oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: openx unknown vulnerability before 2.8.7

From: Josh Bressers <bressers () redhat com>
Date: Mon, 6 Dec 2010 17:00:23 -0500 (EST)
Thanks for the info.

Steve, can you update MITRE's CVE (CVE-2009-4140). I don't need to assign
anything.

Thanks.

-- 
    JB


----- "Anthon Pang" <anthon.pang () gmail com> wrote:


The previously reported Open-Flash-Chart2 ofc_upload_image.php file
(vulnerable to arbitrary file upload) included in OpenX's video
plugin.

This is the commit (truncating it to an empty file):

https://developer.openx.org/fisheye/changelog/openx/trunk?cs=61683

FYI ofc_upload_image.php was found in a number of projects, including
Piwik (CVE-2009-4140), Open Web Analytics, and the Woopra plugin for
WordPress.

Regards,

Anthon

On Mon, Dec 6, 2010 at 9:00 AM, Hanno Böck <hanno () hboeck de> wrote:

Upstream is not very talkative, but I found a blog claiming this is

exploitet

in the wild:
http://blog.openx.org/09/security-update/
http://blog.sucuri.net/2010/09/openx-users-time-to-upgrade.html

Please assign CVE.

--
Hanno Böck              Blog:           http://www.hboeck.de/
GPG: 3DBD3B20           Jabber/Mail:    hanno () hboeck de

http://schokokeks.org - professional webhosting
Previous By Date Next
Previous By Thread Next

Current thread: