O:9:"MagpieRSS":23:{s:6:"parser";i:0;s:12:"current_item";a:0:{}s:5:"items";a:10:{i:0;a:10:{s:5:"title";s:23:"Re: Reflect RFI Exploit";s:4:"link";s:85:"http://feedproxy.google.com/~r/modxsecurity/~3/ecu5M0nJUZM/topic,30875.msg187190.html";s:11:"description";s:331:"The permanent solution is in fact to simply rename the reference snippet with a .txt extension or to remove them completely. They were included as a reference, and they have been removed from the current download distribution on the site.";s:8:"category";s:16:"Security Notices";s:8:"comments";s:61:"http://modxcms.com/forums/index.php?action=post;topic=30875.0";s:7:"pubdate";s:29:"Mon, 24 Nov 2008 22:46:49 GMT";s:4:"guid";s:72:"http://modxcms.com/forums/index.php/topic,30875.msg187190.html#msg187190";s:10:"feedburner";a:1:{s:8:"origlink";s:72:"http://modxcms.com/forums/index.php/topic,30875.msg187190.html#msg187190";}s:7:"summary";s:331:"The permanent solution is in fact to simply rename the reference snippet with a .txt extension or to remove them completely. They were included as a reference, and they have been removed from the current download distribution on the site.";s:14:"date_timestamp";i:1227566809;}i:1;a:10:{s:5:"title";s:19:"Reflect RFI Exploit";s:4:"link";s:85:"http://feedproxy.google.com/~r/modxsecurity/~3/C3KWxKMhGVg/topic,30875.msg187178.html";s:11:"description";s:790:"It has come to our attention that it's possible to compromise some sites with specific server configurations via the reference copy of the Reflect snippet installed by default at /assets/snippets/reflect/snippet.reflect.php

A temporary solution is to simply rename this file with a .txt extension in your website. We are working on confirming a permanent solution and will update this post as soon as possible with more details.

For more information see the Secunia advisory and the discussion on our forums.


";s:8:"category";s:16:"Security Notices";s:8:"comments";s:61:"http://modxcms.com/forums/index.php?action=post;topic=30875.0";s:7:"pubdate";s:29:"Mon, 24 Nov 2008 22:16:42 GMT";s:4:"guid";s:72:"http://modxcms.com/forums/index.php/topic,30875.msg187178.html#msg187178";s:10:"feedburner";a:1:{s:8:"origlink";s:72:"http://modxcms.com/forums/index.php/topic,30875.msg187178.html#msg187178";}s:7:"summary";s:790:"It has come to our attention that it's possible to compromise some sites with specific server configurations via the reference copy of the Reflect snippet installed by default at /assets/snippets/reflect/snippet.reflect.php

A temporary solution is to simply rename this file with a .txt extension in your website. We are working on confirming a permanent solution and will update this post as soon as possible with more details.

For more information see the Secunia advisory and the discussion on our forums.


";s:14:"date_timestamp";i:1227565002;}i:2;a:10:{s:5:"title";s:62:"0.9.6.2 HTTP_REFERER Checks and Potential CSRF Vulnerabilities";s:4:"link";s:85:"http://feedproxy.google.com/~r/modxsecurity/~3/iOIaDK3E1yA/topic,28881.msg175408.html";s:11:"description";s:1195:"Some potential CSRF (Cross Site Request Forgery) vulnerabilities that require a valid manager session were identified in MODx 0.9.6.1-p2 and earlier versions and as a result, a new security feature to help protect your content managers from these types of attacks has been introduced with the release of 0.9.6.2.

CSRF Potential
Details of the kinds of attacks these vulnerabilities make possible are available in the associated bug report: #MODX-206.

HTTP_REFERER Solution
To prevent a majority of these kinds of attacks, there is now a new option that can be manually enabled in the manager configuration entitled Validate HTTP_REFERER headers? (under Tools --> Configuration :: Site tab, at the very bottom).  This new option activates a check to ensure requests are originating from the same domain as the site, and prevents access to critical manager actions by...";s:8:"category";s:16:"Security Notices";s:8:"comments";s:61:"http://modxcms.com/forums/index.php?action=post;topic=28881.0";s:7:"pubdate";s:29:"Tue, 16 Sep 2008 17:45:11 GMT";s:4:"guid";s:72:"http://modxcms.com/forums/index.php/topic,28881.msg175408.html#msg175408";s:10:"feedburner";a:1:{s:8:"origlink";s:72:"http://modxcms.com/forums/index.php/topic,28881.msg175408.html#msg175408";}s:7:"summary";s:1195:"Some potential CSRF (Cross Site Request Forgery) vulnerabilities that require a valid manager session were identified in MODx 0.9.6.1-p2 and earlier versions and as a result, a new security feature to help protect your content managers from these types of attacks has been introduced with the release of 0.9.6.2.

CSRF Potential
Details of the kinds of attacks these vulnerabilities make possible are available in the associated bug report: #MODX-206.

HTTP_REFERER Solution
To prevent a majority of these kinds of attacks, there is now a new option that can be manually enabled in the manager configuration entitled Validate HTTP_REFERER headers? (under Tools --> Configuration :: Site tab, at the very bottom).  This new option activates a check to ensure requests are originating from the same domain as the site, and prevents access to critical manager actions by...";s:14:"date_timestamp";i:1221587111;}i:3;a:10:{s:5:"title";s:84:"Re: Acknowledgment: [DSECRG-08-013] Modx 0.9.6.1, 0.9.6.1p1 Multiple Security Vulner";s:4:"link";s:85:"http://feedproxy.google.com/~r/modxsecurity/~3/C572rcuV-sg/topic,22621.msg140214.html";s:11:"description";s:1216:"Based on further analysis there is one legitimate bug contained in the distribution that while we've not been able to find security vectors using the flaw, it is not inconceivable that a determined hacker could not do so. This lies with the search highlight plugin. To fix this, patch two lines starting near line 52 to as follows:
Code:
  $searched = strip_tags(urldecode($_REQUEST['searched']));
  $highlight = strip_tags(urldecode($_REQUEST['highlight']));

Alternately, you can simply disable the search highlight plugin entirely by logging into the manager and going to Resources > Manage Resources > Plugin tab. From there, click the Search Highlight plugin name in the list of names, then check the first checkbox near the top that says "Plugin Disabled" (or your relevant local language string).

The currently available build on the download page contains this patch. If you're running an existing site, the best option is to patch or disable the Search Highlight plugin per the above.";s:8:"category";s:16:"Security Notices";s:8:"comments";s:61:"http://modxcms.com/forums/index.php?action=post;topic=22621.0";s:7:"pubdate";s:29:"Wed, 13 Feb 2008 14:49:25 GMT";s:4:"guid";s:72:"http://modxcms.com/forums/index.php/topic,22621.msg140214.html#msg140214";s:10:"feedburner";a:1:{s:8:"origlink";s:72:"http://modxcms.com/forums/index.php/topic,22621.msg140214.html#msg140214";}s:7:"summary";s:1216:"Based on further analysis there is one legitimate bug contained in the distribution that while we've not been able to find security vectors using the flaw, it is not inconceivable that a determined hacker could not do so. This lies with the search highlight plugin. To fix this, patch two lines starting near line 52 to as follows:
Code:
  $searched = strip_tags(urldecode($_REQUEST['searched']));
  $highlight = strip_tags(urldecode($_REQUEST['highlight']));

Alternately, you can simply disable the search highlight plugin entirely by logging into the manager and going to Resources > Manage Resources > Plugin tab. From there, click the Search Highlight plugin name in the list of names, then check the first checkbox near the top that says "Plugin Disabled" (or your relevant local language string).

The currently available build on the download page contains this patch. If you're running an existing site, the best option is to patch or disable the Search Highlight plugin per the above.";s:14:"date_timestamp";i:1202914165;}i:4;a:10:{s:5:"title";s:80:"Acknowledgment: [DSECRG-08-013] Modx 0.9.6.1, 0.9.6.1p1 Multiple Security Vulner";s:4:"link";s:85:"http://feedproxy.google.com/~r/modxsecurity/~3/pkUgCmBwhaQ/topic,22621.msg139250.html";s:11:"description";s:1198:"The MODx team believes the following security notice is sophistical – plausible but misleading (some would refer to it as "FUD"). We are continuing further investigations.

[DSECRG-08-013] Modx 0.9.6.1, 0.9.6.1p1 Multiple Security Vulnerabilities

To reproduce the security compromises listed above, a malicious hacker would first have to hijack a valid manager session, then convince someone to visit a link to the site with that session and their XSS content inserted. This could be of concern however in the instance when you have a large Manager User base of untrusted individuals. In either case, there are larger security implications.

For more information and discussion, please visit this thread in these forums. We do not have every server or browser combination under which we can test the above listed compromises, so we would tremendously appreciate assistance/confirmation . If you are able t...";s:8:"category";s:16:"Security Notices";s:8:"comments";s:61:"http://modxcms.com/forums/index.php?action=post;topic=22621.0";s:7:"pubdate";s:29:"Fri, 08 Feb 2008 16:27:53 GMT";s:4:"guid";s:72:"http://modxcms.com/forums/index.php/topic,22621.msg139250.html#msg139250";s:10:"feedburner";a:1:{s:8:"origlink";s:72:"http://modxcms.com/forums/index.php/topic,22621.msg139250.html#msg139250";}s:7:"summary";s:1198:"The MODx team believes the following security notice is sophistical – plausible but misleading (some would refer to it as "FUD"). We are continuing further investigations.

[DSECRG-08-013] Modx 0.9.6.1, 0.9.6.1p1 Multiple Security Vulnerabilities

To reproduce the security compromises listed above, a malicious hacker would first have to hijack a valid manager session, then convince someone to visit a link to the site with that session and their XSS content inserted. This could be of concern however in the instance when you have a large Manager User base of untrusted individuals. In either case, there are larger security implications.

For more information and discussion, please visit this thread in these forums. We do not have every server or browser combination under which we can test the above listed compromises, so we would tremendously appreciate assistance/confirmation . If you are able t...";s:14:"date_timestamp";i:1202488073;}i:5;a:10:{s:5:"title";s:49:"Re: IMPORTANT: Two new vulnerabilities in 0.9.6.1";s:4:"link";s:85:"http://feedproxy.google.com/~r/modxsecurity/~3/rzBq6NxOm24/topic,21290.msg135206.html";s:11:"description";s:724:"admin note: clarified for those with feed readers who don't see the entire thread in context

The current download available at the MODx download site was replaced by a version containing the patches for 0961 in this thread. 0962 will also contain these patches as Jason mentioned. If you've not applied the security patch already (shame on you!), you can either grab it via the instructions listed above or just download the complete installer from the downloads page and install via the normal upgrade mode. If you're not running this latest patched version, now would be a very good time to upgrade.";s:8:"category";s:16:"Security Notices";s:8:"comments";s:61:"http://modxcms.com/forums/index.php?action=post;topic=21290.0";s:7:"pubdate";s:29:"Tue, 22 Jan 2008 19:21:09 GMT";s:4:"guid";s:72:"http://modxcms.com/forums/index.php/topic,21290.msg135206.html#msg135206";s:10:"feedburner";a:1:{s:8:"origlink";s:72:"http://modxcms.com/forums/index.php/topic,21290.msg135206.html#msg135206";}s:7:"summary";s:724:"admin note: clarified for those with feed readers who don't see the entire thread in context

The current download available at the MODx download site was replaced by a version containing the patches for 0961 in this thread. 0962 will also contain these patches as Jason mentioned. If you've not applied the security patch already (shame on you!), you can either grab it via the instructions listed above or just download the complete installer from the downloads page and install via the normal upgrade mode. If you're not running this latest patched version, now would be a very good time to upgrade.";s:14:"date_timestamp";i:1201029669;}i:6;a:10:{s:5:"title";s:49:"Re: IMPORTANT: Two new vulnerabilities in 0.9.6.1";s:4:"link";s:85:"http://feedproxy.google.com/~r/modxsecurity/~3/s5vL8K4hjJ0/topic,21290.msg131504.html";s:11:"description";s:320:"FYI, trunk has been patched with solutions to both of these security fixes and I will be in the process of notifying all of the reporting services so they publish this information; see the original post for updated information.";s:8:"category";s:16:"Security Notices";s:8:"comments";s:61:"http://modxcms.com/forums/index.php?action=post;topic=21290.0";s:7:"pubdate";s:29:"Wed, 02 Jan 2008 19:52:42 GMT";s:4:"guid";s:72:"http://modxcms.com/forums/index.php/topic,21290.msg131504.html#msg131504";s:10:"feedburner";a:1:{s:8:"origlink";s:72:"http://modxcms.com/forums/index.php/topic,21290.msg131504.html#msg131504";}s:7:"summary";s:320:"FYI, trunk has been patched with solutions to both of these security fixes and I will be in the process of notifying all of the reporting services so they publish this information; see the original post for updated information.";s:14:"date_timestamp";i:1199303562;}i:7;a:10:{s:5:"title";s:45:"IMPORTANT: Two new vulnerabilities in 0.9.6.1";s:4:"link";s:85:"http://feedproxy.google.com/~r/modxsecurity/~3/Ellvj72uaec/topic,21290.msg131476.html";s:11:"description";s:1573:"Please take notice that two security vulnerabilities have been reported and confirmed in 3rd-party scripts that are included in the MODx 0.9.6.1 distributions.  Please see http://www.securityfocus.com/archive/1/485707/30/0/threaded for details.

You need to take immediate action to protect your site( s ). 

For 0.9.6.1
Go to http://svn.modxcms.com/trac/tattoo/changeset/3281 and you can choose from three options for applying the changes to your existing installations: download the zip archive from the link at the bottom (http://svn.modxcms.com/trac/tattoo/changeset/3281?format=zip&new=3281) and overwrite your existing files, get the unified diff (http://svn.modxcms.com/trac/tattoo/changeset/3281?format=diff&new=3281) and apply as a patch, or apply the diffs detailed on the page manually.

For 0.9.6
Same as above, though I recommend upgrading to 0.9.6.1 first to make sure you have the latest bug fixes.

Alternative for 0.9.6 or before...
Grab the latest trunk from [url=http://svn.modxcms.co...";s:8:"category";s:16:"Security Notices";s:8:"comments";s:61:"http://modxcms.com/forums/index.php?action=post;topic=21290.0";s:7:"pubdate";s:29:"Wed, 02 Jan 2008 17:22:45 GMT";s:4:"guid";s:72:"http://modxcms.com/forums/index.php/topic,21290.msg131476.html#msg131476";s:10:"feedburner";a:1:{s:8:"origlink";s:72:"http://modxcms.com/forums/index.php/topic,21290.msg131476.html#msg131476";}s:7:"summary";s:1573:"Please take notice that two security vulnerabilities have been reported and confirmed in 3rd-party scripts that are included in the MODx 0.9.6.1 distributions.  Please see http://www.securityfocus.com/archive/1/485707/30/0/threaded for details.

You need to take immediate action to protect your site( s ). 

For 0.9.6.1
Go to http://svn.modxcms.com/trac/tattoo/changeset/3281 and you can choose from three options for applying the changes to your existing installations: download the zip archive from the link at the bottom (http://svn.modxcms.com/trac/tattoo/changeset/3281?format=zip&new=3281) and overwrite your existing files, get the unified diff (http://svn.modxcms.com/trac/tattoo/changeset/3281?format=diff&new=3281) and apply as a patch, or apply the diffs detailed on the page manually.

For 0.9.6
Same as above, though I recommend upgrading to 0.9.6.1 first to make sure you have the latest bug fixes.

Alternative for 0.9.6 or before...
Grab the latest trunk from [url=http://svn.modxcms.co...";s:14:"date_timestamp";i:1199294565;}i:8;a:10:{s:5:"title";s:83:"CVE-2007-5371 not a vulnerability, or how I learned to stop worrying & love FUD";s:4:"link";s:85:"http://feedproxy.google.com/~r/modxsecurity/~3/tsc75ZI4neI/topic,18984.msg118541.html";s:11:"description";s:1441:"FYI:

A number of MODx users have contacted me in regards to the posting of a MODx vulnerability from bugtraq, that is now showing up in two prominent vulnerability databases as CVE-2007-5371 and BID 25983:

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5371
http://www.securityfocus.com/bid/25983

We were never contacted by the poster, and after extensive analysis on our side, this vulnerability has been found to be 100% inaccurate; in fact, I believe it to be deliberate FUD.  No attack vectors have been posted; securityfocus.com actually describes the exploit as "Attackers can use a browser to exploit these issues", with no additional information.  The original post describing the supposed exploit is just as informative:

http://www.securityfocus.com/archive/1/481870/30/0/threaded

I have posted replies to that thread (all of which have been moderated out) and contacted both securityfocus.com and mitre.org contesting the publishing of this wholly inaccurate report.  All attempts (by me) to contact these groups,...";s:8:"category";s:16:"Security Notices";s:8:"comments";s:61:"http://modxcms.com/forums/index.php?action=post;topic=18984.0";s:7:"pubdate";s:29:"Sun, 14 Oct 2007 17:25:42 GMT";s:4:"guid";s:72:"http://modxcms.com/forums/index.php/topic,18984.msg118541.html#msg118541";s:10:"feedburner";a:1:{s:8:"origlink";s:72:"http://modxcms.com/forums/index.php/topic,18984.msg118541.html#msg118541";}s:7:"summary";s:1441:"FYI:

A number of MODx users have contacted me in regards to the posting of a MODx vulnerability from bugtraq, that is now showing up in two prominent vulnerability databases as CVE-2007-5371 and BID 25983:

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5371
http://www.securityfocus.com/bid/25983

We were never contacted by the poster, and after extensive analysis on our side, this vulnerability has been found to be 100% inaccurate; in fact, I believe it to be deliberate FUD.  No attack vectors have been posted; securityfocus.com actually describes the exploit as "Attackers can use a browser to exploit these issues", with no additional information.  The original post describing the supposed exploit is just as informative:

http://www.securityfocus.com/archive/1/481870/30/0/threaded

I have posted replies to that thread (all of which have been moderated out) and contacted both securityfocus.com and mitre.org contesting the publishing of this wholly inaccurate report.  All attempts (by me) to contact these groups,...";s:14:"date_timestamp";i:1192382742;}i:9;a:10:{s:5:"title";s:33:"Re: Ditto 2.0.2 XSS Vulnerability";s:4:"link";s:85:"http://feedproxy.google.com/~r/modxsecurity/~3/Ysii1k0f1NI/topic,17518.msg110323.html";s:11:"description";s:157:"Thanks for the heads up and RAPID fix!

Off to update.";s:8:"category";s:16:"Security Notices";s:8:"comments";s:61:"http://modxcms.com/forums/index.php?action=post;topic=17518.0";s:7:"pubdate";s:29:"Mon, 20 Aug 2007 21:05:44 GMT";s:4:"guid";s:72:"http://modxcms.com/forums/index.php/topic,17518.msg110323.html#msg110323";s:10:"feedburner";a:1:{s:8:"origlink";s:72:"http://modxcms.com/forums/index.php/topic,17518.msg110323.html#msg110323";}s:7:"summary";s:157:"Thanks for the heads up and RAPID fix!

Off to update.";s:14:"date_timestamp";i:1187643944;}}s:7:"channel";a:5:{s:5:"title";s:40:"MODx Community Forums - Security Notices";s:4:"link";s:35:"http://modxcms.com/forums/index.php";s:11:"description";s:43:"Live information from MODx Community Forums";s:10:"feedburner";a:2:{s:14:"emailserviceid";s:12:"modxsecurity";s:18:"feedburnerhostname";s:28:"http://feedburner.google.com";}s:7:"tagline";s:43:"Live information from MODx Community Forums";}s:9:"textinput";a:0:{}s:5:"image";a:0:{}s:9:"feed_type";s:3:"RSS";s:12:"feed_version";s:3:"2.0";s:8:"encoding";s:10:"ISO-8859-1";s:16:"_source_encoding";s:0:"";s:5:"ERROR";s:0:"";s:7:"WARNING";s:0:"";s:19:"_CONTENT_CONSTRUCTS";a:6:{i:0;s:7:"content";i:1;s:7:"summary";i:2;s:4:"info";i:3;s:5:"title";i:4;s:7:"tagline";i:5;s:9:"copyright";}s:16:"_KNOWN_ENCODINGS";a:3:{i:0;s:5:"UTF-8";i:1;s:8:"US-ASCII";i:2;s:10:"ISO-8859-1";}s:5:"stack";a:0:{}s:9:"inchannel";b:0;s:6:"initem";b:0;s:9:"incontent";b:0;s:11:"intextinput";b:0;s:7:"inimage";b:0;s:17:"current_namespace";b:0;s:13:"last_modified";s:31:"Sun, 24 May 2009 13:47:53 GMT ";s:4:"etag";s:29:"rKcXqfAEK1oL+SVQCqoaYXy86jk ";}