========================================================================
OpenX security advisory OPENX-SA-2009-001
------------------------------------------------------------------------
Advisory ID: OPENX-SA-2009-001
Date: 2009-Jan-30
Security risk: Moderately critical
Applications affetced: OpenX
Versions affected: <= 2.4.9, <= 2.6.3
Versions not affected: >= 2.4.10, >= 2.6.4
========================================================================
__________________________________________________________________
OpenX multiple vulnerabilities
__________________________________________________________________
An advisory by EnableSecurity in collaboration with Acunetix.
Advisory URL:
http://resources.enablesecurity.com/advisories/openx-2.6.4-multiple.txt
========================================================================
OpenX security advisory OPENX-SA-2008-002
------------------------------------------------------------------------
Advisory ID: OPENX-SA-2008-002
Date: 2008-Oct-06
Security risk: Moderately critical
Applications affetced: OpenX
Versions affected: <= 2.4.8, <= 2.6.1
Versions not affected: >= 2.4.9, >= 2.6.2
========================================================================
========================================================================
OpenX security advisory OPENX-SA-2009-002
------------------------------------------------------------------------
Advisory ID: OPENX-SA-2009-002
Date: 2009-Apr-01
Security risk: Critical
Applications affetced: OpenX
Versions affected: <= 2.4.10, <= 2.6.4, <= 2.7.29-beta
Versions not affected: >= 2.4.11, >= 2.6.5, >= 2.8.0
========================================================================
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
OpenX adserver version 2.8.1 and lower is vulnerable to remote code
execution. To be exploited, this vulnerability requires banner / file
upload permissions, such as granted to the 'advertiser' and
'administrator' roles.
This vulnerability is caused by the (insecure) file upload mechanism of
======================================================================
Secunia Research 27/01/2009
- OpenX Multiple Vulnerabilities -
======================================================================
Table of Contents
Affected Software....................................................1
Hello Bugtraq!
I want to warn you about vulnerability in phpAdsNew, OpenAds and OpenX.
Earlier I already wrote to the list about XSS and HTML Injection
vulnerabilities in tagcloud.swf in multiple plugins for many engines such as
WordPress, Joomla and DLE. About this issue I wrote in details in my article
XSS vulnerabilities in 34 millions flash files
(http://www.webappsec.org/lists/websecurity/archive/2010-01/msg00035.html).
And before this article, I made another research and wrote another article
OpenX has fixed all of the vulnerabilities, and will release new versions of v2.4 and v2.6, after the QA cycle, in the next 24-48 hours.
Scott Switzer
OpenX Community Leader
I have found a local file inclusion exploit in OpenX 2.6.3, this is in the script "fc.php", located in /www/delivery/
Here is a snip of the code:
[snip]
include_once '../../init-delivery.php';
$MAX_PLUGINS_AD_PLUGIN_NAME = 'MAX_type';
if(!isset($_GET[$MAX_PLUGINS_AD_PLUGIN_NAME])) {
echo $MAX_PLUGINS_AD_PLUGIN_NAME . ' is not specified';
exit(1);
}
