Update for OpenX ad server closes hole

The OpenX developers have released version 2.8.7 of their free open source ad server, likely closing the security hole discovered earlier this week. The vulnerability was the result of a component integrated in OpenX’s video plug-in from a third-party, which allows images to be uploaded.

The “Open Flash Chart 2″ module (ofc_upload_image.php) failed to check who uploaded what onto the server. The vulnerability allowed executable scripts to be uploaded and executed on the server – and criminals soon exploited it to attack the web servers of The Pirate Bay, esarcasm.com and AfterDawn.com.

Read more at H-online

Comments are closed.