MODX

Please take notice that two security vulnerabilities have been reported and confirmed in 3rd-party scripts that are included in the MODx 0.9.6.1 distributions.  Please see http://www.securityfocus.com/archive/1/485707/30/0/threaded for details.You ... [More] need to take immediate action to protect your site( s ).  For 0.9.6.1Go to http://svn.modxcms.com/trac/tattoo/changeset/3281 and you can choose from three options for applying the changes to your existing installations: download the zip archi... [Less]

Please take notice that two security vulnerabilities have been reported and confirmed in 3rd-party scripts that are included in the MODx 0.9.6.1 distributions.  Please see http://www.securityfocus.com/archive/1/485707/30/0/threaded for details.You ... [More] need to take immediate action to protect your site( s ).  For 0.9.6.1Go to http://svn.modxcms.com/trac/tattoo/changeset/3281 and you can choose from three options for applying the changes to your existing installations: download the zip archi... [Less]

Please take notice that two security vulnerabilities have been reported and confirmed in 3rd-party scripts that are included in the MODx 0.9.6.1 distributions.  Please see http://www.securityfocus.com/archive/1/485707/30/0/threaded for details.You ... [More] need to take immediate action to protect your site( s ).  For 0.9.6.1Go to http://svn.modxcms.com/trac/tattoo/changeset/3281 and you can choose from three options for applying the changes to your existing installations: download the zip archi... [Less]

FYI, trunk has been patched with solutions to both of these security fixes and I will be in the process of notifying all of the reporting services so they publish this information; see the original post for updated information.

Please take notice that two security vulnerabilities have been reported and confirmed in 3rd-party scripts that are included in the MODx 0.9.6.1 distributions.  Please see http://www.securityfocus.com/archive/1/485707/30/0/threaded for details.You ... [More] need to take immediate action to protect your site( s ).  For 0.9.6.1Go to http://svn.modxcms.com/trac/tattoo/changeset/3281 and you can choose from three options for applying the changes to your existing installations: download the zip archive from the link at the bottom (http://svn.modxcms.com/trac/tattoo/changeset/3281?format=zip&new=3281) and overwrite your existing files, get the unified diff (http://svn.modxcms.com/trac/tattoo/changeset/3281?format=diff&new=3281) and apply as a patch, or apply the diffs detailed on the page manually.For 0.9.6Same as above, though I recommend upgrading to 0.9.6.1 first to make sure you have the latest bug fixes.Alternative for 0.9.6 or before...Grab the latest trunk from [url=http://svn.modxcms.co... [Less]

MODx, the Most Promising Open Source Content Management System in this year's (2007) Awards.

FYI:A number of MODx users have contacted me in regards to the posting of a MODx vulnerability from bugtraq, that is now showing up in two prominent vulnerability databases as CVE-2007-5371 and BID ... [More] 25983:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5371http://www.securityfocus.com/bid/25983We were never contacted by the poster, and after extensive analysis on our side, this vulnerability has been found to be 100% inaccurate; in fact, I believe it to be deliberate FUD.  No attack vectors have been posted; securityfocus.com actually describes the exploit as "Attackers can use a browser to exploit these issues", with no additional information.  The original post describing the supposed exploit is just as informative:http://www.securityfocus.com/archive/1/481870/30/0/threadedI have posted replies to that thread (all of which have been moderated out) and contacted both securityfocus.com and mitre.org contesting the publishing of this wholly inaccurate report.  All attempts (by me) to contact these groups,... [Less]

FYI:A number of MODx users have contacted me in regards to the posting of a MODx vulnerability from bugtraq, that is now showing up in two prominent vulnerability databases as CVE-2007-5371 and BID ... [More] 25983:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5371http://www.securityfocus.com/bid/25983We were never contacted by the poster, and after extensive analysis on our side, this vulnerability has been found to be 100% inaccurate; in fact, I believe it to be deliberate FUD.  No attack vectors hav... [Less]

FYI:A number of MODx users have contacted me in regards to the posting of a MODx vulnerability from bugtraq, that is now showing up in two prominent vulnerability databases as CVE-2007-5371 and BID ... [More] 25983:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5371http://www.securityfocus.com/bid/25983We were never contacted by the poster, and after extensive analysis on our side, this vulnerability has been found to be 100% inaccurate; in fact, I believe it to be deliberate FUD.  No attack vectors hav... [Less]

FYI:A number of MODx users have contacted me in regards to the posting of a MODx vulnerability from bugtraq, that is now showing up in two prominent vulnerability databases as CVE-2007-5371 and BID ... [More] 25983:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5371http://www.securityfocus.com/bid/25983We were never contacted by the poster, and after extensive analysis on our side, this vulnerability has been found to be 100% inaccurate; in fact, I believe it to be deliberate FUD.  No attack vectors hav... [Less]