Description
OpenX Source v. 2.8.10 (the binary distribution) was compromised, and two of the files were replaced with two new modified files that contained a remote code execution vulnerability. All OpenX downloads since at least November 2012 through August 2013 were affected.
Remediation
Upgrade to OpenX version 2.8.11.
References
Related Vulnerabilities
Remote code execution of user-provided local names in Rails
Reflected Cross-Site Scripting (XSS) vulnerability in PAN-OS management web interface
Drupal Core 8.5.0 Remote Code Execution (8.5.0)
WordPress Plugin Bricks Remote Code Execution (1.9.6)
WordPress Plugin Arigato Autoresponder and Newsletter Remote Code Execution (2.5.1.9)