|Main Archive Page > Month Archives > full-disclosure-uk archives|
The review contains a list of 22 items for multiple vulnerabilities ranging from XSS to SQL injection to directory traversal. Some are only exploitable by authenticated users, others can be conducted by unauthenticated users.
All the the items were fixed in OpenX 2.6 and backported to 2.4 when applicable. New versions of both OpenX 2.6 and 2.4 have been released.
according to the company release plans 2009-Jan-26: the fc.php MAX_type vulnerability was independently
discovered and disclosed 2009-Jan-27: an OpenX user reported the link to our forums 2009-Jan-27: Secunia was forced to disclose the entire review 2009-Jan-29: OpenX 2.4.10 and 2.6.4 were released by OpenX
The security contact for OpenX can be reached at: <security AT openx DOT org>
Best regards -- Matteo Beccati OpenX - http://www.openx.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/