xbiz world
xbiz premiere

Security Flaws Found in Popular Open Source Projects

RESTON, Va. – Security holes in two popular open source projects could put users at risk of cross-site scripting attacks and information theft, researchers warned.

The phpMyAdmin Project has confirmed that vulnerabilities in its application can be exploited to conduct cross-site scripting attacks and disclose sensitive information. First identified by research firm Secunia, the flaws could lead to arbitrary program execution if PHP safe mode is off and external transformations are activated.

Written in PHP, phpMyAdmin is a popular application for managing MySQL databases over the Internet. It is used by programmers to create and drop databases as well as to execute SQL statement and manage keys on fields. The phpMyAdmin Project recommends that users upgrade to the latest version of the application to avoid malicious hacking attacks.

Meanwhile, iDefense Inc. has issued an alert concerning vulnerabilities in phpBB Group’s web forum software that could allow attackers to read the contents of arbitrary system files under the privileges of the underlying web server. The problem was created by an input validation error that allows a remote attacker to control the arguments in a call to copy, thereby uncovering the full path to system files.

phpBB is a scalable, customizable open source bulletin board package that supports popular database servers and unlimited forums and posts.

“An attacker must have, or be able to create an account on the target system,” iDefense warned. "Non-default settings must also be enabled for exploitation to be possible. Upon successful exploitation an attacker may be able to further compromise the system by gleaning system information that would otherwise be inaccessible without authorization."

In response, the phpBB Group has released an updated version of the software that fixes the vulnerabilities.

A group of international PHP experts, including one of the founders of PHP enterprise platform developer Zend Technologies, have banded together and formed a new conglomerate aimed at promoting secure programming practices.

This latest round of security flaws comes just weeks after a group of PHP developers formed the PHP Security Consortium in response to high-profile flaws found in third-party applications, which the group said hurt the credibility of PHP and the growing PHP scripting community.

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

Opinion: Why Device-Based Age Verification is the Key to Protecting Minors Online

Across the United States, state legislators on both sides of the aisle have attempted to tackle the crucial goal of preventing minors from accessing adult content.

TMZ: VMG's Mike Moz in Talks About 'Potential Collab' With Yeezy

Vixen Media Group’s Mike Moz told TMZ on Friday that the company has been discussing a potential collaboration with Kanye West’s brand Yeezy.

Age Verification: FSC's Mike Stabile Reports from the Front Lines

Two years into the religiously-inspired crusade to ban free access to adult material in the U.S. through carefully drafted "age verification" legislation, the constant onslaught of state-by-state proposals and laws — many of them copied from each other — can be hard to follow.

Written Erotica Platform 'Hevvn' Launches

Hevvn, a new platform aimed at erotica writers seeking to publish, promote and profit from their work, debuted Thursday.

Sssh.com's Angie Rowntree Speaks at Brown University

Sssh.com founder Angie Rowntree spoke at a Brown University class last week, discussing several topics related to adult filmmaking.

Online Industry Veteran Joe E. Passes Away

Online industry veteran Joe E has passed away, according to friends and industry associates.

Judge Acquits Backpage Defendants of Most Charges Before 2nd Retrial

A federal judge acquitted former co-owner of Backpage.com Michael Lacey and two co-defendants on most of the counts remaining from the protracted trial launched against the website operators by the Justice Department in 2018.

Adult Time Partners With Animation Studio 3DGspot

Adult Time has signed a deal to stream content from animation studio 3DGspot.

Georgia Gov. Brian Kemp Signs Age Verification Bill Into Law

Republican Gov. Brian Kemp this week signed into law a bill that includes provisions requiring age verification for viewing adult content in Georgia, mirroring legislation being sponsored around the country by anti-porn religious conservative activists.

AEBN Publishes Popular Searches by Country for February, March

AEBN has released the popular searches from its straight and gay theaters in more than three dozen countries during February and March.

Show More