xbiz world
xbiz premiere

Security Flaws Found in Popular Open Source Projects

RESTON, Va. – Security holes in two popular open source projects could put users at risk of cross-site scripting attacks and information theft, researchers warned.

The phpMyAdmin Project has confirmed that vulnerabilities in its application can be exploited to conduct cross-site scripting attacks and disclose sensitive information. First identified by research firm Secunia, the flaws could lead to arbitrary program execution if PHP safe mode is off and external transformations are activated.

Written in PHP, phpMyAdmin is a popular application for managing MySQL databases over the Internet. It is used by programmers to create and drop databases as well as to execute SQL statement and manage keys on fields. The phpMyAdmin Project recommends that users upgrade to the latest version of the application to avoid malicious hacking attacks.

Meanwhile, iDefense Inc. has issued an alert concerning vulnerabilities in phpBB Group’s web forum software that could allow attackers to read the contents of arbitrary system files under the privileges of the underlying web server. The problem was created by an input validation error that allows a remote attacker to control the arguments in a call to copy, thereby uncovering the full path to system files.

phpBB is a scalable, customizable open source bulletin board package that supports popular database servers and unlimited forums and posts.

“An attacker must have, or be able to create an account on the target system,” iDefense warned. "Non-default settings must also be enabled for exploitation to be possible. Upon successful exploitation an attacker may be able to further compromise the system by gleaning system information that would otherwise be inaccessible without authorization."

In response, the phpBB Group has released an updated version of the software that fixes the vulnerabilities.

A group of international PHP experts, including one of the founders of PHP enterprise platform developer Zend Technologies, have banded together and formed a new conglomerate aimed at promoting secure programming practices.

This latest round of security flaws comes just weeks after a group of PHP developers formed the PHP Security Consortium in response to high-profile flaws found in third-party applications, which the group said hurt the credibility of PHP and the growing PHP scripting community.

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

More Conservative Organizations Distance Themselves From Anti-Porn Project 2025

A growing list of conservative groups which had formerly endorsed Project 2025 — which calls for the total criminalization of adult content production and distribution — have reportedly distanced themselves from the blueprint, following Donald Trump’s claims that he disagrees with an unspecified number of its positions.

BranditScan Unveils Protection Plan for Adult Studios

BranditScan has launched a new content protection plan tailored specifically for adult studios.

CAM4 Debuts Weekly 'Skyy Knox's CAM Crawl' Livestream

CAM4 is launching "Skyy Knox’s CAM Crawl," a new livestream running every Sunday at 3 p.m. PDT.

Texas Judge Pauses AG Ken Paxton's Aylo Lawsuit Until SCOTUS Decision

A Texas district judge granted a request Wednesday to pause proceedings in the lawsuit filed by Attorney General Ken Paxton against Aylo over Pornhub’s alleged failure to implement Texas’ controversial age verification requirements, pending the outcome of the Free Speech Coalition-led lawsuit against Paxton, which will be heard by the Supreme Court during the next term.

Author of UN Report Recommending Worldwide Criminalization of Sex Work, Porn to Speak at NCOSE Summit

Jordanian activist Reem Alsalem, a special rapporteur on violence against women and girls at the United Nations Human Rights Council who recently issued a controversial report recommending that governments abolish all forms of sex work, including porn, will speak at anti-porn lobby NCOSE’s 2024 summit in August.

Spicey AI Voice Chat Platform Launches

Spicey AI, a platform that uses artificial intelligence to create interactive voice messages from chatbots based on adult performers, has launched.

Utherverse to Host 8th Annual VirtualCon in September

Virtual reality and metaverse technology company Utherverse will hold the eighth edition of its annual virtual conference, VirtualCon, from Sept. 26-28.

Pornhub Shuts Down Access in Nebraska Over Age Verification

Aylo began blocking access to Pornhub in Nebraska on Monday, in anticipation of the state’s new age verification law — one of many such bills promoted by religious conservatives around the country — which is scheduled to go into effect Thursday.

FeelMe AI Launches 3 New Subscription Tiers

FeelMe AI has launched three new subscription levels, allowing users to connect compatible Kiiroo sex toys to their videos for interactive solo play.

CamSoda Launches AI Girlfriend Builder

CamSoda has debuted a personalized "AI girlfriend" feature, which allows users to create their very own virtual companion at no charge, including free NSFW role-play and chat.

Show More