exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

OpenX Security Advisory - XSS / SQL Injection / Directory Traversal

OpenX Security Advisory - XSS / SQL Injection / Directory Traversal
Posted Jan 30, 2009
Authored by Matteo Beccati | Site openx.org

OpenX versions 2.4.9 and below and versions 2.6.3 and below suffer from cross site scripting, SQL injection, and directory traversal vulnerabilities.

tags | advisory, vulnerability, xss, sql injection
advisories | CVE-2009-0291
SHA-256 | 1832f2bf4c9549691dc54114426b945ebc52efd40a6911f23a26b27c4143a951

OpenX Security Advisory - XSS / SQL Injection / Directory Traversal

Change Mirror Download
========================================================================
OpenX security advisory OPENX-SA-2009-001
------------------------------------------------------------------------
Advisory ID: OPENX-SA-2009-001
Date: 2009-Jan-30
Security risk: Moderately critical
Applications affetced: OpenX
Versions affected: <= 2.4.9, <= 2.6.3
Versions not affected: >= 2.4.10, >= 2.6.4
========================================================================


========================================================================
Multiple vulnerabilities: XSS, SQL inection, directory traversal
========================================================================

Description
-----------
A security review of OpenX 2.6.3 was recently being conducted on Openx
2.6.3 by Sarid Harper on behalf of Secunia and reported to us. One of
the vulnerabilities was also independently discovered by Charlie Briggs
and disclosed on milw0rm.com, forcing Secunia to publish the research
results before our fix releases were ready.

The review contains a list of 22 items for multiple vulnerabilities
ranging from XSS to SQL injection to directory traversal. Some are only
exploitable by authenticated users, others can be conducted by
unauthenticated users.

All the the items were fixed in OpenX 2.6 and backported to 2.4 when
applicable. New versions of both OpenX 2.6 and 2.4 have been released.

Solution
--------
- Upgrade to OpenX 2.4.10 or 2.6.4

References
----------
- http://secunia.com/advisories/32197/
- http://www.milw0rm.com/exploits/7883
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0291

Timeline
--------
2009-Jan-20: Secunia reported the security review results to OpenX
2009-Jan-20: OpenX started investigation and scheduled the fixes
according to the company release plans
2009-Jan-26: the fc.php MAX_type vulnerability was independently
discovered and disclosed
2009-Jan-27: an OpenX user reported the link to our forums
2009-Jan-27: Secunia was forced to disclose the entire review
2009-Jan-29: OpenX 2.4.10 and 2.6.4 were released by OpenX


Contact informations
====================

The security contact for OpenX can be reached at:
<security AT openx DOT org>


Best regards

--
Matteo Beccati

OpenX - http://www.openx.org
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close