oss-sec mailing list archives
Re: CVE request: openx unknown vulnerability before 2.8.7
From: Josh Bressers <bressers () redhat com>
Date: Mon, 6 Dec 2010 17:00:23 -0500 (EST)
Thanks for the info. Steve, can you update MITRE's CVE (CVE-2009-4140). I don't need to assign anything. Thanks. -- JB ----- "Anthon Pang" <anthon.pang () gmail com> wrote:
The previously reported Open-Flash-Chart2 ofc_upload_image.php file (vulnerable to arbitrary file upload) included in OpenX's video plugin. This is the commit (truncating it to an empty file): https://developer.openx.org/fisheye/changelog/openx/trunk?cs=61683 FYI ofc_upload_image.php was found in a number of projects, including Piwik (CVE-2009-4140), Open Web Analytics, and the Woopra plugin for WordPress. Regards, Anthon On Mon, Dec 6, 2010 at 9:00 AM, Hanno Böck <hanno () hboeck de> wrote:Upstream is not very talkative, but I found a blog claiming this isexploitetin the wild: http://blog.openx.org/09/security-update/ http://blog.sucuri.net/2010/09/openx-users-time-to-upgrade.html Please assign CVE. -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno () hboeck de http://schokokeks.org - professional webhosting
Current thread:
- CVE request: openx unknown vulnerability before 2.8.7 Hanno Böck (Dec 06)
- Re: CVE request: openx unknown vulnerability before 2.8.7 Anthon Pang (Dec 06)
- Re: CVE request: openx unknown vulnerability before 2.8.7 Josh Bressers (Dec 06)
- Re: CVE request: openx unknown vulnerability before 2.8.7 Anthon Pang (Dec 06)