Users of OpenX versions 2.8.0 - 2.8.8–please read!!
“A recent security issue with OpenX versions 2.8.0 - 2.8.8 means users of these versions of the platform should take the following steps:
1. Secure their servers by removing the files being exploited:
2. Removing these scripts will impact some of the user/plugin management systems, but will not affect existing users/plugins, and will not affect ad serving.
3. Replace the www/admin/dashboard.php file with the one in this archive so as to not break the login process.
Users can tell if they have been affected by this by checking for a rogue admin user named “openx-manager” in their UI at http://<your_admin_domain>/www/admin/admin-access.php
If the above user is found, it should be removed, and a full security audit should be performed.
We strongly encourage users to lock down their config file. Additionally, users should notify firstname.lastname@example.org if they ever become aware of a security matter.”