PHP security


phpMyAdmin Closes Code Execution Holes

The phpMyAdmin developers have announced the release of version 3.3.5.1 and 2.11.10.1 of their database administration tool, security updates that fix one critical and several serious vulnerabilities. Read the full article. [The H Security]


The Ruby developers have issued version 1.9.1-p430 of the Ruby programming language, a security update that addresses a cross-site scripting (XSS) vulnerability. Read the full article. [The H Security]

Security expert Andreas Bogk warns that, despite recent PHP
improvements, the session IDs of users who are logged into PHP
applications remain guessable. Upon close examination, the alleged
improvements display frightening weaknesses. Read the full article. [The H Security]

The latest release (PHP 5.3.1) features the addition of the “max_file_uploads” INI
directive, which can be used to limit the number of file uploads for
each request to 20 by default. By limiting the number of uploads
per-request, users can prevent possible denial of service (DoS)
attacks. Missing sanity checks around EXIF (exchangeable image file format) processing have also been added. Read the full article. [The H Security]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.