xbiz world
xbiz premiere

Security Flaws Found in Popular Open Source Projects

RESTON, Va. – Security holes in two popular open source projects could put users at risk of cross-site scripting attacks and information theft, researchers warned.

The phpMyAdmin Project has confirmed that vulnerabilities in its application can be exploited to conduct cross-site scripting attacks and disclose sensitive information. First identified by research firm Secunia, the flaws could lead to arbitrary program execution if PHP safe mode is off and external transformations are activated.

Written in PHP, phpMyAdmin is a popular application for managing MySQL databases over the Internet. It is used by programmers to create and drop databases as well as to execute SQL statement and manage keys on fields. The phpMyAdmin Project recommends that users upgrade to the latest version of the application to avoid malicious hacking attacks.

Meanwhile, iDefense Inc. has issued an alert concerning vulnerabilities in phpBB Group’s web forum software that could allow attackers to read the contents of arbitrary system files under the privileges of the underlying web server. The problem was created by an input validation error that allows a remote attacker to control the arguments in a call to copy, thereby uncovering the full path to system files.

phpBB is a scalable, customizable open source bulletin board package that supports popular database servers and unlimited forums and posts.

“An attacker must have, or be able to create an account on the target system,” iDefense warned. "Non-default settings must also be enabled for exploitation to be possible. Upon successful exploitation an attacker may be able to further compromise the system by gleaning system information that would otherwise be inaccessible without authorization."

In response, the phpBB Group has released an updated version of the software that fixes the vulnerabilities.

A group of international PHP experts, including one of the founders of PHP enterprise platform developer Zend Technologies, have banded together and formed a new conglomerate aimed at promoting secure programming practices.

This latest round of security flaws comes just weeks after a group of PHP developers formed the PHP Security Consortium in response to high-profile flaws found in third-party applications, which the group said hurt the credibility of PHP and the growing PHP scripting community.

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

U of Wisconsin Lawyers Admit to Political, Donor Pressure to Terminate Prof. Joe Gow Over OnlyFans Content

Lawyers for the Universities of Wisconsin admitted during a hearing Friday that the institution has received pressure from a Republican politician and from a donor to strip veteran UW professor of communications Joe Gow of tenure for unremorsefully creating and appearing in adult content.

Open Mind AI Seeks Inclusion in EU's AI Debate

New European industry initiative Open Mind AI has penned a letter asking EU authorities to include adult companies and creators in ongoing discussions on setting up a legal framework for AI content.

Canadian Law Professor: Proposed Age Verification Bill 'Will Make Things Worse'

Leading Canadian newspaper The Globe and Mail this week published an op-ed written by a legal scholar outlining fundamental issues with the Conservative-backed age verification bill currently making its way through Parliament.

UK Labour Government Confirms it Will Continue Baroness-Led 'Porn Review'

The U.K. Labour government of Prime Minister Keir Starmer has confirmed it will continue the controversial full review of British pornography laws ordered by former Tory Prime Minister Rishi Sunak in July 2023.

AEBN Publishes Popular Searches for July and August

AEBN has released the top search terms for the months of July and August from its straight and gay theaters in all 50 states and the District of Columbia.

SWR Data Survey Probes Concerns About Political Attacks on Industry

SWR Data, an adult-sector market research firm led by industry veterans Mike Stabile and MelRose Michaels, has released data from its upcoming 2024 State of the Creator report, illustrating creators’ concerns about political attacks on the industry.

FSC Urges SCOTUS to Strike Down 'Unconstitutional' Texas Age Verification Law

The Free Speech Coalition (FSC) urged the U.S. Supreme Court through a brief filed Monday to strike down Texas’ age verification law as unconstitutional.

Japanese Manga Industry Hit by Credit Card Companies' Anti-Porn Restrictions

Japanese manga retailers are reporting pressure from multinational credit card companies — many based in the U.S. and targeted by anti-porn religious conservatives — to censor their content if they wish to maintain their current payment processing arrangements.

Netherlands Government Continues Porn Probe Following Abuse Allegations

The Dutch government plans to continue investigating the local porn industry in the Netherlands, following a series of abuse allegations involving photographer and self-styled “model scout” Daniël van der W.

Clips4Sale Releases '20 Years of Fetish' Data Survey

Clips4Sale (C4S) has released a report based on 20 years of data and analysis to show how kink and fetish tastes have changed since the site began.

Show More