Computer Security

Security Advisory: [OPENADS-SA-2008-001] Openads 2.4.2 vulnerability fixed
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [DSECRG-08-008] Textpattern 4.0.5 Multiple Security Vulnerabilities

  [DSECRG-08-011] Astrosoft HelpDesk Multiple XSS

  [OPEN[DSECRG-08-010] VHD Web Pack 2.0  Local File Include

  [DSECRG-08-009]  xoops 2.0.18 Local File Include

From:OPENADS
Date:05.02.2008
Subject:[OPENADS-SA-2008-001] Openads 2.4.2 vulnerability fixed

========================================================================
Openads security advisory                            OPENADS-SA-2008-001
------------------------------------------------------------------------
Advisory ID:           OPENADS-SA-2008-001
Date:                  2008-Feb-04
Security risk:         Critical
Applications affetced: Openads
Versions affected:     2.4.0 <= x <= 2.4.2
Versions not affected: >= 2.4.3
========================================================================


========================================================================
Vulnerability:  Remote PHP code injection and execution
========================================================================

Description
-----------
A remote PHP code injection and execution vulnerability has recently
been found. The vulnerability affects the delivery engine, which does
not require any kind of authentication. An attacker could exploit it to
execute arbitrary PHP code.

Solution
--------
 - Upgrade to Openads 2.4.3

Credits
-------
 - Reporter: Tanatik


Contact informations
====================

The security contact for Openads can be reached at:
<security AT openads DOT org>


Best regards
--
Matteo Beccati
http://www.openads.org
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru