Download phpAdsNew 2.0.7

The phpAdsNew development team has recently released version 2.0.7. This program is a completely open source banner system with loads of different features. Such as supporting different formats of ads, targeting options so that certain ads are only shown on certain pages and extensive statistics that can also be supplied as an import file. An environment with PHP and a MySQL database is required to use phpAdsNew. The included list of changes looks like this:

phpAdsNew 2.0.7 was released to fix multiple vulnerabilities that were recently discovered:

• An SQL injection issue has been discovered by Toni Koivunen. This vulnerability is exploitable both on MySQL and PostgreSQL. Further exploitation techniques were discovered by Sigfried / Zone-H.
• Multiple HTTP response splitting vulnerabilities were found by Toni Koivunen.
• Multiple path disclosure vulnerabilities were found by Toni Koivunen.

Every user is urged to upgrade!

The release also contains some other bug fixes and improvements:

• Added new database setting to allow connection to the database using sockets
• Rewrote the swf hardcoded link converter, which results in wider compatibility
• Added workaround to guarantee compatibility with PHP 4.4.1 (bug #35067, fixed in 4.4.2)
• Fixed bug which prevented stats-global-clients from working when there were many banners – bug #1267218
• Fixed bug on calculations made during prority compensation
• Compressed flash banners with version >= 6 were always saved as not compressed after the conversion
• Geotargeting wasn’t correctly working under some circumstances
• GeoIP region for some reason was broken in the last release
• Fixed potential incompatibility with mod_security which could block PAN sessionid cookie
• Fixed SQL injection vulnerability with magic_quotes off in lib-session.inc.php
• Fixed multiple full path disclosure vulnerabilities
• Fixed problems with session caused by the recent changes
• Fixed potential HTTP response splitting attacks