice-and-patch#dis-post-1673";}s:7:"summary";s:3414:"Earlier this week, a PHP Security Notice was made due to a critical bug in PHP that could cause PHP to fail should a value of 2.2250738585072011e-308 be set to a PHP value.<br />
<br />
More information can be found here:<br />
<ul class="dis-ul"><li><a href="http://bugs.php.net/bug.php?id=53632" target="_blank" rel="nofollow">http://bugs.php.net/bug.php?id=53632</a></li>
<li><a href="http://www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/" target="_blank" rel="nofollow">http://www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/</a></li></ul>
<br />
This bug can affect MODx installations. MODx Revolution has been patched in GitHub for this. It is <strong>highly</strong> recommended that all MODx Revolution users patch their MODx installations with the fix made in this commit: <a href="https://github.com/modxcms/revolution/commit/3d8175c010374a3662fb86492fe7e808df0bae66" target="_blank" rel="nofollow">https://github.com/modxcms/revolution/commit/3d8175c010374a3662fb86492fe7e808df0bae66</a> (do not copy the entire modx.class.php file, just the affected lines)<br />
<br />
To patch for Revolution, simply paste the following lines into the file &quot;core/model/modx/modx.class.php&quot; after line 30 (after the comments):<br />
<div class="dis-code"><pre class="brush: php; toolbar: false">if (strstr(str_replace('.','',serialize($_REQUEST)), '22250738585072011')) {
  header('Status: 422 Unprocessable Entity'); die();
}</pre></div><br />
<br />
Alternatively, if you don’t have FTP or SSH access to your server, you can download <a href="http://modxcms.com/extras/package/789" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/extras/package/789" target="_blank" rel="nofollow']); return false;">a Plugin-based patch</a> via Package Management, in &quot;Hotfixes &amp; Security Updates&quot; -&gt; &quot;Hotfix&quot; -&gt; &quot;bug-3350&quot;. Installing it will patch your installation with a Plugin. (While the Plugin will work, MODX recommends patching the files if possible.)<br />
<br />
To patch for Evolution, simply add the above lines at the top of the &quot;manager/includes/protect.inc.php&quot; file.<br />
<br />
Since this is a PHP bug, and not a MODx bug, this will affect any and all MODx installations on server architecture that uses the x87 FPU and hasn’t forced SSE or float-store.<br />
<br />
<strong>LATE UPDATE:</strong><br />
<br />
The MODX Team has released Revolution 2.0.6-pl2 which adds a workaround for this PHP bug, as well as a couple other issues. You can download it here: <a href="http://modxcms.com/download/" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/download/" target="_blank" rel="nofollow']); return false;">http://modxcms.com/download/</a>. Upgrading is not required if you applied the patch above.<br />
<br />
Changelog for 2.0.6-pl2:<br />
<div class="dis-code"><pre class="brush: php; toolbar: false">
MODx Revolution 2.0.6-pl2 (January 6, 2011)
====================================
- &#91;#3350&#93; Fix for PHP bug: http://bugs.php.net/bug.php?id=53632
- &#91;#3347&#93; Fix issue where renaming a file broke the browsing of directory tree
- Fix issue where FC tvDefault rules, regardless of active state, are always run
 </pre></div><img src="http://feeds.feedburner.com/~r/modxsecurity/~4/L6gFqKf7bu4" height="1" width="1"/>";s:14:"date_timestamp";i:1294307010;}i:8;a:9:{s:5:"title";s:59:"Critical Security Upgrade Notice for FormIt, Quip and Login";s:4:"link";s:117:"http://feedproxy.google.com/~r/modxsecurity/~3/yG5AW9A9NAo/critical-security-upgrade-notice-for-formit-quip-and-login";s:11:"description";s:605:"We received a report of a potential vulnerability in <em>FormIt</em>, <em>Quip</em> and <em>Login</em> that could be used to expose system settings including database information. <br />
<br />
This has been been corrected and new versions have been posted. <strong>Upgrading of FormIt, Login and Quip to the latest versions via Package Manager should be considered critical.</strong><br />
<br />
This only affects MODX Revolution installations that have installed the Extras FormIt, Quip and Login.<br />
<br /><img src="http://feeds.feedburner.com/~r/modxsecurity/~4/yG5AW9A9NAo" height="1" width="1"/>";s:8:"comments";s:106:"http://forums.modx.com/thread/266/critical-security-upgrade-notice-for-formit-quip-and-login#dis-post-1672";s:7:"pubdate";s:31:"Thu, 09 Dec 2010 08:17:16 +0000";s:4:"guid";s:106:"http://forums.modx.com/thread/266/critical-security-upgrade-notice-for-formit-quip-and-login#dis-post-1672";s:10:"feedburner";a:1:{s:8:"origlink";s:106:"http://forums.modx.com/thread/266/critical-security-upgrade-notice-for-formit-quip-and-login#dis-post-1672";}s:7:"summary";s:605:"We received a report of a potential vulnerability in <em>FormIt</em>, <em>Quip</em> and <em>Login</em> that could be used to expose system settings including database information. <br />
<br />
This has been been corrected and new versions have been posted. <strong>Upgrading of FormIt, Login and Quip to the latest versions via Package Manager should be considered critical.</strong><br />
<br />
This only affects MODX Revolution installations that have installed the Extras FormIt, Quip and Login.<br />
<br /><img src="http://feeds.feedburner.com/~r/modxsecurity/~4/yG5AW9A9NAo" height="1" width="1"/>";s:14:"date_timestamp";i:1291882636;}i:9;a:9:{s:5:"title";s:41:"phpThumb  Command-Injection Vulnerability";s:4:"link";s:99:"http://feedproxy.google.com/~r/modxsecurity/~3/k4XZ7ynoTk4/phpthumb-command-injection-vulnerability";s:11:"description";s:1330:"It has recently come to our attention that phpThumb (all versions) contains an unpatched vulnerability.<br />
<blockquote>The application is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input to the ’fltr&#91;&#93;’ parameter in the ’phpThumb.php’ script. <br />
<br />
Attackers can exploit this issue to execute arbitrary commands in the context of the webserver.<br />
<br />
Note that successful exploitation requires ’ImageMagick’ to be installed.<br />
<br />
phpThumb() 1.7.9 is affected; other versions may also be vulnerable.</blockquote>
<br />
If you are using phpThumb on any of your sites either as part of a plugin or standalone, you should use the following fix to secure your site: <br />
<a href="http://modxcms.com/forums/index.php/topic,54874.msg316279.html#msg316279" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/forums/index.php/topic,54874.msg316279.html#msg316279" target="_blank" rel="nofollow']); return false;">http://modxcms.com/forums/index.php/topic,54874.msg316279.html#msg316279</a><br />
<br />
Note: This vulnerability does not affect the phpThumb that is included in the MODx Revolution distribution.<br /><img src="http://feeds.feedburner.com/~r/modxsecurity/~4/k4XZ7ynoTk4" height="1" width="1"/>";s:8:"comments";s:88:"http://forums.modx.com/thread/265/phpthumb-command-injection-vulnerability#dis-post-1671";s:7:"pubdate";s:31:"Tue, 05 Oct 2010 11:01:07 +0000";s:4:"guid";s:88:"http://forums.modx.com/thread/265/phpthumb-command-injection-vulnerability#dis-post-1671";s:10:"feedburner";a:1:{s:8:"origlink";s:88:"http://forums.modx.com/thread/265/phpthumb-command-injection-vulnerability#dis-post-1671";}s:7:"summary";s:1330:"It has recently come to our attention that phpThumb (all versions) contains an unpatched vulnerability.<br />
<blockquote>The application is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input to the ’fltr&#91;&#93;’ parameter in the ’phpThumb.php’ script. <br />
<br />
Attackers can exploit this issue to execute arbitrary commands in the context of the webserver.<br />
<br />
Note that successful exploitation requires ’ImageMagick’ to be installed.<br />
<br />
phpThumb() 1.7.9 is affected; other versions may also be vulnerable.</blockquote>
<br />
If you are using phpThumb on any of your sites either as part of a plugin or standalone, you should use the following fix to secure your site: <br />
<a href="http://modxcms.com/forums/index.php/topic,54874.msg316279.html#msg316279" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/forums/index.php/topic,54874.msg316279.html#msg316279" target="_blank" rel="nofollow']); return false;">http://modxcms.com/forums/index.php/topic,54874.msg316279.html#msg316279</a><br />
<br />
Note: This vulnerability does not affect the phpThumb that is included in the MODx Revolution distribution.<br /><img src="http://feeds.feedburner.com/~r/modxsecurity/~4/k4XZ7ynoTk4" height="1" width="1"/>";s:14:"date_timestamp";i:1286276467;}i:10;a:9:{s:5:"title";s:55:"MODx Revolution 2.0.3 Addresses Pair of Vulnerabilities";s:4:"link";s:114:"http://feedproxy.google.com/~r/modxsecurity/~3/ZU4xrhDcVco/modx-revolution-2-0-3-addresses-pair-of-vulnerabilities";s:11:"description";s:1554:"The MODx Revolution 2.0.3 release addresses a pair of <a href="http://modxcms.com/forums/index.php/topic,55062.0.html" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/forums/index.php/topic,55062.0.html" target="_blank" rel="nofollow']); return false;">reported security vulnerabilities</a> with MODx Revolution 2.0.2-pl and possibly earlier releases:<br />
<br />
Input passed via the &quot;modhash&quot; parameter to manager/index.php is not properly sanitized before being returned to the user and input passed via the &quot;class_key&quot; parameter to manager/controllers/default/resource/tvs.php is not properly verified before being used to include files.<br />
<br />
<strong>We recommend that anyone running previous versions of MODx Revolution upgrade to 2.0.3.</strong><br />
<br />
Download MODx Revolution 2.0.3-pl: <a href="http://modxcms.com/download/#pl" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/download/#pl" target="_blank" rel="nofollow']); return false;">http://modxcms.com/download/#pl</a><br />
<br />
Details of other improvements introduced in the 2.0.3 release can be found here: <a href="http://modxcms.com/forums/index.php/topic,55104.0.html" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/forums/index.php/topic,55104.0.html" target="_blank" rel="nofollow']); return false;">http://modxcms.com/forums/index.php/topic,55104.0.html</a><img src="http://feeds.feedburner.com/~r/modxsecurity/~4/ZU4xrhDcVco" height="1" width="1"/>";s:8:"comments";s:103:"http://forums.modx.com/thread/264/modx-revolution-2-0-3-addresses-pair-of-vulnerabilities#dis-post-1670";s:7:"pubdate";s:31:"Thu, 30 Sep 2010 01:47:17 +0000";s:4:"guid";s:103:"http://forums.modx.com/thread/264/modx-revolution-2-0-3-addresses-pair-of-vulnerabilities#dis-post-1670";s:10:"feedburner";a:1:{s:8:"origlink";s:103:"http://forums.modx.com/thread/264/modx-revolution-2-0-3-addresses-pair-of-vulnerabilities#dis-post-1670";}s:7:"summary";s:1554:"The MODx Revolution 2.0.3 release addresses a pair of <a href="http://modxcms.com/forums/index.php/topic,55062.0.html" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/forums/index.php/topic,55062.0.html" target="_blank" rel="nofollow']); return false;">reported security vulnerabilities</a> with MODx Revolution 2.0.2-pl and possibly earlier releases:<br />
<br />
Input passed via the &quot;modhash&quot; parameter to manager/index.php is not properly sanitized before being returned to the user and input passed via the &quot;class_key&quot; parameter to manager/controllers/default/resource/tvs.php is not properly verified before being used to include files.<br />
<br />
<strong>We recommend that anyone running previous versions of MODx Revolution upgrade to 2.0.3.</strong><br />
<br />
Download MODx Revolution 2.0.3-pl: <a href="http://modxcms.com/download/#pl" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/download/#pl" target="_blank" rel="nofollow']); return false;">http://modxcms.com/download/#pl</a><br />
<br />
Details of other improvements introduced in the 2.0.3 release can be found here: <a href="http://modxcms.com/forums/index.php/topic,55104.0.html" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/forums/index.php/topic,55104.0.html" target="_blank" rel="nofollow']); return false;">http://modxcms.com/forums/index.php/topic,55104.0.html</a><img src="http://feeds.feedburner.com/~r/modxsecurity/~4/ZU4xrhDcVco" height="1" width="1"/>";s:14:"date_timestamp";i:1285811237;}i:11;a:9:{s:5:"title";s:77:"MODx Revolution Cross-Site Scripting and Local File Inclusion Vulnerabilities";s:4:"link";s:136:"http://feedproxy.google.com/~r/modxsecurity/~3/SmU0Xdv6isY/modx-revolution-cross-site-scripting-and-local-file-inclusion-vulnerabilities";s:11:"description";s:1805:"<strong>Status: Solved</strong> (See: <a href="http://modxcms.com/forums/index.php/topic,55105.0.html" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/forums/index.php/topic,55105.0.html" target="_blank" rel="nofollow']); return false;">Notice on fix</a>)<br />
Product: MODx Revolution<br />
Risk: Moderate<br />
Versions: 2.0.x<br />
Vunerability type: Cross-Site Scripting and Local File Inclusion Vulnerabilities<br />
Report Date: 2010-09-29<br />
Fixed Date: 2010-09-29<br />
<br />
Description<br />
Issue reported as <a href="http://secunia.com/advisories/41638" target="_blank" rel="nofollow">Secunia Advisory SA41638</a>. <br />
<br />
Input passed via the &quot;modahsh&quot; parameter to manager/index.php is not properly sanitized before being returned to the user and input passed via the &quot;class_key&quot; parameter to manager/controllers/default/resource/tvs.php is not properly verified before being used to include files.<br />
<br />
<br />
Affected Releases<br />
MODx Revolution 2.0.2-pl however it is possible previous releases contain the vulnerability.<br />
<br />
Solution<br />
Upgrade to MODx Revolution 2.0.3 available here:  <a href="http://modxcms.com/download.html#pl" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/download.html#pl" target="_blank" rel="nofollow']); return false;">http://modxcms.com/download.html#pl</a><br />
Read the <a href="http://modxcms.com/forums/index.php/topic,55104.0.html" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/forums/index.php/topic,55104.0.html" target="_blank" rel="nofollow']); return false;">Release Announcement</a> for Revolution 2.0.3.<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/SmU0Xdv6isY" height="1" width="1"/>";s:8:"comments";s:125:"http://forums.modx.com/thread/263/modx-revolution-cross-site-scripting-and-local-file-inclusion-vulnerabilities#dis-post-1669";s:7:"pubdate";s:31:"Wed, 29 Sep 2010 02:50:16 +0000";s:4:"guid";s:125:"http://forums.modx.com/thread/263/modx-revolution-cross-site-scripting-and-local-file-inclusion-vulnerabilities#dis-post-1669";s:10:"feedburner";a:1:{s:8:"origlink";s:125:"http://forums.modx.com/thread/263/modx-revolution-cross-site-scripting-and-local-file-inclusion-vulnerabilities#dis-post-1669";}s:7:"summary";s:1805:"<strong>Status: Solved</strong> (See: <a href="http://modxcms.com/forums/index.php/topic,55105.0.html" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/forums/index.php/topic,55105.0.html" target="_blank" rel="nofollow']); return false;">Notice on fix</a>)<br />
Product: MODx Revolution<br />
Risk: Moderate<br />
Versions: 2.0.x<br />
Vunerability type: Cross-Site Scripting and Local File Inclusion Vulnerabilities<br />
Report Date: 2010-09-29<br />
Fixed Date: 2010-09-29<br />
<br />
Description<br />
Issue reported as <a href="http://secunia.com/advisories/41638" target="_blank" rel="nofollow">Secunia Advisory SA41638</a>. <br />
<br />
Input passed via the &quot;modahsh&quot; parameter to manager/index.php is not properly sanitized before being returned to the user and input passed via the &quot;class_key&quot; parameter to manager/controllers/default/resource/tvs.php is not properly verified before being used to include files.<br />
<br />
<br />
Affected Releases<br />
MODx Revolution 2.0.2-pl however it is possible previous releases contain the vulnerability.<br />
<br />
Solution<br />
Upgrade to MODx Revolution 2.0.3 available here:  <a href="http://modxcms.com/download.html#pl" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/download.html#pl" target="_blank" rel="nofollow']); return false;">http://modxcms.com/download.html#pl</a><br />
Read the <a href="http://modxcms.com/forums/index.php/topic,55104.0.html" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/forums/index.php/topic,55104.0.html" target="_blank" rel="nofollow']); return false;">Release Announcement</a> for Revolution 2.0.3.<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/SmU0Xdv6isY" height="1" width="1"/>";s:14:"date_timestamp";i:1285728616;}i:12;a:9:{s:5:"title";s:42:"MODx Evolution SQL Injection Vulnerability";s:4:"link";s:101:"http://feedproxy.google.com/~r/modxsecurity/~3/FzjcYDRKn5w/modx-evolution-sql-injection-vulnerability";s:11:"description";s:1375:"<strong>Product:</strong> MODx Evolution<br />
<strong>Risk:</strong> Moderate<br />
<strong>Versions:</strong> 1.0.3 and all previous releases<br />
<strong>Vunerability type:</strong> SQL Injection<br />
<strong>Report Date:</strong> 2010-May-28<br />
<strong>Fixed Date:</strong> 2010-May-28<br />
<br />
<strong>Description</strong><br />
Issue reported as <a href="http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_modx_cms_and_application_framework.html" target="_blank" rel="nofollow">HTB22412</a>. Attacker could potentially compromise MODx Evolution via an unsanitized variable on the /manager/index.php. <br />
    <br />
No actual destructive exploit has yet been created or proven. The proof of concept offered on the htbridge.ch site, and variants, can only cause a SQL error to be displayed.<br />
<br />
<strong>Affected Releases</strong><br />
All MODx 0.9.x/Evolution releases prior to and including MODx Evolution 1.0.3 are affected.<br />
<br />
<strong>Solution</strong><br />
Upgrade to MODx Evolution 1.0.4 or later: <a href="http://modxcms.com/download.html#ga" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/download.html#ga" target="_blank" rel="nofollow']); return false;">http://modxcms.com/download.html#ga</a><img src="http://feeds.feedburner.com/~r/modxsecurity/~4/FzjcYDRKn5w" height="1" width="1"/>";s:8:"comments";s:90:"http://forums.modx.com/thread/262/modx-evolution-sql-injection-vulnerability#dis-post-1668";s:7:"pubdate";s:31:"Mon, 07 Jun 2010 04:59:22 +0000";s:4:"guid";s:90:"http://forums.modx.com/thread/262/modx-evolution-sql-injection-vulnerability#dis-post-1668";s:10:"feedburner";a:1:{s:8:"origlink";s:90:"http://forums.modx.com/thread/262/modx-evolution-sql-injection-vulnerability#dis-post-1668";}s:7:"summary";s:1375:"<strong>Product:</strong> MODx Evolution<br />
<strong>Risk:</strong> Moderate<br />
<strong>Versions:</strong> 1.0.3 and all previous releases<br />
<strong>Vunerability type:</strong> SQL Injection<br />
<strong>Report Date:</strong> 2010-May-28<br />
<strong>Fixed Date:</strong> 2010-May-28<br />
<br />
<strong>Description</strong><br />
Issue reported as <a href="http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_modx_cms_and_application_framework.html" target="_blank" rel="nofollow">HTB22412</a>. Attacker could potentially compromise MODx Evolution via an unsanitized variable on the /manager/index.php. <br />
    <br />
No actual destructive exploit has yet been created or proven. The proof of concept offered on the htbridge.ch site, and variants, can only cause a SQL error to be displayed.<br />
<br />
<strong>Affected Releases</strong><br />
All MODx 0.9.x/Evolution releases prior to and including MODx Evolution 1.0.3 are affected.<br />
<br />
<strong>Solution</strong><br />
Upgrade to MODx Evolution 1.0.4 or later: <a href="http://modxcms.com/download.html#ga" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/download.html#ga" target="_blank" rel="nofollow']); return false;">http://modxcms.com/download.html#ga</a><img src="http://feeds.feedburner.com/~r/modxsecurity/~4/FzjcYDRKn5w" height="1" width="1"/>";s:14:"date_timestamp";i:1275886762;}i:13;a:9:{s:5:"title";s:68:"Security updates in MODx Evolution 1.0.3. You really should upgrade.";s:4:"link";s:125:"http://feedproxy.google.com/~r/modxsecurity/~3/m_3jsk_oOpQ/security-updates-in-modx-evolution-1-0-3-you-really-should-upgrade";s:11:"description";s:1348:"The MODx Evolution 1.0.3 release addresses a number of reported security vulnerabilities with previous MODx Evolution 1.0.2 and earlier releases:<br />
<br />
<ul class="dis-ul"><br />
<li> XSS possibilities with the SearchHighlight plugin (used by AjaxSearch) as reported in JVN#19774883 and JVN#46669729</li>
<li> Unwanted information disclosure about the site structure in the TinyMCE plugin</li>
<li> SQL Injection via WebLogin</li>
</ul>
<br />
<strong>We strongly recommend that anyone running previous versions of MODx Evolution (including 0.9.x releases) consider Evolution 1.0.3 a mandatory upgrade.</strong><br />
<br />
Ddownload MODx Evolution 1.0.3: <a href="http://modxcms.com/download/" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/download/" target="_blank" rel="nofollow']); return false;">http://modxcms.com/download/</a><br />
<br />
Details of other improvements introduced in the 1.0.3 release can be found here: <a href="http://modxcms.com/forums/index.php/topic,47756.0.html" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/forums/index.php/topic,47756.0.html" target="_blank" rel="nofollow']); return false;">http://modxcms.com/forums/index.php/topic,47756.0.html</a><img src="http://feeds.feedburner.com/~r/modxsecurity/~4/m_3jsk_oOpQ" height="1" width="1"/>";s:8:"comments";s:114:"http://forums.modx.com/thread/261/security-updates-in-modx-evolution-1-0-3-you-really-should-upgrade#dis-post-1667";s:7:"pubdate";s:31:"Thu, 01 Apr 2010 10:11:06 +0000";s:4:"guid";s:114:"http://forums.modx.com/thread/261/security-updates-in-modx-evolution-1-0-3-you-really-should-upgrade#dis-post-1667";s:10:"feedburner";a:1:{s:8:"origlink";s:114:"http://forums.modx.com/thread/261/security-updates-in-modx-evolution-1-0-3-you-really-should-upgrade#dis-post-1667";}s:7:"summary";s:1348:"The MODx Evolution 1.0.3 release addresses a number of reported security vulnerabilities with previous MODx Evolution 1.0.2 and earlier releases:<br />
<br />
<ul class="dis-ul"><br />
<li> XSS possibilities with the SearchHighlight plugin (used by AjaxSearch) as reported in JVN#19774883 and JVN#46669729</li>
<li> Unwanted information disclosure about the site structure in the TinyMCE plugin</li>
<li> SQL Injection via WebLogin</li>
</ul>
<br />
<strong>We strongly recommend that anyone running previous versions of MODx Evolution (including 0.9.x releases) consider Evolution 1.0.3 a mandatory upgrade.</strong><br />
<br />
Ddownload MODx Evolution 1.0.3: <a href="http://modxcms.com/download/" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/download/" target="_blank" rel="nofollow']); return false;">http://modxcms.com/download/</a><br />
<br />
Details of other improvements introduced in the 1.0.3 release can be found here: <a href="http://modxcms.com/forums/index.php/topic,47756.0.html" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/forums/index.php/topic,47756.0.html" target="_blank" rel="nofollow']); return false;">http://modxcms.com/forums/index.php/topic,47756.0.html</a><img src="http://feeds.feedburner.com/~r/modxsecurity/~4/m_3jsk_oOpQ" height="1" width="1"/>";s:14:"date_timestamp";i:1270116666;}i:14;a:9:{s:5:"title";s:54:"Security Fix for MODx Revolution 2.0-beta2 (and beta1)";s:4:"link";s:111:"http://feedproxy.google.com/~r/modxsecurity/~3/iOJEa5BR3_0/security-fix-for-modx-revolution-2-0-beta2-and-beta1";s:11:"description";s:1542:"There has been a reported security vulnerability for MODx Revolution 2.0 beta1 and beta2. <br />
<br />
We have committed a temporary fix until we hit the root of the issue, which is a problem with the modAccessibleObject and Context Policy loading.<br />
<br />
SVN users, to fix this vulnerability, please update to r5505.<br />
<br />
Non-SVN users, please make the changes as illustrated here:<br />
<a href="http://svn.modxcms.com/crucible/changelog/modx/?cs=5501" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://svn.modxcms.com/crucible/changelog/modx/?cs=5501" target="_blank" rel="nofollow']); return false;">http://svn.modxcms.com/crucible/changelog/modx/?cs=5501</a> <br />
<br />
and here:<br />
<a href="http://svn.modxcms.com/crucible/changelog/modx/?cs=5505" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://svn.modxcms.com/crucible/changelog/modx/?cs=5505" target="_blank" rel="nofollow']); return false;">http://svn.modxcms.com/crucible/changelog/modx/?cs=5505</a><br />
<br />
Again, MODx recommends that you not use any beta products on shared or public servers without acknowledging the risk of potential undiscovered vulnerabilities. If you do choose to use such products, MODx recommends using a restricted username and/or password that is limited only to the MODx install. This also applies to file and user permissions. <br />
<br />
We apologize for any inconvience this might have caused.<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/iOJEa5BR3_0" height="1" width="1"/>";s:8:"comments";s:100:"http://forums.modx.com/thread/260/security-fix-for-modx-revolution-2-0-beta2-and-beta1#dis-post-1666";s:7:"pubdate";s:31:"Thu, 23 Jul 2009 02:28:34 +0000";s:4:"guid";s:100:"http://forums.modx.com/thread/260/security-fix-for-modx-revolution-2-0-beta2-and-beta1#dis-post-1666";s:10:"feedburner";a:1:{s:8:"origlink";s:100:"http://forums.modx.com/thread/260/security-fix-for-modx-revolution-2-0-beta2-and-beta1#dis-post-1666";}s:7:"summary";s:1542:"There has been a reported security vulnerability for MODx Revolution 2.0 beta1 and beta2. <br />
<br />
We have committed a temporary fix until we hit the root of the issue, which is a problem with the modAccessibleObject and Context Policy loading.<br />
<br />
SVN users, to fix this vulnerability, please update to r5505.<br />
<br />
Non-SVN users, please make the changes as illustrated here:<br />
<a href="http://svn.modxcms.com/crucible/changelog/modx/?cs=5501" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://svn.modxcms.com/crucible/changelog/modx/?cs=5501" target="_blank" rel="nofollow']); return false;">http://svn.modxcms.com/crucible/changelog/modx/?cs=5501</a> <br />
<br />
and here:<br />
<a href="http://svn.modxcms.com/crucible/changelog/modx/?cs=5505" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://svn.modxcms.com/crucible/changelog/modx/?cs=5505" target="_blank" rel="nofollow']); return false;">http://svn.modxcms.com/crucible/changelog/modx/?cs=5505</a><br />
<br />
Again, MODx recommends that you not use any beta products on shared or public servers without acknowledging the risk of potential undiscovered vulnerabilities. If you do choose to use such products, MODx recommends using a restricted username and/or password that is limited only to the MODx install. This also applies to file and user permissions. <br />
<br />
We apologize for any inconvience this might have caused.<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/iOJEa5BR3_0" height="1" width="1"/>";s:14:"date_timestamp";i:1248316114;}i:15;a:9:{s:5:"title";s:19:"Reflect RFI Exploit";s:4:"link";s:78:"http://feedproxy.google.com/~r/modxsecurity/~3/srEtm3N0-HI/reflect-rfi-exploit";s:11:"description";s:950:"It has come to our attention that it’s possible to compromise some sites with specific server configurations via the reference copy of the Reflect snippet installed by default at /assets/snippets/reflect/snippet.reflect.php<br />
<br />
A temporary solution is to simply rename this file with a .txt extension in your website. We are working on confirming a permanent solution and will update this post as soon as possible with more details.<br />
<br />
For more information see the <a href="http://secunia.com/Advisories/32824/" target="_blank" rel="nofollow">Secunia advisory</a> and the <a href="http://modxcms.com/forums/index.php/topic,30850" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/forums/index.php/topic,30850" target="_blank" rel="nofollow']); return false;">discussion on our forums</a>.<br />
<br />
<br /><img src="http://feeds.feedburner.com/~r/modxsecurity/~4/srEtm3N0-HI" height="1" width="1"/>";s:8:"comments";s:67:"http://forums.modx.com/thread/259/reflect-rfi-exploit#dis-post-1665";s:7:"pubdate";s:31:"Mon, 24 Nov 2008 04:46:49 +0000";s:4:"guid";s:67:"http://forums.modx.com/thread/259/reflect-rfi-exploit#dis-post-1665";s:10:"feedburner";a:1:{s:8:"origlink";s:67:"http://forums.modx.com/thread/259/reflect-rfi-exploit#dis-post-1665";}s:7:"summary";s:950:"It has come to our attention that it’s possible to compromise some sites with specific server configurations via the reference copy of the Reflect snippet installed by default at /assets/snippets/reflect/snippet.reflect.php<br />
<br />
A temporary solution is to simply rename this file with a .txt extension in your website. We are working on confirming a permanent solution and will update this post as soon as possible with more details.<br />
<br />
For more information see the <a href="http://secunia.com/Advisories/32824/" target="_blank" rel="nofollow">Secunia advisory</a> and the <a href="http://modxcms.com/forums/index.php/topic,30850" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/forums/index.php/topic,30850" target="_blank" rel="nofollow']); return false;">discussion on our forums</a>.<br />
<br />
<br /><img src="http://feeds.feedburner.com/~r/modxsecurity/~4/srEtm3N0-HI" height="1" width="1"/>";s:14:"date_timestamp";i:1227502009;}i:16;a:9:{s:5:"title";s:62:"0.9.6.2 HTTP_REFERER Checks and Potential CSRF Vulnerabilities";s:4:"link";s:121:"http://feedproxy.google.com/~r/modxsecurity/~3/Gu5MIMif5-Q/0-9-6-2-http-referer-checks-and-potential-csrf-vulnerabilities";s:11:"description";s:2907:"Some potential CSRF (Cross Site Request Forgery) vulnerabilities that require a valid manager session were identified in MODx 0.9.6.1-p2 and earlier versions and as a result, a new security feature to help protect your content managers from these types of attacks has been introduced with the <a href="http://modxcms.com/forums/index.php/topic,28875.0.html" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/forums/index.php/topic,28875.0.html" target="_blank" rel="nofollow']); return false;">release of 0.9.6.2</a>.<br />
<br />
<strong>CSRF Potential</strong><br />
Details of the kinds of attacks these vulnerabilities make possible are available in the associated bug report: <a href="http://svn.modxcms.com/jira/browse/MODX-206" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://svn.modxcms.com/jira/browse/MODX-206" target="_blank" rel="nofollow']); return false;">#MODX-206</a>.<br />
<br />
<strong>HTTP_REFERER Solution</strong><br />
To prevent a majority of these kinds of attacks, there is now a new option that can be <em>manually enabled</em> in the manager configuration entitled <em><strong>Validate HTTP_REFERER headers?</strong> (under Tools --&gt; Configuration :: Site tab, at the very bottom)</em>.  This new option activates a check to ensure requests are originating from the same domain as the site, and prevents access to critical manager actions by direct URL or linked from other locations.  If you are concerned that your content managers may be easily tricked into clicking URLs on malicious sites that link back to their own MODx manager, taking unintended actions like deleting users or documents in the process, we highly recommend turning this feature on.<br />
<br />
Please note that this option <em>may not work in some environments</em>, so you’ll want to be prepared to disable this option if it prevents the manager from working at all.  In case this occurs and you are unable to set the option off in the manager once you turn it on, you’ll need to have access to the database and be able to edit the assets/cache/siteCache.idx.php file.  In the database, you’ll need to edit the row in the system_settings table with setting_name = ’validate_referer’ to have a value of ’0’ and edit that setting in siteCache.idx.php the same way, changing the line <div class="dis-code"><pre class="brush: php; toolbar: false">$c&#91;'validate_referer'&#93; = "1";</pre></div> to <div class="dis-code"><pre class="brush: php; toolbar: false">$c&#91;'validate_referer'&#93; = "0";</pre></div><br />
<br />
Also note this does not prevent all CSRF attacks, but will address a majority of the more common (and less sophisticated) types.  Additional security enhancements are being developed to close these attack vectors completely.<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/Gu5MIMif5-Q" height="1" width="1"/>";s:8:"comments";s:110:"http://forums.modx.com/thread/258/0-9-6-2-http-referer-checks-and-potential-csrf-vulnerabilities#dis-post-1663";s:7:"pubdate";s:31:"Tue, 16 Sep 2008 12:45:11 +0000";s:4:"guid";s:110:"http://forums.modx.com/thread/258/0-9-6-2-http-referer-checks-and-potential-csrf-vulnerabilities#dis-post-1663";s:10:"feedburner";a:1:{s:8:"origlink";s:110:"http://forums.modx.com/thread/258/0-9-6-2-http-referer-checks-and-potential-csrf-vulnerabilities#dis-post-1663";}s:7:"summary";s:2907:"Some potential CSRF (Cross Site Request Forgery) vulnerabilities that require a valid manager session were identified in MODx 0.9.6.1-p2 and earlier versions and as a result, a new security feature to help protect your content managers from these types of attacks has been introduced with the <a href="http://modxcms.com/forums/index.php/topic,28875.0.html" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/forums/index.php/topic,28875.0.html" target="_blank" rel="nofollow']); return false;">release of 0.9.6.2</a>.<br />
<br />
<strong>CSRF Potential</strong><br />
Details of the kinds of attacks these vulnerabilities make possible are available in the associated bug report: <a href="http://svn.modxcms.com/jira/browse/MODX-206" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://svn.modxcms.com/jira/browse/MODX-206" target="_blank" rel="nofollow']); return false;">#MODX-206</a>.<br />
<br />
<strong>HTTP_REFERER Solution</strong><br />
To prevent a majority of these kinds of attacks, there is now a new option that can be <em>manually enabled</em> in the manager configuration entitled <em><strong>Validate HTTP_REFERER headers?</strong> (under Tools --&gt; Configuration :: Site tab, at the very bottom)</em>.  This new option activates a check to ensure requests are originating from the same domain as the site, and prevents access to critical manager actions by direct URL or linked from other locations.  If you are concerned that your content managers may be easily tricked into clicking URLs on malicious sites that link back to their own MODx manager, taking unintended actions like deleting users or documents in the process, we highly recommend turning this feature on.<br />
<br />
Please note that this option <em>may not work in some environments</em>, so you’ll want to be prepared to disable this option if it prevents the manager from working at all.  In case this occurs and you are unable to set the option off in the manager once you turn it on, you’ll need to have access to the database and be able to edit the assets/cache/siteCache.idx.php file.  In the database, you’ll need to edit the row in the system_settings table with setting_name = ’validate_referer’ to have a value of ’0’ and edit that setting in siteCache.idx.php the same way, changing the line <div class="dis-code"><pre class="brush: php; toolbar: false">$c&#91;'validate_referer'&#93; = "1";</pre></div> to <div class="dis-code"><pre class="brush: php; toolbar: false">$c&#91;'validate_referer'&#93; = "0";</pre></div><br />
<br />
Also note this does not prevent all CSRF attacks, but will address a majority of the more common (and less sophisticated) types.  Additional security enhancements are being developed to close these attack vectors completely.<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/Gu5MIMif5-Q" height="1" width="1"/>";s:14:"date_timestamp";i:1221569111;}i:17;a:9:{s:5:"title";s:80:"Acknowledgment: [DSECRG-08-013] Modx 0.9.6.1, 0.9.6.1p1 Multiple Security Vulner";s:4:"link";s:135:"http://feedproxy.google.com/~r/modxsecurity/~3/nx6wa7_Emco/acknowledgment-dsecrg-08-013-modx-0-9-6-1-0-9-6-1p1-multiple-security-vulner";s:11:"description";s:1525:"The MODx team believes the following security notice is sophistical – plausible but misleading (some would refer to it as &quot;FUD&quot;). We are continuing further investigations.<br />
<br />
<a href="http://seclists.org/bugtraq/2008/Feb/0068.html" target="_blank" rel="nofollow">&#91;DSECRG-08-013&#93; Modx 0.9.6.1, 0.9.6.1p1 Multiple Security Vulnerabilities </a><br />
<br />
To reproduce the security compromises listed above, a malicious hacker would first have to hijack a valid manager session, then convince someone to visit a link to the site with that session and their XSS content inserted. This could be of concern however in the instance when you have a large Manager User base of untrusted individuals. In either case, there are larger security implications.<br />
<br />
For more information and discussion, <a href="http://modxcms.com/forums/index.php/topic,22596" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/forums/index.php/topic,22596" target="_blank" rel="nofollow']); return false;">please visit this thread in these forums</a>. We do not have every server or browser combination under which we can test the above listed compromises, so we would tremendously appreciate assistance/confirmation . If you are able to reproduce them or have additional information, please post information in the discussion and we will update this notice immediately with corrective actions.<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/nx6wa7_Emco" height="1" width="1"/>";s:8:"comments";s:124:"http://forums.modx.com/thread/257/acknowledgment-dsecrg-08-013-modx-0-9-6-1-0-9-6-1p1-multiple-security-vulner#dis-post-1662";s:7:"pubdate";s:31:"Wed, 13 Feb 2008 08:49:25 +0000";s:4:"guid";s:124:"http://forums.modx.com/thread/257/acknowledgment-dsecrg-08-013-modx-0-9-6-1-0-9-6-1p1-multiple-security-vulner#dis-post-1662";s:10:"feedburner";a:1:{s:8:"origlink";s:124:"http://forums.modx.com/thread/257/acknowledgment-dsecrg-08-013-modx-0-9-6-1-0-9-6-1p1-multiple-security-vulner#dis-post-1662";}s:7:"summary";s:1525:"The MODx team believes the following security notice is sophistical – plausible but misleading (some would refer to it as &quot;FUD&quot;). We are continuing further investigations.<br />
<br />
<a href="http://seclists.org/bugtraq/2008/Feb/0068.html" target="_blank" rel="nofollow">&#91;DSECRG-08-013&#93; Modx 0.9.6.1, 0.9.6.1p1 Multiple Security Vulnerabilities </a><br />
<br />
To reproduce the security compromises listed above, a malicious hacker would first have to hijack a valid manager session, then convince someone to visit a link to the site with that session and their XSS content inserted. This could be of concern however in the instance when you have a large Manager User base of untrusted individuals. In either case, there are larger security implications.<br />
<br />
For more information and discussion, <a href="http://modxcms.com/forums/index.php/topic,22596" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://modxcms.com/forums/index.php/topic,22596" target="_blank" rel="nofollow']); return false;">please visit this thread in these forums</a>. We do not have every server or browser combination under which we can test the above listed compromises, so we would tremendously appreciate assistance/confirmation . If you are able to reproduce them or have additional information, please post information in the discussion and we will update this notice immediately with corrective actions.<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/nx6wa7_Emco" height="1" width="1"/>";s:14:"date_timestamp";i:1202892565;}i:18;a:9:{s:5:"title";s:45:"IMPORTANT: Two new vulnerabilities in 0.9.6.1";s:4:"link";s:103:"http://feedproxy.google.com/~r/modxsecurity/~3/UWolI7XE48g/important-two-new-vulnerabilities-in-0-9-6-1";s:11:"description";s:2410:"Please take notice that two security vulnerabilities have been reported and confirmed in 3rd-party scripts that are included in the MODx 0.9.6.1 distributions.  Please see <a href="http://www.securityfocus.com/archive/1/485707/30/0/threaded" target="_blank" rel="nofollow">http://www.securityfocus.com/archive/1/485707/30/0/threaded</a> for details.<br />
<br />
You need to take immediate action to protect your site( s ).  <br />
<br />
<strong>For 0.9.6.1</strong><br />
Go to <a href="http://svn.modxcms.com/trac/tattoo/changeset/3281" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://svn.modxcms.com/trac/tattoo/changeset/3281" target="_blank" rel="nofollow']); return false;">http://svn.modxcms.com/trac/tattoo/changeset/3281</a> and you can choose from three options for applying the changes to your existing installations: download the zip archive from the link at the bottom (<a href="http://svn.modxcms.com/trac/tattoo/changeset/3281?format=zip" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://svn.modxcms.com/trac/tattoo/changeset/3281?format=zip" target="_blank" rel="nofollow']); return false;">http://svn.modxcms.com/trac/tattoo/changeset/3281?format=zip</a>&amp;new=3281) and overwrite your existing files, get the unified diff (<a href="http://svn.modxcms.com/trac/tattoo/changeset/3281?format=diff" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://svn.modxcms.com/trac/tattoo/changeset/3281?format=diff" target="_blank" rel="nofollow']); return false;">http://svn.modxcms.com/trac/tattoo/changeset/3281?format=diff</a>&amp;new=3281) and apply as a patch, or apply the diffs detailed on the page manually.<br />
<br />
<strong>For 0.9.6</strong><br />
Same as above, though I recommend upgrading to 0.9.6.1 first to make sure you have the latest bug fixes.<br />
<br />
<strong>Alternative for 0.9.6 or before...</strong><br />
Grab the latest trunk from <a href="http://svn.modxcms.com/svn/tattoo/tattoo/trunk" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://svn.modxcms.com/svn/tattoo/tattoo/trunk" target="_blank" rel="nofollow']); return false;">SVN</a> and upgrade your installation normally.<br />
<br />
<br />
Additional information, and an 0.9.6.2 official release with these patches included will be available shortly.<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/UWolI7XE48g" height="1" width="1"/>";s:8:"comments";s:92:"http://forums.modx.com/thread/256/important-two-new-vulnerabilities-in-0-9-6-1#dis-post-1660";s:7:"pubdate";s:31:"Tue, 22 Jan 2008 01:21:09 +0000";s:4:"guid";s:92:"http://forums.modx.com/thread/256/important-two-new-vulnerabilities-in-0-9-6-1#dis-post-1660";s:10:"feedburner";a:1:{s:8:"origlink";s:92:"http://forums.modx.com/thread/256/important-two-new-vulnerabilities-in-0-9-6-1#dis-post-1660";}s:7:"summary";s:2410:"Please take notice that two security vulnerabilities have been reported and confirmed in 3rd-party scripts that are included in the MODx 0.9.6.1 distributions.  Please see <a href="http://www.securityfocus.com/archive/1/485707/30/0/threaded" target="_blank" rel="nofollow">http://www.securityfocus.com/archive/1/485707/30/0/threaded</a> for details.<br />
<br />
You need to take immediate action to protect your site( s ).  <br />
<br />
<strong>For 0.9.6.1</strong><br />
Go to <a href="http://svn.modxcms.com/trac/tattoo/changeset/3281" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://svn.modxcms.com/trac/tattoo/changeset/3281" target="_blank" rel="nofollow']); return false;">http://svn.modxcms.com/trac/tattoo/changeset/3281</a> and you can choose from three options for applying the changes to your existing installations: download the zip archive from the link at the bottom (<a href="http://svn.modxcms.com/trac/tattoo/changeset/3281?format=zip" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://svn.modxcms.com/trac/tattoo/changeset/3281?format=zip" target="_blank" rel="nofollow']); return false;">http://svn.modxcms.com/trac/tattoo/changeset/3281?format=zip</a>&amp;new=3281) and overwrite your existing files, get the unified diff (<a href="http://svn.modxcms.com/trac/tattoo/changeset/3281?format=diff" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://svn.modxcms.com/trac/tattoo/changeset/3281?format=diff" target="_blank" rel="nofollow']); return false;">http://svn.modxcms.com/trac/tattoo/changeset/3281?format=diff</a>&amp;new=3281) and apply as a patch, or apply the diffs detailed on the page manually.<br />
<br />
<strong>For 0.9.6</strong><br />
Same as above, though I recommend upgrading to 0.9.6.1 first to make sure you have the latest bug fixes.<br />
<br />
<strong>Alternative for 0.9.6 or before...</strong><br />
Grab the latest trunk from <a href="http://svn.modxcms.com/svn/tattoo/tattoo/trunk" target="_blank" rel="nofollow" onclick="_gaq.push(['_link','http://svn.modxcms.com/svn/tattoo/tattoo/trunk" target="_blank" rel="nofollow']); return false;">SVN</a> and upgrade your installation normally.<br />
<br />
<br />
Additional information, and an 0.9.6.2 official release with these patches included will be available shortly.<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/UWolI7XE48g" height="1" width="1"/>";s:14:"date_timestamp";i:1200964869;}i:19;a:9:{s:5:"title";s:79:"CVE-2007-5371 not a vulnerability, or how I learned to stop worrying & love FUD";s:4:"link";s:135:"http://feedproxy.google.com/~r/modxsecurity/~3/VQqMxgM7-wg/cve-2007-5371-not-a-vulnerability-or-how-i-learned-to-stop-worrying-love-fud";s:11:"description";s:2691:"FYI:<br />
<br />
A number of MODx users have contacted me in regards to the posting of a MODx vulnerability from bugtraq, that is now showing up in two prominent vulnerability databases as CVE-2007-5371 and BID 25983:<br />
<br />
<a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5371" target="_blank" rel="nofollow">http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5371</a><br />
<a href="http://www.securityfocus.com/bid/25983" target="_blank" rel="nofollow">http://www.securityfocus.com/bid/25983</a><br />
<br />
We were never contacted by the poster, and after extensive analysis on our side, this vulnerability has been found to be 100% inaccurate; in fact, I believe it to be deliberate FUD.  No attack vectors have been posted; securityfocus.com actually describes the exploit as &quot;Attackers can use a browser to exploit these issues&quot;, with no additional information.  The original post describing the supposed exploit is just as informative:<br />
<br />
<a href="http://www.securityfocus.com/archive/1/481870/30/0/threaded" target="_blank" rel="nofollow">http://www.securityfocus.com/archive/1/481870/30/0/threaded</a><br />
<br />
I have posted replies to that thread (all of which have been moderated out) and contacted both securityfocus.com and mitre.org contesting the publishing of this wholly inaccurate report.  All attempts (by me) to contact these groups, whom have been very responsive in the past, have been ignored as far as I can tell.  However, another MODx team member’s response was published on the bugtraq thread (see the response at <a href="http://www.securityfocus.com/archive/1/482096/30/0/threaded" target="_blank" rel="nofollow">http://www.securityfocus.com/archive/1/482096/30/0/threaded</a>), and they did indicate that after further review, the exploit required administrative privileges, and that they would be retiring the BID as a result.  But this is still inaccurate, as even when logged in, I can find absolutely no way to inject SQL via the specified variables.  Considering that all MODx requests are scrubbed to minimize the potential for these attacks, and the file in question is not accessible directly, I firmly maintain that this is a totally bogus report posted by someone with ulterior motives (or an unfortunate lack of internet security knowledge).<br />
<br />
Unfortunately, 0-day security sites are going to report false vulnerabilities; that’s the nature of the beast.  And all I can do for now is keep you informed and up-to-date on the reported issue, hopefully dispelling the FUD this report has generated in the process.<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/VQqMxgM7-wg" height="1" width="1"/>";s:8:"comments";s:124:"http://forums.modx.com/thread/255/cve-2007-5371-not-a-vulnerability-or-how-i-learned-to-stop-worrying-love-fud#dis-post-1657";s:7:"pubdate";s:31:"Sun, 14 Oct 2007 12:25:42 +0000";s:4:"guid";s:124:"http://forums.modx.com/thread/255/cve-2007-5371-not-a-vulnerability-or-how-i-learned-to-stop-worrying-love-fud#dis-post-1657";s:10:"feedburner";a:1:{s:8:"origlink";s:124:"http://forums.modx.com/thread/255/cve-2007-5371-not-a-vulnerability-or-how-i-learned-to-stop-worrying-love-fud#dis-post-1657";}s:7:"summary";s:2691:"FYI:<br />
<br />
A number of MODx users have contacted me in regards to the posting of a MODx vulnerability from bugtraq, that is now showing up in two prominent vulnerability databases as CVE-2007-5371 and BID 25983:<br />
<br />
<a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5371" target="_blank" rel="nofollow">http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5371</a><br />
<a href="http://www.securityfocus.com/bid/25983" target="_blank" rel="nofollow">http://www.securityfocus.com/bid/25983</a><br />
<br />
We were never contacted by the poster, and after extensive analysis on our side, this vulnerability has been found to be 100% inaccurate; in fact, I believe it to be deliberate FUD.  No attack vectors have been posted; securityfocus.com actually describes the exploit as &quot;Attackers can use a browser to exploit these issues&quot;, with no additional information.  The original post describing the supposed exploit is just as informative:<br />
<br />
<a href="http://www.securityfocus.com/archive/1/481870/30/0/threaded" target="_blank" rel="nofollow">http://www.securityfocus.com/archive/1/481870/30/0/threaded</a><br />
<br />
I have posted replies to that thread (all of which have been moderated out) and contacted both securityfocus.com and mitre.org contesting the publishing of this wholly inaccurate report.  All attempts (by me) to contact these groups, whom have been very responsive in the past, have been ignored as far as I can tell.  However, another MODx team member’s response was published on the bugtraq thread (see the response at <a href="http://www.securityfocus.com/archive/1/482096/30/0/threaded" target="_blank" rel="nofollow">http://www.securityfocus.com/archive/1/482096/30/0/threaded</a>), and they did indicate that after further review, the exploit required administrative privileges, and that they would be retiring the BID as a result.  But this is still inaccurate, as even when logged in, I can find absolutely no way to inject SQL via the specified variables.  Considering that all MODx requests are scrubbed to minimize the potential for these attacks, and the file in question is not accessible directly, I firmly maintain that this is a totally bogus report posted by someone with ulterior motives (or an unfortunate lack of internet security knowledge).<br />
<br />
Unfortunately, 0-day security sites are going to report false vulnerabilities; that’s the nature of the beast.  And all I can do for now is keep you informed and up-to-date on the reported issue, hopefully dispelling the FUD this report has generated in the process.<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/VQqMxgM7-wg" height="1" width="1"/>";s:14:"date_timestamp";i:1192364742;}}s:7:"channel";a:5:{s:5:"title";s:40:"Security Notices - MODX Community Forums";s:4:"link";s:37:"http://forums.modx.com/board/?board=8";s:11:"description";s:34:"RSS Feed for MODX Community Forums";s:10:"feedburner";a:2:{s:14:"emailserviceid";s:12:"modxsecurity";s:18:"feedburnerhostname";s:28:"http://feedburner.google.com";}s:7:"tagline";s:34:"RSS Feed for MODX Community Forums";}s:9:"textinput";a:0:{}s:5:"image";a:0:{}s:9:"feed_type";s:3:"RSS";s:12:"feed_version";s:3:"2.0";s:8:"encoding";s:5:"UTF-8";s:16:"_source_encoding";s:0:"";s:5:"ERROR";s:0:"";s:7:"WARNING";s:0:"";s:19:"_CONTENT_CONSTRUCTS";a:6:{i:0;s:7:"content";i:1;s:7:"summary";i:2;s:4:"info";i:3;s:5:"title";i:4;s:7:"tagline";i:5;s:9:"copyright";}s:16:"_KNOWN_ENCODINGS";a:3:{i:0;s:5:"UTF-8";i:1;s:8:"US-ASCII";i:2;s:10:"ISO-8859-1";}s:5:"stack";a:0:{}s:9:"inchannel";b:0;s:6:"initem";b:0;s:9:"incontent";b:0;s:11:"intextinput";b:0;s:7:"inimage";b:0;s:17:"current_namespace";b:0;s:4:"etag";s:29:"+zwQgkXhJIe+hpAt99V2gGJzfQk
";s:13:"last_modified";s:31:"Thu, 26 Dec 2013 13:19:13 GMT
";}