Home > News > Security Flaws Found in Popular Open Source Projects • Bookmark   • Newsletters   • Register Search Options

NEWS STORY

Security Flaws Found in Popular Open Source Projects

Security Flaws Found in Popular Open Source Projects
Get XBIZ News
Feb 27, 2005 12:05 PM PST    Text size: 
RESTON, Va. – Security holes in two popular open source projects could put users at risk of cross-site scripting attacks and information theft, researchers warned.

The phpMyAdmin Project has confirmed that vulnerabilities in its application can be exploited to conduct cross-site scripting attacks and disclose sensitive information. First identified by research firm Secunia, the flaws could lead to arbitrary program execution if PHP safe mode is off and external transformations are activated.

Written in PHP, phpMyAdmin is a popular application for managing MySQL databases over the Internet. It is used by programmers to create and drop databases as well as to execute SQL statement and manage keys on fields. The phpMyAdmin Project recommends that users upgrade to the latest version of the application to avoid malicious hacking attacks.

Meanwhile, iDefense Inc. has issued an alert concerning vulnerabilities in phpBB Group’s web forum software that could allow attackers to read the contents of arbitrary system files under the privileges of the underlying web server. The problem was created by an input validation error that allows a remote attacker to control the arguments in a call to copy, thereby uncovering the full path to system files.

phpBB is a scalable, customizable open source bulletin board package that supports popular database servers and unlimited forums and posts.

“An attacker must have, or be able to create an account on the target system,” iDefense warned. "Non-default settings must also be enabled for exploitation to be possible. Upon successful exploitation an attacker may be able to further compromise the system by gleaning system information that would otherwise be inaccessible without authorization."

In response, the phpBB Group has released an updated version of the software that fixes the vulnerabilities.

A group of international PHP experts, including one of the founders of PHP enterprise platform developer Zend Technologies, have banded together and formed a new conglomerate aimed at promoting secure programming practices.

This latest round of security flaws comes just weeks after a group of PHP developers formed the PHP Security Consortium in response to high-profile flaws found in third-party applications, which the group said hurt the credibility of PHP and the growing PHP scripting community.

More ways to get XBIZ News:  RSS Feeds  |  E-Newsletters  |  Desktop Widget  |  Mobile
Looking for porn star news and behind-the-scene videos? Check out XFANZ.com !

OPINIONS & VIEWS

Data Privacy Is Tightening Up in the E.U.

Have you begun preparing for GDPR? If you are like most, you haven’t even heard of GDPR, but also if you are like most, it is going to affect your business, starting May 25, 2018. The GDPR, or General... More »

Could Adult Content Be Banned?

Earlier this month, I met with the Free Speech Coalition’s board of directors for our annual review. Despite the headwinds our industry faces, politically and economically, we are, as an organization,... More »

Cutting Costs in the Spirit of Entrepreneurship

Adult website owners are comprised of two groups: One is comfortable giving up 30-50 percent of their site’s gross sales revenue (aka profit) in exchange for software, hosting and services despite... More »
XBIZ NEWSLETTERS
Stay informed of the latest industry developments. Get XBIZ newsletters delivered to your inbox. Subscribe today!
Enter email address:

* To manage existing subscriptions click here.






POPULAR PRODUCTS & SERVICES
Submit your press release to
multiple news outlets with 1 click.
Subscribe to RSS news feeds or
add free content to your website.
Access XBIZ news and articles
with your mobile device.
Subscribe to XBIZ World magazine, the industry's leading e-commerce trade publication, delivering in-depth coverage of the online, mobile and ancillary digital markets.

UPCOMING EVENTS

XShow 18+ 2017

Jun 01 - Jun 03
Moscow, Russia

Cam Summit

Jun 02 - Jun 04
Lloret de Mar, Spain

AW Summit

Jun 06 - Jun 09
Mamaia, Romania

Gaelic WWW Conference

Jun 19 - Jun 21
Wicklow, Ireland
Everyday thousands of business professionals browse XBIZ's industry directory for quality products and services. Not listed yet? Your company could be losing potential new business. Submit your company today!
Use XBIZ RSS feeds to stay informed of the latest industry developments or as a content syndication tool for your website!