Lucene search
K
ModxMost viewed

22 matches found

modx
modx
added 2010/10/05 11:1 a.m.559 views

phpThumb Command-Injection Vulnerability

It has recently come to our attention that phpThumb all versions contains an unpatched vulnerability. The application is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input to the ’fltr’ parameter in the ’phpThumb.php’ script. Attackers can explo...

0.9AI score
Exploits0
modx
modx
added 2018/07/12 2:34 a.m.523 views

Revolution 2.6.4 and Prior Two Cricital Vulnerabilities; Upgrade Mandatory/Patch

Product: MODX Revolution Severity: Critical Versions: =2.6.4 Vulnerability types: Remote Execution / File/Directory Deletion Report date: 2018-Jul-11 Fixed date: 2018-Jul-12 Description On July 11 we received notice that there are two critical vulnerabilities that include remote script execution...

1.6AI score
Exploits0Affected Software1
modx
modx
added 2010/12/09 8:17 a.m.523 views

Critical Security Upgrade Notice for FormIt, Quip and Login

We received a report of a potential vulnerability in FormIt, Quip and Login that could be used to expose system settings including database information. This has been been corrected and new versions have been posted. Upgrading of FormIt, Login and Quip to the latest versions via Package Manager...

3.1AI score
Exploits0
modx
modx
added 2012/02/20 4:44 a.m.502 views

MODX Evolution 1.0.5 (and prior) Remote Script Execution Vulnerability

Product: MODX Evolution Risk: Very High Severity: Critical Versions: 1.0.5 and all previous releases Vunerability type: Remote Script Execution Report Date: 2012-Feb-16 Fixed Date: 2012-Feb-20 Description A vigilant community member sent us a security notice to let us know that he found a securit...

0.5AI score
Exploits0Affected Software1
modx
modx
added 2011/01/06 9:43 a.m.501 views

Critical PHP Bug Security Notice and Patch

Earlier this week, a PHP Security Notice was made due to a critical bug in PHP that could cause PHP to fail should a value of 2.2250738585072011e-308 be set to a PHP value. More information can be found here: http://bugs.php.net/bug.php?id=53632...

6.9AI score
Exploits0
modx
modx
added 2016/12/07 6:56 a.m.500 views

Evolution 1.1 and Prior Remote Execution

Product: MODX Evolution Risk: Very High Severity: Critical Versions: =1.1 Vulnerability Type: Remote Code Execution Report Date: 2016-November-08 Fixed Date: 2016-November-12 Description The following components distributed with all versions of MODX Evolution and 0.9.x contain a vulnerability, th...

7.7AI score
Exploits0Affected Software1
modx
modx
added 2014/03/07 4:30 a.m.497 views

MODX Revolution 2.X SQL Injection

Product: MODX Revolution Severity: Extremely Critical Versions: 2.0.0–2.2.12 Vulnerability type: SQL Injection Report date: 2014-Mar-5 Fixed date: 2014-Mar-6 Description A vulnerability was discovered in MODX Revolution that allows users to inject and manipulate the database. Attackers could...

0.3AI score
Exploits0Affected Software1
modx
modx
added 2013/06/04 9:55 a.m.497 views

Security Bypass and Remote Execution

Product: MODX Revolution Severity: Extremely Critical Versions: 2.1.0–2.2.7 Vulnerability type: Security Bypass Report date: 2013-Jun-4 Fixed date: 2013-Jun-4 Description Two vulnerabilities were discovered in MODX that allow users to bypass security. Attackers could exploit this to remotely...

4AI score
Exploits0Affected Software1
modx
modx
added 2014/04/21 10:18 a.m.493 views

MODX Revolution 2.2.13 (and prior) Blind SQL Injection

Product: MODX Revolution Severity: Critical Versions: 2.0.0–2.2.13 Vulnerability type: SQL Injection Report date: 2014-Mar-10 Fixed date: 2014-Apr-04 Description Multiple vulnerabilities were discovered in MODX Revolution that allow users to inject and manipulate the database. This includes an...

1.9AI score
Exploits0Affected Software1
modx
modx
added 2010/09/30 1:47 a.m.493 views

MODx Revolution 2.0.3 Addresses Pair of Vulnerabilities

The MODx Revolution 2.0.3 release addresses a pair of reported security vulnerabilities with MODx Revolution 2.0.2-pl and possibly earlier releases: Input passed via the "modhash" parameter to manager/index.php is not properly sanitized before being returned to the user and input passed via the...

0.9AI score
Exploits0
modx
modx
added 2012/09/11 11:10 a.m.491 views

MODX Website Compromise Update: Revolution Still Safe

MODX Revolution is Still Safe After exhaustive investigation, at this point we have determined the recent modx.com security breach used custom code authored specifically for our website. It was not a result of code contained in any core releases of MODX Revolution. While we have taken additional...

1.6AI score
Exploits0
modx
modx
added 2012/09/03 11:12 a.m.491 views

MODX Website Compromise

On Wednesday August 29, a hacker exploited a Local File Inclusion LFI vector in an older release of MODX Revolution we had running on one of our servers. This issue had already been fixed as part of the MODX Revolution 2.2.4 release. We locked down the site while we investigated the compromise...

6.9AI score
Exploits0
modx
modx
added 2014/07/16 10:2 a.m.490 views

Critical Login XSS+CSRF Revolution 2.2.1.4 and Prior

Product: MODX Revolution Severity: Critical Versions: 2.0.0–2.2.14 Vulnerability type: CSRF & XSS Report date: 2014-Jul-10 Fixed date: 2014-Jul-15 Description A significant vulnerability was discovered in the Manager login of MODX Revolution that also affects the use of the Login Extra. A malicio...

0.8AI score
Exploits0Affected Software1
modx
modx
added 2016/11/14 9:15 a.m.488 views

Evo Security Patch 1.0.12 and above

Everyone who is using MODX Evo version 1.0.12 = 1.2 RC1 should see this patch as mandatory You can read the release post here and you can download the patch here All users of Evo that have the "Extras" module installed can download the patch directly via the module, as seen here. For those who...

3.1AI score
Exploits0
modx
modx
added 2014/06/10 9:22 a.m.487 views

Important Update to AjaxSearch Exploit in Evo 1.0.13 (and prior)

Last week we announced an exploit found in AjaxSearch that could allow a Remote Code Execution in MODX Evolution. We originally suggested the removal of the index-ajax.php file was a sufficient method to protect your site from vulnerability. It has come to our attention that this was not correct...

1.7AI score
Exploits0
modx
modx
added 2014/06/09 11:36 a.m.487 views

MODX Evolution 1.0.13 (and prior) AjaxSearch Vulnerability

Product: MODX Evolution Risk: Very High Severity: Critical Versions: =1.0.13 Vulnerabilty Type: Remote Code Execution Report Date: 2014-May-29 Fixed Date: 2014-June-5 Description The AjaxSearch component distributed with all versions of MODX Evolution and 0.9.x contains a vulnerability that allow...

2.4AI score
Exploits0Affected Software1
modx
modx
added 2012/11/26 3:33 a.m.480 views

MODX Evolution 1.0.6 (and prior) Unauthorized Manager Access

Product: MODX Evolution Risk: Very High Severity: Critical Versions: 1.0.6 and all previous releases Vulnerabilty Type: Permissions, Privileges, and Access Control; Input Validation; SQL Injection Report Date: 2012-Nov-26 Fixed Date: 2012-Nov-26 Description The Forgot Manager Login plugin...

1.1AI score
Exploits0Affected Software1
modx
modx
added 2011/01/28 2:13 a.m.476 views

MODx Evo 1.0.4 (and prior) SQL Injection and Directory Traversal Vulnerabities

Status: Solved Product: MODx Evolution Severity: High Versions: 1.0.4 and prior Advisory Date: 2011-01-26 Fixed Date: 2011-01-19 Impact: a A remote attacker may access or view arbitrary files on the server. b A remote attacker may execute arbitrary PHP code as a result of SQL injection. Descripti...

2.7AI score
Exploits0Affected Software1
modx
modx
added 2016/12/07 9:0 a.m.475 views

Revolution 2.5.1 and Prior Multiple Vulnerabilites

Product: MODX Revolution Severity: Moderate Versions: =2.5.1 Vulnerability type: Directory Traversal / SQL Injection Report date: 2016-Nov-4 Fixed date: 2016-Nov-14 Description We received notice that there are several vulnerabilities that include a SQL injection and directory traversal. These...

0.3AI score
Exploits0Affected Software1
modx
modx
added 2013/01/08 4:28 a.m.472 views

MODX Evolution 1.0.7 (and prior) ForgotManager plugin Vulnerability

Product: MODX Evolution Risk: Very High Severity: Critical Versions: 1.0.7 Vulnerabilty Type: Permissions, Privileges, and Access Control; Input Validation; SQL Injection Report Date: 2013-Jan-4 Fixed Date: 2013-Jan-8 Description The Forgot Manager Login plugin distributed with all versions of MO...

1.5AI score
Exploits0Affected Software1
modx
modx
added 2020/02/14 7:53 p.m.119 views

About the Security Notices category

This is a sub-categrory of Announcements for Security Notices. Older security notices can be found in the archived MODX Forums here: https://forums.modx.com/board/8/security-notices 1 post - 1 participant Read full topic...

0.2AI score
Exploits0
modx
modx
added 2019/04/24 3:36 p.m.30 views

MODX setup/ Directory Site Exploit

There is currently an active exploit of sites with an intact MODX Revolution setup/ directory. This can give anyone on the internet complete access to your site and possibly your server with trivial effort. This directory should never be left in place once a site is installed. You can check if yo...

0.2AI score
Exploits0