Zero Day Vulnerability in OpenX Source 2.8.11 and Revive Adserver 3.0.1

The current versions of the popular ad server software OpenX Source (2.8.11) and Revive Adserver (3.0.1) are vulnerable a sql injection attack which allows attackers to gain backend access. The vulnerability is actively being exploited. The OpenX team has been informed. For Revive, I submitted a pull request with a fix. Since Revive Adserver is […]

Zero-day Vulnerability in OpenX Source 2.8.11

The current version of the popular ad server software OpenX Source (2.8.11) is vulnerable to code injection attacks by a subset of registered users. The vulnerability is being actively exploited. The problem can be fixed by changing line 311 in lib/OX/Extension/deliveryLimitations/DeliveryLimitations.php as follows: $result = ‘MAX_check’ . ucfirst($this->group) . ‘_’ . $this->component . “(‘”.addslashes($data).”‘, ‘”.addslashes($this->comparison).”‘)”; […]

Critical vulnerability in OpenX 2.8.6 & Open Flash Chart 2

There is a critical security flaw in OpenX 2.8.6 (and 2.8.5 and probably several earlier versions) which allows attackers to gain control of the webserver account and thus the adserver. The security hole is being actively exploited in the wild (as I learned the hard way). It seems that this hole is only known to […]