Radeditor provider function could confirm the existence of a file Published: Feb 1, 2012 Version: 1.0 Maximum Severity Rating: Low Background DotNetNuke 6.0 introduced the DotNetNuke.RadEditorProvider in 6.0. It contains a function which allows users to test for the existence of files - this function is primarily used to detect by clientside scripts to detect the existance of images e.g. for image thumbnails Issue Summary The function uses direct filesystem methods to check for these files existence and not the DotNetNuke API so it can allow for the existence of a file with an unmapped extension to be made e.g. a .resources or .config file. Code has been added to ensure that only image types can be used. Mitigating factors This issue only allows for the existence of a file to be confirmed and does not allow the file to be read or altered.  Affected DotNetNuke versions 6.0.0 - 6.1.2 Non-Affected Versions: Versions prior to 6.0.0 Fix(s) for issue To fix this problem, you are recommended to update to the latest version of DotNetNuke (6.1.3 at time of writing) Acknowledgments Brandon Haynes

Published: Feb 1, 2012 Version: 1.0 Maximum Severity Rating: Critical Background DotNetNuke contains code that allows users to edit their profile and site administrators/hosts the ability to administer user settings including creating new users and editing existing users. Issue Summary As a common page is used for both functions, the code checks for the users permissions and redirects approriately. However a weakness in the code means that a potential hacker can stop the redirect and gain access to the functions available to portal admins and host users. They can then use these to create new users, delete users, and edit existing users and roles for those users. Mitigating factors N/A Affected DotNetNuke versions All Non-Affected Versions: N/A Fix(s) for issue To fix this problem, you are recommended to update to the latest version of DotNetNuke (5.6.7/6.1.3 at time of writing) Acknowledgments Mark Litchfield from NGSSecure

Published: Feb 1, 2012 Version: 1.0 Maximum Severity Rating: Low Background DotNetNuke 6.0 introduced a system on modal dialogs Issue Summary It's possible for a potential hacker to craft a particular URL which would cause the javascript for the modal popup to be polluted with a cross-site scriping attack. Mitigating factors The user would have to click on a URL that contained the javascript injection and then immeadiately after would need to click a modal popup link. DotNetNuke contains protection against cross-site scripting attacks accessing the users authentication cookie.   Affected DotNetNuke versions 6.0.0-6.0.2  Non-Affected Versions: versions prior to 6.0.0 6.1.0 and higher Fix(s) for issue To fix this problem, you are recommended to update to the 6.1.0 or higher - ideally upgrade to the latest version of DotNetNuke (/6.1.3 at time of writing) Acknowledgments Richard Lundeen of Microsoft and Microsoft Vulnerability Research (MSVR 

This new release contains the following items: Major Highlights Fixed issue during CE to PE upgrade that caused the Google Analytics module to not be shown in the control panel or the Admin page Fixed issue in the HTML Template Manager Fixed unhandled exception when creating new extensions of type Dashboard Control Fixed issue where hidden pages were not being shown in Admin > User Accounts > User Settings > User Account Settings > Redirect After Fixed issue with non-standard folders in the RadEditor Fixed issue where Calendar Popups were not rendering in IE9 Fixed installation flow when the user did not have the right file and folder permissions to finish the installation Fixed issue that was stopping users from logging in because of corrupt data in the Profile table Fixed issue in the class ContentController when trying to retrieve the metadata of content items Removed deprecated file TimeZoneEditor.ascx.resx Fixed issue that caused invalid values to be entered in the UserProfile table Fixed issue with folders not being shown when they were created from the HTML Module Fixed error logged when marking an item as ready for translation Fixed upgrade issue in the files table when upgrading from 5.x.x to 6.x.x. Fixed issue when creating module from the Newsletter module Fixed UI issue in the Tabs Module where the legend didn't wrap Updated assemblies to Telerik Q3 2011 Ajax Included missing key in the GlobalResources.resx file ("//Admin//Lists.text") Fixed issue where language key were missing in the RadEditor Implemented work around for a bug in the browser definition files that were causing ASP.NET to not be able to detect certain browsers Fixed issue with localization files not being handled correctly by the Telerik DNN Grid Fixed issue with large files that were causing a YSOD Fixed issue where the modal dialogs were inheriting from the site styles Fixed issue in the Cache Provider when using a PE template in a CE site Fixed casting issues to support Oracle data provider Security Fixes Fixed issue where non-approved users can gain access to user and role functions Fixed issue where the RadEditor provider can be used to confirm the existance of files Updated Modules/Providers Modules Pages Module Newsletter Module File Manager HTML Module Providers RadEditor Provider

New Functionality Includes: You can now mirror articles from other portals, this will allow you to copy an article from another portal and optionally have it auto-update. You can turn it on in admin options -> main options -> content sharing (when logged in as host) Added new tokens to image templates 1 - item position in list of images - where XXX is the item position, e.g. 2 [ISNOTITEMINDEX:XXX][/ISNOTITEMINDEX:XXX] - where XXX is the item position, e.g. 2 Removed the DZone and Delicious links from the standard template Added a new option to automatically expand meta information on the create article form. Turn this on in admin options -> main options -> SEO settings -> expand meta information. You can now the hide website field in the post comment form for anonymous users. To hide it, turn it off in admin options -> main options -> comment settings -> hide website Fixed Bugs Include: Updated [CATEGORYNOTSELECTED][/CATEGORYNOTSELECTED] in listing.header.html to also show on the current articles page.

This is a minor bugfix release. Most importantly there was an issue with manual activation on DNN 6. This release contains the following changes: Enhancement: Double check correct file transfer to storage New Feature: Add a script to analyze the state of the file storage rather than take immediate action Fix: Notifications not attaching document to email Fix: Notifications sent to all users Fix: WebDAV editing of entry in absolute root not possible