OpenX Ad Server version 2.8.10 was shipped with an obfuscated backdoor since at least November 2012 through August 2013. Exploitation is simple, requiring only a single request with a rot13'd and reversed payload.
e988ca61d33c8f55653084886e430badc06f1b7c8ab5e01912529cbb5ff29495