O:9:"MagpieRSS":23:{s:6:"parser";i:0;s:12:"current_item";a:0:{}s:5:"items";a:10:{i:0;a:10:{s:5:"title";s:42:"MODx Evolution SQL Injection Vulnerability";s:4:"link";s:85:"http://feedproxy.google.com/~r/modxsecurity/~3/kh7ZNkoAE2o/topic,50207.msg292386.html";s:11:"description";s:1134:"<b>Product:</b> MODx Evolution<br /><b>Risk:</b> Moderate<br /><b>Versions:</b> 1.0.3 and all previous releases<br /><b>Vunerability type:</b> SQL Injection<br /><b>Report Date:</b> 2010-May-28<br /><b>Fixed Date:</b> 2010-May-28<br /><br /><b>Description</b><br />Issue reported as <a href="http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_modx_cms_and_application_framework.html" target="_blank">HTB22412</a>. Attacker could potentially compromise MODx Evolution via an unsanitized variable on the /manager/index.php. <br />&nbsp; &nbsp; <br />No actual destructive exploit has yet been created or proven. The proof of concept offered on the htbridge.ch site, and variants, can only cause a SQL error to be displayed.<br /><br /><b>Affected Releases</b><br />All MODx 0.9.x/Evolution releases prior to and including MODx Evolution 1.0.3 are affected.<br /><br /><b>Solution</b><br />Upgrade to MODx Evolution 1.0.4 or later: <a href="http://modxcms.com/download.html#ga" target="_blank">http://modxcms.com/download.html#ga</a><img src="http://feeds.feedburner.com/~r/modxsecurity/~4/kh7ZNkoAE2o" height="1" width="1"/>";s:8:"category";s:16:"Security Notices";s:8:"comments";s:61:"http://modxcms.com/forums/index.php?action=post;topic=50207.0";s:7:"pubdate";s:29:"Mon, 07 Jun 2010 21:59:22 GMT";s:4:"guid";s:72:"http://modxcms.com/forums/index.php/topic,50207.msg292386.html#msg292386";s:10:"feedburner";a:1:{s:8:"origlink";s:72:"http://modxcms.com/forums/index.php/topic,50207.msg292386.html#msg292386";}s:7:"summary";s:1134:"<b>Product:</b> MODx Evolution<br /><b>Risk:</b> Moderate<br /><b>Versions:</b> 1.0.3 and all previous releases<br /><b>Vunerability type:</b> SQL Injection<br /><b>Report Date:</b> 2010-May-28<br /><b>Fixed Date:</b> 2010-May-28<br /><br /><b>Description</b><br />Issue reported as <a href="http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_modx_cms_and_application_framework.html" target="_blank">HTB22412</a>. Attacker could potentially compromise MODx Evolution via an unsanitized variable on the /manager/index.php. <br />&nbsp; &nbsp; <br />No actual destructive exploit has yet been created or proven. The proof of concept offered on the htbridge.ch site, and variants, can only cause a SQL error to be displayed.<br /><br /><b>Affected Releases</b><br />All MODx 0.9.x/Evolution releases prior to and including MODx Evolution 1.0.3 are affected.<br /><br /><b>Solution</b><br />Upgrade to MODx Evolution 1.0.4 or later: <a href="http://modxcms.com/download.html#ga" target="_blank">http://modxcms.com/download.html#ga</a><img src="http://feeds.feedburner.com/~r/modxsecurity/~4/kh7ZNkoAE2o" height="1" width="1"/>";s:14:"date_timestamp";i:1275947962;}i:1;a:10:{s:5:"title";s:68:"Security updates in MODx Evolution 1.0.3. You really should upgrade.";s:4:"link";s:85:"http://feedproxy.google.com/~r/modxsecurity/~3/14VEoE7aOC0/topic,47759.msg280304.html";s:11:"description";s:1074:"The MODx Evolution 1.0.3 release addresses a number of reported security vulnerabilities with previous MODx Evolution 1.0.2 and earlier releases:<br /><br /><ul style="margin-top: 0; margin-bottom: 0;"><li> XSS possibilities with the SearchHighlight plugin (used by AjaxSearch) as reported in JVN#19774883 and JVN#46669729</li><li> Unwanted information disclosure about the site structure in the TinyMCE plugin</li><li> SQL Injection via WebLogin</li></ul><br /><b>We strongly recommend that anyone running previous versions of MODx Evolution (including 0.9.x releases) consider Evolution 1.0.3 a mandatory upgrade.</b><br /><br />Ddownload MODx Evolution 1.0.3: <a href="http://modxcms.com/download/" target="_blank">http://modxcms.com/download/</a><br /><br />Details of other improvements introduced in the 1.0.3 release can be found here: <a href="http://modxcms.com/forums/index.php/topic,47756.0.html" target="_blank">http://modxcms.com/forums/index.php/topic,47756.0.html</a><img src="http://feeds.feedburner.com/~r/modxsecurity/~4/14VEoE7aOC0" height="1" width="1"/>";s:8:"category";s:16:"Security Notices";s:8:"comments";s:61:"http://modxcms.com/forums/index.php?action=post;topic=47759.0";s:7:"pubdate";s:29:"Fri, 02 Apr 2010 03:11:06 GMT";s:4:"guid";s:72:"http://modxcms.com/forums/index.php/topic,47759.msg280304.html#msg280304";s:10:"feedburner";a:1:{s:8:"origlink";s:72:"http://modxcms.com/forums/index.php/topic,47759.msg280304.html#msg280304";}s:7:"summary";s:1074:"The MODx Evolution 1.0.3 release addresses a number of reported security vulnerabilities with previous MODx Evolution 1.0.2 and earlier releases:<br /><br /><ul style="margin-top: 0; margin-bottom: 0;"><li> XSS possibilities with the SearchHighlight plugin (used by AjaxSearch) as reported in JVN#19774883 and JVN#46669729</li><li> Unwanted information disclosure about the site structure in the TinyMCE plugin</li><li> SQL Injection via WebLogin</li></ul><br /><b>We strongly recommend that anyone running previous versions of MODx Evolution (including 0.9.x releases) consider Evolution 1.0.3 a mandatory upgrade.</b><br /><br />Ddownload MODx Evolution 1.0.3: <a href="http://modxcms.com/download/" target="_blank">http://modxcms.com/download/</a><br /><br />Details of other improvements introduced in the 1.0.3 release can be found here: <a href="http://modxcms.com/forums/index.php/topic,47756.0.html" target="_blank">http://modxcms.com/forums/index.php/topic,47756.0.html</a><img src="http://feeds.feedburner.com/~r/modxsecurity/~4/14VEoE7aOC0" height="1" width="1"/>";s:14:"date_timestamp";i:1270177866;}i:2;a:10:{s:5:"title";s:54:"Security Fix for MODx Revolution 2.0-beta2 (and beta1)";s:4:"link";s:85:"http://feedproxy.google.com/~r/modxsecurity/~3/8Pex1B-_xoM/topic,37961.msg229068.html";s:11:"description";s:1228:"There has been a reported security vulnerability for MODx Revolution 2.0 beta1 and beta2. <br /><br />We have committed a temporary fix until we hit the root of the issue, which is a problem with the modAccessibleObject and Context Policy loading.<br /><br />SVN users, to fix this vulnerability, please update to r5505.<br /><br />Non-SVN users, please make the changes as illustrated here:<br /><a href="http://svn.modxcms.com/crucible/changelog/modx/?cs=5501" target="_blank">http://svn.modxcms.com/crucible/changelog/modx/?cs=5501</a> <br /><br />and here:<br /><a href="http://svn.modxcms.com/crucible/changelog/modx/?cs=5505" target="_blank">http://svn.modxcms.com/crucible/changelog/modx/?cs=5505</a><br /><br />Again, MODx recommends that you not use any beta products on shared or public servers without acknowledging the risk of potential undiscovered vulnerabilities. If you do choose to use such products, MODx recommends using a restricted username and/or password that is limited only to the MODx install. This also applies to file and user permissions. <br /><br />We apologize for any inconvience this might have caused.<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/8Pex1B-_xoM" height="1" width="1"/>";s:8:"category";s:16:"Security Notices";s:8:"comments";s:61:"http://modxcms.com/forums/index.php?action=post;topic=37961.0";s:7:"pubdate";s:29:"Thu, 23 Jul 2009 19:28:34 GMT";s:4:"guid";s:72:"http://modxcms.com/forums/index.php/topic,37961.msg229068.html#msg229068";s:10:"feedburner";a:1:{s:8:"origlink";s:72:"http://modxcms.com/forums/index.php/topic,37961.msg229068.html#msg229068";}s:7:"summary";s:1228:"There has been a reported security vulnerability for MODx Revolution 2.0 beta1 and beta2. <br /><br />We have committed a temporary fix until we hit the root of the issue, which is a problem with the modAccessibleObject and Context Policy loading.<br /><br />SVN users, to fix this vulnerability, please update to r5505.<br /><br />Non-SVN users, please make the changes as illustrated here:<br /><a href="http://svn.modxcms.com/crucible/changelog/modx/?cs=5501" target="_blank">http://svn.modxcms.com/crucible/changelog/modx/?cs=5501</a> <br /><br />and here:<br /><a href="http://svn.modxcms.com/crucible/changelog/modx/?cs=5505" target="_blank">http://svn.modxcms.com/crucible/changelog/modx/?cs=5505</a><br /><br />Again, MODx recommends that you not use any beta products on shared or public servers without acknowledging the risk of potential undiscovered vulnerabilities. If you do choose to use such products, MODx recommends using a restricted username and/or password that is limited only to the MODx install. This also applies to file and user permissions. <br /><br />We apologize for any inconvience this might have caused.<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/8Pex1B-_xoM" height="1" width="1"/>";s:14:"date_timestamp";i:1248377314;}i:3;a:10:{s:5:"title";s:23:"Re: Reflect RFI Exploit";s:4:"link";s:85:"http://feedproxy.google.com/~r/modxsecurity/~3/ecu5M0nJUZM/topic,30875.msg187190.html";s:11:"description";s:330:"The permanent solution is in fact to simply rename the reference snippet with a .txt extension or to remove them completely. They were included as a reference, and they have been removed from the current download distribution on the site.<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/ecu5M0nJUZM" height="1" width="1"/>";s:8:"category";s:16:"Security Notices";s:8:"comments";s:61:"http://modxcms.com/forums/index.php?action=post;topic=30875.0";s:7:"pubdate";s:29:"Mon, 24 Nov 2008 22:46:49 GMT";s:4:"guid";s:72:"http://modxcms.com/forums/index.php/topic,30875.msg187190.html#msg187190";s:10:"feedburner";a:1:{s:8:"origlink";s:72:"http://modxcms.com/forums/index.php/topic,30875.msg187190.html#msg187190";}s:7:"summary";s:330:"The permanent solution is in fact to simply rename the reference snippet with a .txt extension or to remove them completely. They were included as a reference, and they have been removed from the current download distribution on the site.<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/ecu5M0nJUZM" height="1" width="1"/>";s:14:"date_timestamp";i:1227566809;}i:4;a:10:{s:5:"title";s:19:"Reflect RFI Exploit";s:4:"link";s:85:"http://feedproxy.google.com/~r/modxsecurity/~3/C3KWxKMhGVg/topic,30875.msg187178.html";s:11:"description";s:789:"It has come to our attention that it&#39;s possible to compromise some sites with specific server configurations via the reference copy of the Reflect snippet installed by default at /assets/snippets/reflect/snippet.reflect.php<br /><br />A temporary solution is to simply rename this file with a .txt extension in your website. We are working on confirming a permanent solution and will update this post as soon as possible with more details.<br /><br />For more information see the <a href="http://secunia.com/Advisories/32824/" target="_blank">Secunia advisory</a> and the <a href="http://modxcms.com/forums/index.php/topic,30850" target="_blank">discussion on our forums</a>.<br /><br /><br /><img src="http://feeds.feedburner.com/~r/modxsecurity/~4/C3KWxKMhGVg" height="1" width="1"/>";s:8:"category";s:16:"Security Notices";s:8:"comments";s:61:"http://modxcms.com/forums/index.php?action=post;topic=30875.0";s:7:"pubdate";s:29:"Mon, 24 Nov 2008 22:16:42 GMT";s:4:"guid";s:72:"http://modxcms.com/forums/index.php/topic,30875.msg187178.html#msg187178";s:10:"feedburner";a:1:{s:8:"origlink";s:72:"http://modxcms.com/forums/index.php/topic,30875.msg187178.html#msg187178";}s:7:"summary";s:789:"It has come to our attention that it&#39;s possible to compromise some sites with specific server configurations via the reference copy of the Reflect snippet installed by default at /assets/snippets/reflect/snippet.reflect.php<br /><br />A temporary solution is to simply rename this file with a .txt extension in your website. We are working on confirming a permanent solution and will update this post as soon as possible with more details.<br /><br />For more information see the <a href="http://secunia.com/Advisories/32824/" target="_blank">Secunia advisory</a> and the <a href="http://modxcms.com/forums/index.php/topic,30850" target="_blank">discussion on our forums</a>.<br /><br /><br /><img src="http://feeds.feedburner.com/~r/modxsecurity/~4/C3KWxKMhGVg" height="1" width="1"/>";s:14:"date_timestamp";i:1227565002;}i:5;a:10:{s:5:"title";s:62:"0.9.6.2 HTTP_REFERER Checks and Potential CSRF Vulnerabilities";s:4:"link";s:85:"http://feedproxy.google.com/~r/modxsecurity/~3/iOIaDK3E1yA/topic,28881.msg175408.html";s:11:"description";s:1194:"Some potential CSRF (Cross Site Request Forgery) vulnerabilities that require a valid manager session were identified in MODx 0.9.6.1-p2 and earlier versions and as a result, a new security feature to help protect your content managers from these types of attacks has been introduced with the <a href="http://modxcms.com/forums/index.php/topic,28875.0.html" target="_blank">release of 0.9.6.2</a>.<br /><br /><b>CSRF Potential</b><br />Details of the kinds of attacks these vulnerabilities make possible are available in the associated bug report: <a href="http://svn.modxcms.com/jira/browse/MODX-206" target="_blank">#MODX-206</a>.<br /><br /><b>HTTP_REFERER Solution</b><br />To prevent a majority of these kinds of attacks, there is now a new option that can be <i>manually enabled</i> in the manager configuration entitled <i><b>Validate HTTP_REFERER headers?</b> (under Tools --&gt; Configuration :: Site tab, at the very bottom)</i>.&nbsp; This new option activates a check to ensure requests are originating from the same domain as the site, and prevents access to critical manager actions by...<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/iOIaDK3E1yA" height="1" width="1"/>";s:8:"category";s:16:"Security Notices";s:8:"comments";s:61:"http://modxcms.com/forums/index.php?action=post;topic=28881.0";s:7:"pubdate";s:29:"Tue, 16 Sep 2008 17:45:11 GMT";s:4:"guid";s:72:"http://modxcms.com/forums/index.php/topic,28881.msg175408.html#msg175408";s:10:"feedburner";a:1:{s:8:"origlink";s:72:"http://modxcms.com/forums/index.php/topic,28881.msg175408.html#msg175408";}s:7:"summary";s:1194:"Some potential CSRF (Cross Site Request Forgery) vulnerabilities that require a valid manager session were identified in MODx 0.9.6.1-p2 and earlier versions and as a result, a new security feature to help protect your content managers from these types of attacks has been introduced with the <a href="http://modxcms.com/forums/index.php/topic,28875.0.html" target="_blank">release of 0.9.6.2</a>.<br /><br /><b>CSRF Potential</b><br />Details of the kinds of attacks these vulnerabilities make possible are available in the associated bug report: <a href="http://svn.modxcms.com/jira/browse/MODX-206" target="_blank">#MODX-206</a>.<br /><br /><b>HTTP_REFERER Solution</b><br />To prevent a majority of these kinds of attacks, there is now a new option that can be <i>manually enabled</i> in the manager configuration entitled <i><b>Validate HTTP_REFERER headers?</b> (under Tools --&gt; Configuration :: Site tab, at the very bottom)</i>.&nbsp; This new option activates a check to ensure requests are originating from the same domain as the site, and prevents access to critical manager actions by...<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/iOIaDK3E1yA" height="1" width="1"/>";s:14:"date_timestamp";i:1221587111;}i:6;a:10:{s:5:"title";s:84:"Re: Acknowledgment: [DSECRG-08-013] Modx 0.9.6.1, 0.9.6.1p1 Multiple Security Vulner";s:4:"link";s:85:"http://feedproxy.google.com/~r/modxsecurity/~3/C572rcuV-sg/topic,22621.msg140214.html";s:11:"description";s:1215:"Based on further analysis there is one legitimate bug contained in the distribution that while we&#39;ve not been able to find security vectors using the flaw, it is not inconceivable that a determined hacker could not do so. This lies with the search highlight plugin. To fix this, patch two lines starting near line 52 to as follows:<br /><div class="codeheader">Code:</div><div class="code">&nbsp; $searched = strip_tags(urldecode($_REQUEST[&#39;searched&#39;])); <br />&nbsp; $highlight = strip_tags(urldecode($_REQUEST[&#39;highlight&#39;])); </div><br />Alternately, you can simply disable the search highlight plugin entirely by logging into the manager and going to Resources &gt; Manage Resources &gt; Plugin tab. From there, click the Search Highlight plugin name in the list of names, then check the first checkbox near the top that says &quot;Plugin Disabled&quot; (or your relevant local language string).<br /><br />The currently available build on the download page contains this patch. If you&#39;re running an existing site, the best option is to patch or disable the Search Highlight plugin per the above.<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/C572rcuV-sg" height="1" width="1"/>";s:8:"category";s:16:"Security Notices";s:8:"comments";s:61:"http://modxcms.com/forums/index.php?action=post;topic=22621.0";s:7:"pubdate";s:29:"Wed, 13 Feb 2008 14:49:25 GMT";s:4:"guid";s:72:"http://modxcms.com/forums/index.php/topic,22621.msg140214.html#msg140214";s:10:"feedburner";a:1:{s:8:"origlink";s:72:"http://modxcms.com/forums/index.php/topic,22621.msg140214.html#msg140214";}s:7:"summary";s:1215:"Based on further analysis there is one legitimate bug contained in the distribution that while we&#39;ve not been able to find security vectors using the flaw, it is not inconceivable that a determined hacker could not do so. This lies with the search highlight plugin. To fix this, patch two lines starting near line 52 to as follows:<br /><div class="codeheader">Code:</div><div class="code">&nbsp; $searched = strip_tags(urldecode($_REQUEST[&#39;searched&#39;])); <br />&nbsp; $highlight = strip_tags(urldecode($_REQUEST[&#39;highlight&#39;])); </div><br />Alternately, you can simply disable the search highlight plugin entirely by logging into the manager and going to Resources &gt; Manage Resources &gt; Plugin tab. From there, click the Search Highlight plugin name in the list of names, then check the first checkbox near the top that says &quot;Plugin Disabled&quot; (or your relevant local language string).<br /><br />The currently available build on the download page contains this patch. If you&#39;re running an existing site, the best option is to patch or disable the Search Highlight plugin per the above.<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/C572rcuV-sg" height="1" width="1"/>";s:14:"date_timestamp";i:1202914165;}i:7;a:10:{s:5:"title";s:80:"Acknowledgment: [DSECRG-08-013] Modx 0.9.6.1, 0.9.6.1p1 Multiple Security Vulner";s:4:"link";s:85:"http://feedproxy.google.com/~r/modxsecurity/~3/pkUgCmBwhaQ/topic,22621.msg139250.html";s:11:"description";s:1197:"The MODx team believes the following security notice is sophistical  plausible but misleading (some would refer to it as &quot;FUD&quot;). We are continuing further investigations.<br /><br /><a href="http://seclists.org/bugtraq/2008/Feb/0068.html" target="_blank">[DSECRG-08-013] Modx 0.9.6.1, 0.9.6.1p1 Multiple Security Vulnerabilities </a><br /><br />To reproduce the security compromises listed above, a malicious hacker would first have to hijack a valid manager session, then convince someone to visit a link to the site with that session and their XSS content inserted. This could be of concern however in the instance when you have a large Manager User base of untrusted individuals. In either case, there are larger security implications.<br /><br />For more information and discussion, <a href="http://modxcms.com/forums/index.php/topic,22596" target="_blank">please visit this thread in these forums</a>. We do not have every server or browser combination under which we can test the above listed compromises, so we would tremendously appreciate assistance/confirmation . If you are able t...<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/pkUgCmBwhaQ" height="1" width="1"/>";s:8:"category";s:16:"Security Notices";s:8:"comments";s:61:"http://modxcms.com/forums/index.php?action=post;topic=22621.0";s:7:"pubdate";s:29:"Fri, 08 Feb 2008 16:27:53 GMT";s:4:"guid";s:72:"http://modxcms.com/forums/index.php/topic,22621.msg139250.html#msg139250";s:10:"feedburner";a:1:{s:8:"origlink";s:72:"http://modxcms.com/forums/index.php/topic,22621.msg139250.html#msg139250";}s:7:"summary";s:1197:"The MODx team believes the following security notice is sophistical  plausible but misleading (some would refer to it as &quot;FUD&quot;). We are continuing further investigations.<br /><br /><a href="http://seclists.org/bugtraq/2008/Feb/0068.html" target="_blank">[DSECRG-08-013] Modx 0.9.6.1, 0.9.6.1p1 Multiple Security Vulnerabilities </a><br /><br />To reproduce the security compromises listed above, a malicious hacker would first have to hijack a valid manager session, then convince someone to visit a link to the site with that session and their XSS content inserted. This could be of concern however in the instance when you have a large Manager User base of untrusted individuals. In either case, there are larger security implications.<br /><br />For more information and discussion, <a href="http://modxcms.com/forums/index.php/topic,22596" target="_blank">please visit this thread in these forums</a>. We do not have every server or browser combination under which we can test the above listed compromises, so we would tremendously appreciate assistance/confirmation . If you are able t...<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/pkUgCmBwhaQ" height="1" width="1"/>";s:14:"date_timestamp";i:1202488073;}i:8;a:10:{s:5:"title";s:49:"Re: IMPORTANT: Two new vulnerabilities in 0.9.6.1";s:4:"link";s:85:"http://feedproxy.google.com/~r/modxsecurity/~3/rzBq6NxOm24/topic,21290.msg135206.html";s:11:"description";s:723:"<b>admin note:</b> clarified for those with feed readers who don&#39;t see the entire thread in context<br /><br />The current download available at the MODx download site was replaced by a version containing the patches for 0961 in this thread. 0962 will also contain these patches as Jason mentioned. If you&#39;ve not applied the security patch already (shame on you!), you can either grab it via the instructions listed above or just download the complete installer from the downloads page and install via the normal upgrade mode. If you&#39;re not running this latest patched version, now would be a very good time to upgrade.<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/rzBq6NxOm24" height="1" width="1"/>";s:8:"category";s:16:"Security Notices";s:8:"comments";s:61:"http://modxcms.com/forums/index.php?action=post;topic=21290.0";s:7:"pubdate";s:29:"Tue, 22 Jan 2008 19:21:09 GMT";s:4:"guid";s:72:"http://modxcms.com/forums/index.php/topic,21290.msg135206.html#msg135206";s:10:"feedburner";a:1:{s:8:"origlink";s:72:"http://modxcms.com/forums/index.php/topic,21290.msg135206.html#msg135206";}s:7:"summary";s:723:"<b>admin note:</b> clarified for those with feed readers who don&#39;t see the entire thread in context<br /><br />The current download available at the MODx download site was replaced by a version containing the patches for 0961 in this thread. 0962 will also contain these patches as Jason mentioned. If you&#39;ve not applied the security patch already (shame on you!), you can either grab it via the instructions listed above or just download the complete installer from the downloads page and install via the normal upgrade mode. If you&#39;re not running this latest patched version, now would be a very good time to upgrade.<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/rzBq6NxOm24" height="1" width="1"/>";s:14:"date_timestamp";i:1201029669;}i:9;a:10:{s:5:"title";s:49:"Re: IMPORTANT: Two new vulnerabilities in 0.9.6.1";s:4:"link";s:85:"http://feedproxy.google.com/~r/modxsecurity/~3/s5vL8K4hjJ0/topic,21290.msg131504.html";s:11:"description";s:319:"FYI, trunk has been patched with solutions to both of these security fixes and I will be in the process of notifying all of the reporting services so they publish this information; see the original post for updated information.<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/s5vL8K4hjJ0" height="1" width="1"/>";s:8:"category";s:16:"Security Notices";s:8:"comments";s:61:"http://modxcms.com/forums/index.php?action=post;topic=21290.0";s:7:"pubdate";s:29:"Wed, 02 Jan 2008 19:52:42 GMT";s:4:"guid";s:72:"http://modxcms.com/forums/index.php/topic,21290.msg131504.html#msg131504";s:10:"feedburner";a:1:{s:8:"origlink";s:72:"http://modxcms.com/forums/index.php/topic,21290.msg131504.html#msg131504";}s:7:"summary";s:319:"FYI, trunk has been patched with solutions to both of these security fixes and I will be in the process of notifying all of the reporting services so they publish this information; see the original post for updated information.<img src="http://feeds.feedburner.com/~r/modxsecurity/~4/s5vL8K4hjJ0" height="1" width="1"/>";s:14:"date_timestamp";i:1199303562;}}s:7:"channel";a:5:{s:5:"title";s:40:"MODx Community Forums - Security Notices";s:4:"link";s:35:"http://modxcms.com/forums/index.php";s:11:"description";s:43:"Live information from MODx Community Forums";s:10:"feedburner";a:2:{s:14:"emailserviceid";s:12:"modxsecurity";s:18:"feedburnerhostname";s:28:"http://feedburner.google.com";}s:7:"tagline";s:43:"Live information from MODx Community Forums";}s:9:"textinput";a:0:{}s:5:"image";a:0:{}s:9:"feed_type";s:3:"RSS";s:12:"feed_version";s:3:"2.0";s:8:"encoding";s:10:"ISO-8859-1";s:16:"_source_encoding";s:0:"";s:5:"ERROR";s:0:"";s:7:"WARNING";s:0:"";s:19:"_CONTENT_CONSTRUCTS";a:6:{i:0;s:7:"content";i:1;s:7:"summary";i:2;s:4:"info";i:3;s:5:"title";i:4;s:7:"tagline";i:5;s:9:"copyright";}s:16:"_KNOWN_ENCODINGS";a:3:{i:0;s:5:"UTF-8";i:1;s:8:"US-ASCII";i:2;s:10:"ISO-8859-1";}s:5:"stack";a:0:{}s:9:"inchannel";b:0;s:6:"initem";b:0;s:9:"incontent";b:0;s:11:"intextinput";b:0;s:7:"inimage";b:0;s:17:"current_namespace";b:0;s:4:"etag";s:29:"F9jgAiL630J64eU/O8CbaZv1ZFQ
";s:13:"last_modified";s:31:"Thu, 24 Jun 2010 00:51:56 GMT
";}