Zero Day Vulnerability in OpenX Source 2.8.11 and Revive Adserver 3.0.1

The current versions of the popular ad server software OpenX Source (2.8.11) and Revive Adserver (3.0.1) are vulnerable a sql injection attack which allows attackers to gain backend access. The vulnerability is actively being exploited. The OpenX team has been informed. For Revive, I submitted a pull request with a fix. Since Revive Adserver is […]

Zero-day Vulnerability in OpenX Source 2.8.11

The current version of the popular ad server software OpenX Source (2.8.11) is vulnerable to code injection attacks by a subset of registered users. The vulnerability is being actively exploited. The problem can be fixed by changing line 311 in lib/OX/Extension/deliveryLimitations/DeliveryLimitations.php as follows: $result = ‘MAX_check’ . ucfirst($this->group) . ‘_’ . $this->component . “(‘”.addslashes($data).”‘, ‘”.addslashes($this->comparison).”‘)”; […]

Checkpanel – Continuous Checklists

My new project, Checkpanel, went into public beta recently. Checkpanel is a checklist application which focuses on repeating checks. Unlike traditional checklists, Checkpanel keeps track of all reported checks (marking something as working or not working). You can see who when last checked a test case and what the errors were. You can also let […]

Critical vulnerability in OpenX 2.8.6 & Open Flash Chart 2

There is a critical security flaw in OpenX 2.8.6 (and 2.8.5 and probably several earlier versions) which allows attackers to gain control of the webserver account and thus the adserver. The security hole is being actively exploited in the wild (as I learned the hard way). It seems that this hole is only known to […]

bbPress compatibility plugin for TinyMCE

I’m currently using the WYSIWYG editor TinyMCE with bbPress for a project. Unfortunately, bbPress doesn’t like it when it gets <p> tags through TinyMCE and therefore messes up the post. I have written an (extremely) simple plugin for TinyMCE which transforms <p>s into double linebreaks before posting therefore preserving compatibility. <br />s are transformed into […]

Music Intersector Now With Up to Five Users

Some time ago, I created a little addon to Last.fm called Music Intersector. It shows which bands are common between the favorites of two users. As you might have noticed, Last.fm has integrated this functionality into its own system, so my old music intersector became a bit pointless. Not anymore. I just updated it and […]

Ars Electronica Festival 2008: Photos, Impressions and Links

Last year, I was at the *Ars Electronica Festival* in Linz, Austria. Unfortunately, I was too busy with [beyond vision](http://www.kreativrauschen.com/projects/beyond-vision/) to post my impressions immediately, but now I’m going to make up for it. In the months that have passed, my memory of the event has faded a bit, but I’ll do my best to […]

beyond vision

There is one project that I was working on, but never found the time to tell you about: beyond vision. It is the largest project that I have done so far and it required so much time that I didn’t have any time left to write about it. 🙂 But in December it was finally […]

My Dell UltraSharp 2709W (Review / Test)

Ok, “my” is not quite right in this case. Not too long ago I bought a new monitor, the Samsung SyncMaster 226bw, and i would not be that decadent to buy yet another new monitor so soon. 🙂 I am using the Dell UltraSharp 2709W for a larger project, but I do not own it. […]

My Name is Bruce (Movie Review)

Plot Preview Bruce Campbell (Bruce Campbell) is currently busy producing his newest movie, the terrific Cave Alien 2, when a young fanboy* asks for his help. He accidentally released an ancient Chinese daemon that now has set out to slaughter everyone who is related to the fanboy – coming from a small town this puts […]