14 March 2007, 16:44

Vulnerabilities in PHProjekt fixed

Version 5.2.1 of the open source groupware PHProjekt fixes a number of security vulnerabilities and numerous other bugs. In addition, password encryption has been improved in order to make life more difficult for rainbow table attacks aimed at cracking passwords.

Using a vulnerability discovered by German security services provider n.runs, it was possible for authenticated users to access the PHProjekt database using SQL injection. In addition, using the calendar and file management module it was possible to upload and execute certain PHP files. On top of this, despite PHProjekt's XSS filters, a number of modules contained exploitable cross-site scripting (XSS) vulnerabilities. Vendor Mayflower recommends switching to the new version as soon as possible.

Channels

Services

Vulnerabilities in PHProjekt fixed

Also on The H:

Content Security Policy halts XSS in its tracks

Skype's ominous link checking: Facts and speculation

Password protection for everyone

Two clicks for more privacy

What's new in SUSE Linux Enterprise 11 SP3

What's new in Fedora 19

What's new in Linux 3.10

Free Software post-PRISM

Kernel Log: Coming in 3.10 (Part 4) - Drivers

The trouble with "Business Source"

Kernel Log: Coming in 3.10 (Part 3) - Infrastructure

Whatever happened to Google?

Java EE 7 at a glance

Continuous database migration with Liquibase and Flyway

Unit testing with Node.js

Ruby 2.0 - the 20th birthday present

Linux Mint 15: A better Ubuntu for the desktop

What's new in Linux 3.9

Replacing Google Reader

Attacking TrueCrypt

The H

The H Open

The H Security

The H Developer

The H Internet Toolkit