Startseite Erkunden Hilfe
Registrieren Anmelden
benjamin.harris
/
crop-monitor
1
0
Fork 0
Dateien Issues 0 Pull-Requests 0 Wiki
Branch: master
Branches Tags
crop-monitor
/
core
/
cache
/
rss
/
7466e740367bb5cff05d86d7093d2b46

7466e740367bb5cff05d86d7093d2b46 17 KB
Permalink Verlauf Originalformat

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147 
  1. O:9:"MagpieRSS":22:{s:6:"parser";i:0;s:12:"current_item";a:0:{}s:5:"items";a:4:{i:0;a:8:{s:5:"title";s:80:"Revolution 2.6.4 and Prior Two Cricital Vulnerabilities; Upgrade Mandatory/Patch";s:4:"link";s:133:"https://forums.modx.com/thread/104040/revolution-2-6-4-and-prior-two-cricital-vulnerabilities-upgrade-mandatory-patch#dis-post-559515";s:11:"description";s:2441:"<strong>Product:</strong> MODX Revolution<br />
    2. 

  2. <strong>Severity:</strong> Critical<br />
    3. 

  3. <strong>Versions:</strong> &lt;=2.6.4<br />
    4. 

  4. <strong>Vulnerability type(s):</strong> Remote Execution / File/Directory Deletion<br />
    5. 

  5. <strong>Report date:</strong> 2018-Jul-11<br />
    6. 

  6. <strong>Fixed date:</strong> 2018-Jul-12<br />
    7. 

  7. <br />
    8. 

  8. <strong>Description</strong> <br />
    9. 

  9. On July 11 we received notice that <strong>there are two critical vulnerabilities</strong> that include remote script execution and file/directory removal. These issues are critical in nature. It is possible for attackers to compromise the website or deface or delete files or directories.  <br />
    10. 

  10. <br />
    11. 

  11. <strong>Affected Releases</strong><br />
    12. 

  12. All MODX Revolution releases prior to and including 2.6.4<br />
    13. 

  13. <br />
    14. 

  14. <strong>Solutions</strong><br />
    15. 

  15. <ol class="dis-ol"><li>Upgrade to <a href="https://modx.com/download" target="_blank" rel="nofollow">MODX Revolution 2.6.5</a> or above. </li>
    16. 

  16. <li>If you&#039;re on 2.6.4 you can replace the changed files included in the commits:  <a href="https://github.com/modxcms/revolution/commit/606dc0f1635de4b699d1151616af75e5c08d4cdd" target="_blank" rel="nofollow">here (can be manually updated on versions back to 2.3.0)</a> and <a href="https://github.com/modxcms/revolution/commit/3fc50383c81b51e7718c9f29f9cef23dfadfa7fb" target="_blank" rel="nofollow">here (can be updated on versions back to 2.5.2)</a>. Please note, replacing files in other versions of MODX Revolution could  lead to unintended consequences. It is always preferred to upgrade.</li>
    17. 

  17. </ol>
    18. 

  18. <br />
    19. 

  19. <strong>Support</strong><br />
    20. 

  20. If you do not know how to upgrade your site there are several support options available. You can contact the developer or builder of your site, ask for help in the <a href="https://forums.modx.com/" target="_blank" rel="nofollow">MODX Forums</a>, find a <a href="https://modx.com/professionals" target="_blank" rel="nofollow">MODX Professional</a> or get help from the <a href="https://modx.com/services/#engage" target="_blank" rel="nofollow">MODX Services team</a>.<br />
    21. 

  21. <br />
    22. 

  22. <strong>Acknowledgement</strong><br />
    23. 

  23. We would like to thank Ivan Klimchuk (Alroniks) and agel_nash for bringing these issues to our attention and verifying their resolution. <br />
    24. 

  24. <br />
    25. 

  25. <strong>Additional Information</strong><br />
    26. 

  26. For additional information, please email <a href="mailto:help@modx.com" target="_blank" rel="nofollow">MODX Support</a>.";s:8:"comments";s:133:"https://forums.modx.com/thread/104040/revolution-2-6-4-and-prior-two-cricital-vulnerabilities-upgrade-mandatory-patch#dis-post-559515";s:7:"pubdate";s:31:"Thu, 12 Jul 2018 02:40:19 +0000";s:4:"guid";s:133:"https://forums.modx.com/thread/104040/revolution-2-6-4-and-prior-two-cricital-vulnerabilities-upgrade-mandatory-patch#dis-post-559515";s:7:"summary";s:2441:"<strong>Product:</strong> MODX Revolution<br />
    27. 

  27. <strong>Severity:</strong> Critical<br />
    28. 

  28. <strong>Versions:</strong> &lt;=2.6.4<br />
    29. 

  29. <strong>Vulnerability type(s):</strong> Remote Execution / File/Directory Deletion<br />
    30. 

  30. <strong>Report date:</strong> 2018-Jul-11<br />
    31. 

  31. <strong>Fixed date:</strong> 2018-Jul-12<br />
    32. 

  32. <br />
    33. 

  33. <strong>Description</strong> <br />
    34. 

  34. On July 11 we received notice that <strong>there are two critical vulnerabilities</strong> that include remote script execution and file/directory removal. These issues are critical in nature. It is possible for attackers to compromise the website or deface or delete files or directories.  <br />
    35. 

  35. <br />
    36. 

  36. <strong>Affected Releases</strong><br />
    37. 

  37. All MODX Revolution releases prior to and including 2.6.4<br />
    38. 

  38. <br />
    39. 

  39. <strong>Solutions</strong><br />
    40. 

  40. <ol class="dis-ol"><li>Upgrade to <a href="https://modx.com/download" target="_blank" rel="nofollow">MODX Revolution 2.6.5</a> or above. </li>
    41. 

  41. <li>If you&#039;re on 2.6.4 you can replace the changed files included in the commits:  <a href="https://github.com/modxcms/revolution/commit/606dc0f1635de4b699d1151616af75e5c08d4cdd" target="_blank" rel="nofollow">here (can be manually updated on versions back to 2.3.0)</a> and <a href="https://github.com/modxcms/revolution/commit/3fc50383c81b51e7718c9f29f9cef23dfadfa7fb" target="_blank" rel="nofollow">here (can be updated on versions back to 2.5.2)</a>. Please note, replacing files in other versions of MODX Revolution could  lead to unintended consequences. It is always preferred to upgrade.</li>
    42. 

  42. </ol>
    43. 

  43. <br />
    44. 

  44. <strong>Support</strong><br />
    45. 

  45. If you do not know how to upgrade your site there are several support options available. You can contact the developer or builder of your site, ask for help in the <a href="https://forums.modx.com/" target="_blank" rel="nofollow">MODX Forums</a>, find a <a href="https://modx.com/professionals" target="_blank" rel="nofollow">MODX Professional</a> or get help from the <a href="https://modx.com/services/#engage" target="_blank" rel="nofollow">MODX Services team</a>.<br />
    46. 

  46. <br />
    47. 

  47. <strong>Acknowledgement</strong><br />
    48. 

  48. We would like to thank Ivan Klimchuk (Alroniks) and agel_nash for bringing these issues to our attention and verifying their resolution. <br />
    49. 

  49. <br />
    50. 

  50. <strong>Additional Information</strong><br />
    51. 

  51. For additional information, please email <a href="mailto:help@modx.com" target="_blank" rel="nofollow">MODX Support</a>.";s:14:"date_timestamp";i:1531363219;}i:1;a:8:{s:5:"title";s:50:"Revolution 2.5.1 and Prior Multiple Vulnerabilites";s:4:"link";s:104:"https://forums.modx.com/thread/101393/revolution-2-5-1-and-prior-multiple-vulnerabilites#dis-post-547024";s:11:"description";s:2434:"<strong>Product:</strong> MODX Revolution<br />
    52. 

  52. <strong>Severity:</strong> Moderate<br />
    53. 

  53. <strong>Versions:</strong> &lt;=2.5.1<br />
    54. 

  54. <strong>Vulnerability type:</strong> Directory Traversal / SQL Injection<br />
    55. 

  55. <strong>Report date:</strong> 2016-Nov-4<br />
    56. 

  56. <strong>Fixed date:</strong> 2016-Nov-14<br />
    57. 

  57. <br />
    58. 

  58. <strong>Description</strong> <br />
    59. 

  59. We received notice that there are several vulnerabilities that include a SQL injection and directory traversal. These issues on their own are not critical in nature, however, it could be possible for determined attackers to combine vectors to compromise a site. <br />
    60. 

  60. <br />
    61. 

  61. <strong>Affected Releases</strong><br />
    62. 

  62. All MODX Revolution releases prior to and including 2.5.1<br />
    63. 

  63. <br />
    64. 

  64. <strong>Solutions</strong><br />
    65. 

  65. <ol class="dis-ol"><li>Upgrade to <a href="https://modx.com/download" target="_blank" rel="nofollow">MODX Revolution 2.5.2</a> or above. </li>
    66. 

  66. <li><a href="https://www.sterc.nl/en/modx/modx-2.5.2-security-patch" target="_blank" rel="nofollow">Patch available for versions 2.3.3-2.5.2</a> thanks to Sterc. Versions below 2.3.3 must upgrade.</li>
    67. 

  67. </ol>
    68. 

  68. <br />
    69. 

  69. <strong>Support</strong><br />
    70. 

  70. If you do not know how to upgrade your site there are several support options available. You can contact the developer or builder of your site, ask for help in the <a href="https://forums.modx.com/" target="_blank" rel="nofollow">MODX Forums</a>, find a <a href="https://modx.com/professionals" target="_blank" rel="nofollow">MODX Professional</a> or get help from the <a href="https://modx.com/services/#engage" target="_blank" rel="nofollow">MODX Services team</a>.<br />
    71. 

  71. <br />
    72. 

  72. <strong>Acknowledgement</strong><br />
    73. 

  73. We would like to thank &#91;url=modxclub.ru&#93;Nikolay Lanets<a href=" and Chen Ruiqi from for bringing these issues to our attention and verifying their resolution. <br />
    74. 

  74. <br />
    75. 

  75. Additional Information<br />
    76. 

  76. For additional information, please use the &#91;url=<a href="http://modx.com/company/contact/" target="_blank" rel="nofollow">http://modx.com/company/contact/</a>&#93;MODX Contact Form" target="_blank" rel="nofollow"> and Chen Ruiqi from for bringing these issues to our attention and verifying their resolution. <br />
    77. 

  77. <br />
    78. 

  78. Additional Information<br />
    79. 

  79. For additional information, please use the &#91;url=<a href="http://modx.com/company/contact/" target="_blank" rel="nofollow">http://modx.com/company/contact/</a>&#93;MODX Contact Form</a>";s:8:"comments";s:104:"https://forums.modx.com/thread/101393/revolution-2-5-1-and-prior-multiple-vulnerabilites#dis-post-547024";s:7:"pubdate";s:31:"Wed, 07 Dec 2016 08:53:04 +0000";s:4:"guid";s:104:"https://forums.modx.com/thread/101393/revolution-2-5-1-and-prior-multiple-vulnerabilites#dis-post-547024";s:7:"summary";s:2434:"<strong>Product:</strong> MODX Revolution<br />
    80. 

  80. <strong>Severity:</strong> Moderate<br />
    81. 

  81. <strong>Versions:</strong> &lt;=2.5.1<br />
    82. 

  82. <strong>Vulnerability type:</strong> Directory Traversal / SQL Injection<br />
    83. 

  83. <strong>Report date:</strong> 2016-Nov-4<br />
    84. 

  84. <strong>Fixed date:</strong> 2016-Nov-14<br />
    85. 

  85. <br />
    86. 

  86. <strong>Description</strong> <br />
    87. 

  87. We received notice that there are several vulnerabilities that include a SQL injection and directory traversal. These issues on their own are not critical in nature, however, it could be possible for determined attackers to combine vectors to compromise a site. <br />
    88. 

  88. <br />
    89. 

  89. <strong>Affected Releases</strong><br />
    90. 

  90. All MODX Revolution releases prior to and including 2.5.1<br />
    91. 

  91. <br />
    92. 

  92. <strong>Solutions</strong><br />
    93. 

  93. <ol class="dis-ol"><li>Upgrade to <a href="https://modx.com/download" target="_blank" rel="nofollow">MODX Revolution 2.5.2</a> or above. </li>
    94. 

  94. <li><a href="https://www.sterc.nl/en/modx/modx-2.5.2-security-patch" target="_blank" rel="nofollow">Patch available for versions 2.3.3-2.5.2</a> thanks to Sterc. Versions below 2.3.3 must upgrade.</li>
    95. 

  95. </ol>
    96. 

  96. <br />
    97. 

  97. <strong>Support</strong><br />
    98. 

  98. If you do not know how to upgrade your site there are several support options available. You can contact the developer or builder of your site, ask for help in the <a href="https://forums.modx.com/" target="_blank" rel="nofollow">MODX Forums</a>, find a <a href="https://modx.com/professionals" target="_blank" rel="nofollow">MODX Professional</a> or get help from the <a href="https://modx.com/services/#engage" target="_blank" rel="nofollow">MODX Services team</a>.<br />
    99. 

  99. <br />
    100. 

  100. <strong>Acknowledgement</strong><br />
    101. 

  101. We would like to thank &#91;url=modxclub.ru&#93;Nikolay Lanets<a href=" and Chen Ruiqi from for bringing these issues to our attention and verifying their resolution. <br />
    102. 

  102. <br />
    103. 

  103. Additional Information<br />
    104. 

  104. For additional information, please use the &#91;url=<a href="http://modx.com/company/contact/" target="_blank" rel="nofollow">http://modx.com/company/contact/</a>&#93;MODX Contact Form" target="_blank" rel="nofollow"> and Chen Ruiqi from for bringing these issues to our attention and verifying their resolution. <br />
    105. 

  105. <br />
    106. 

  106. Additional Information<br />
    107. 

  107. For additional information, please use the &#91;url=<a href="http://modx.com/company/contact/" target="_blank" rel="nofollow">http://modx.com/company/contact/</a>&#93;MODX Contact Form</a>";s:14:"date_timestamp";i:1481100784;}i:2;a:8:{s:5:"title";s:52:"Critical Login XSS+CSRF Revolution 2.2.1.4 and Prior";s:4:"link";s:105:"https://forums.modx.com/thread/92129/critical-login-xss-csrf-revolution-2-2-1-4-and-prior#dis-post-503208";s:11:"description";s:1633:"<strong>Product:</strong> MODX Revolution<br />
    108. 

  108. <strong>Severity:</strong> Critical<br />
    109. 

  109. <strong>Versions:</strong> 2.0.0–2.2.14<br />
    110. 

  110. <strong>Vulnerability type:</strong> CSRF &amp; XSS<br />
    111. 

  111. <strong>Report date:</strong> 2014-Jul-10<br />
    112. 

  112. <strong>Fixed date:</strong> 2014-Jul-15<br />
    113. 

  113. <br />
    114. 

  114. <strong>Description</strong> <br />
    115. 

  115. A significant vulnerability was discovered in the Manager login of MODX Revolution that also affects the use of the Login Extra. A malicious user could formulate a link that automatically logs the user into their own account, then redirects the user to a site the attacker controls immediately, exposing the user&#039;s CSRF token. This can be exploited with or without getting the user to enter their credentials in the form.<br />
    116. 

  116. <br />
    117. 

  117. <strong>Affected Releases</strong><br />
    118. 

  118. All MODX Revolution releases prior to and including 2.2.14.<br />
    119. 

  119. <br />
    120. 

  120. <strong>Solution</strong><br />
    121. 

  121. Upgrade to <a href="http://modx.com/download/release/revolution-2.2.15-pl" target="_blank" rel="nofollow">MODX Revolution 2.2.15</a>. Due to the nature of this issue and the number of files requiring changes the solution is to upgrade. No installable patch or fileset is available for prior versions.<br />
    122. 

  122. <br />
    123. 

  123. <strong>Acknowledgement</strong><br />
    124. 

  124. We would like to thank Narendra Bhati, of <a href="http://www.sumasoft.com" target="_blank" rel="nofollow">Suma Soft</a> for bringing this issue to our attention.<br />
    125. 

  125. <br />
    126. 

  126. <strong>Additional Information</strong><br />
    127. 

  127. For additional information, please use the <a href="http://modx.com/company/contact/" target="_blank" rel="nofollow">MODX Contact Form</a>";s:8:"comments";s:105:"https://forums.modx.com/thread/92129/critical-login-xss-csrf-revolution-2-2-1-4-and-prior#dis-post-503208";s:7:"pubdate";s:31:"Tue, 15 Jul 2014 01:29:03 +0000";s:4:"guid";s:105:"https://forums.modx.com/thread/92129/critical-login-xss-csrf-revolution-2-2-1-4-and-prior#dis-post-503208";s:7:"summary";s:1633:"<strong>Product:</strong> MODX Revolution<br />
    128. 

  128. <strong>Severity:</strong> Critical<br />
    129. 

  129. <strong>Versions:</strong> 2.0.0–2.2.14<br />
    130. 

  130. <strong>Vulnerability type:</strong> CSRF &amp; XSS<br />
    131. 

  131. <strong>Report date:</strong> 2014-Jul-10<br />
    132. 

  132. <strong>Fixed date:</strong> 2014-Jul-15<br />
    133. 

  133. <br />
    134. 

  134. <strong>Description</strong> <br />
    135. 

  135. A significant vulnerability was discovered in the Manager login of MODX Revolution that also affects the use of the Login Extra. A malicious user could formulate a link that automatically logs the user into their own account, then redirects the user to a site the attacker controls immediately, exposing the user&#039;s CSRF token. This can be exploited with or without getting the user to enter their credentials in the form.<br />
    136. 

  136. <br />
    137. 

  137. <strong>Affected Releases</strong><br />
    138. 

  138. All MODX Revolution releases prior to and including 2.2.14.<br />
    139. 

  139. <br />
    140. 

  140. <strong>Solution</strong><br />
    141. 

  141. Upgrade to <a href="http://modx.com/download/release/revolution-2.2.15-pl" target="_blank" rel="nofollow">MODX Revolution 2.2.15</a>. Due to the nature of this issue and the number of files requiring changes the solution is to upgrade. No installable patch or fileset is available for prior versions.<br />
    142. 

  142. <br />
    143. 

  143. <strong>Acknowledgement</strong><br />
    144. 

  144. We would like to thank Narendra Bhati, of <a href="http://www.sumasoft.com" target="_blank" rel="nofollow">Suma Soft</a> for bringing this issue to our attention.<br />
    145. 

  145. <br />
    146. 

  146. <strong>Additional Information</strong><br />
    147. 

  147. For additional information, please use the <a href="http://modx.com/company/contact/" target="_blank" rel="nofollow">MODX Contact Form</a>";s:14:"date_timestamp";i:1405387743;}i:3;a:8:{s:5:"title";s:33:"Revolution Security Announcements";s:4:"link";s:86:"https://forums.modx.com/thread/91864/revolution-security-announcements#dis-post-501935";s:11:"description";s:369:"This is the MODX Revolution Security board. This is the central location where announcements related to security issues and resolutions are posted. You can subscribe by <a href="http://forums.modx.com/board.xml?board=294" target="_blank" rel="nofollow">RSS</a> or to our <a href="http://eepurl.com/WIa5v" target="_blank" rel="nofollow">MODX Security Bulletin email</a>.";s:8:"comments";s:86:"https://forums.modx.com/thread/91864/revolution-security-announcements#dis-post-501935";s:7:"pubdate";s:31:"Tue, 01 Jul 2014 07:09:27 +0000";s:4:"guid";s:86:"https://forums.modx.com/thread/91864/revolution-security-announcements#dis-post-501935";s:7:"summary";s:369:"This is the MODX Revolution Security board. This is the central location where announcements related to security issues and resolutions are posted. You can subscribe by <a href="http://forums.modx.com/board.xml?board=294" target="_blank" rel="nofollow">RSS</a> or to our <a href="http://eepurl.com/WIa5v" target="_blank" rel="nofollow">MODX Security Bulletin email</a>.";s:14:"date_timestamp";i:1404198567;}}s:7:"channel";a:4:{s:5:"title";s:43:"Revolution Security - MODX Community Forums";s:4:"link";s:40:"https://forums.modx.com/board/?board=294";s:11:"description";s:34:"RSS Feed for MODX Community Forums";s:7:"tagline";s:34:"RSS Feed for MODX Community Forums";}s:9:"textinput";a:0:{}s:5:"image";a:0:{}s:9:"feed_type";s:3:"RSS";s:12:"feed_version";s:3:"2.0";s:8:"encoding";s:5:"UTF-8";s:16:"_source_encoding";s:0:"";s:5:"ERROR";s:0:"";s:7:"WARNING";s:0:"";s:19:"_CONTENT_CONSTRUCTS";a:6:{i:0;s:7:"content";i:1;s:7:"summary";i:2;s:4:"info";i:3;s:5:"title";i:4;s:7:"tagline";i:5;s:9:"copyright";}s:16:"_KNOWN_ENCODINGS";a:3:{i:0;s:5:"UTF-8";i:1;s:8:"US-ASCII";i:2;s:10:"ISO-8859-1";}s:5:"stack";a:0:{}s:9:"inchannel";b:0;s:6:"initem";b:0;s:9:"incontent";b:0;s:11:"intextinput";b:0;s:7:"inimage";b:0;s:17:"current_namespace";b:0;s:15:"source_encoding";s:5:"UTF-8";}
    148.