Test ID:	1.3.6.1.4.1.25623.1.0.100364
Category:	Web application abuses
Title:	OpenX Arbitrary File Upload Vulnerability
Summary:	OpenX is prone to a vulnerability that lets attackers upload arbitrary;files because the application fails to adequately validate user-supplied input.;;An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver;process. This may facilitate unauthorized access or privilege escalation, other attacks are also possible.;;The issue affects OpenX 2.8.1 and prior.
Description:	Summary: OpenX is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to adequately validate user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation, other attacks are also possible. The issue affects OpenX 2.8.1 and prior. Solution: Reportedly, the vendor fixed this issue in OpenX 2.8.2. Symantec has not confirmed this information. Please contact the vendor for details. CVSS Score: 6.0 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4098 BugTraq ID: 37110 http://www.securityfocus.com/bid/37110 Bugtraq: 20091124 Executing arbitrary PHP code on OpenX <= 2.8.1 (Google Search) http://www.securityfocus.com/archive/1/508050/100/0/threaded https://developer.openx.org/jira/browse/OX-5747 http://osvdb.org/60499 http://secunia.com/advisories/37475 XForce ISS Database: openx-banneredit-upload(54394) https://exchange.xforce.ibmcloud.com/vulnerabilities/54394
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.