social networking
limited to):
* Operating Systems
* Career and Management topics
* Mobile Devices/Embedded Systems
* Information Security Audit and Control
* Social Networking
* Information Security Policies
* Messing with Protocols
* Networking/Telecommunication
* Wireless and all RF related stuff
* Incident Response & other applicable (and useful) Infosec Policies
CMS INFORMATION:
+->WEB: http://mt.bioscriptsdb.com/
+->DOWNLOAD: http://sourceforge.net/projects/minitt/
+->DEMO: http://www.bioscripts.net/minitwitter/index.php
+->CATEGORY: Social Networking
+->DESCRIPTION: Your business needs a private twitter. You can add...
several twitters account and use this twitter as a buckup of all...
+->RELEASED: 2009-04-30
CMS VULNERABILITY:
CMS INFORMATION:
-->WEB: http://mt.bioscriptsdb.com/
-->DOWNLOAD: http://sourceforge.net/projects/minitt/
-->DEMO: http://www.bioscripts.net/minitwitter/index.php
-->CATEGORY: Social Networking
-->DESCRIPTION: Your business needs a private twitter. You can add...
several twitters account and use this twitter as a buckup of all...
-->RELEASED: 2009-05-01
CMS VULNERABILITY:
CMS INFORMATION:
-->WEB: http://mt.bioscriptsdb.com/
-->DOWNLOAD: http://sourceforge.net/projects/minitt/
-->DEMO: http://www.bioscripts.net/minitwitter/index.php
-->CATEGORY: Social Networking
-->DESCRIPTION: Your business needs a private twitter. You can add...
several twitters account and use this twitter as a buckup of all...
-->RELEASED: 2009-04-30
CMS VULNERABILITY:
* Operating Systems
* Career and Management topics
* Mobile Devices/Embedded Systems
* Information Security Audit and Control
* Social Networking and Search Engine Hacks & Threats
* Information Security Policies
* Privacy
* Messing with Network Protocols
* Security from layer 1 through 7
* 802.11 Wireless and any RF related stuff for that matter
Application : BusinessSpace
version : <= 1.2
Vendor : http://www.business-space.org
Description :
BusinessSpace - Social Networking in a Box
BusinessSpace is an enterprise collaboration software designed to stand up to and keep in pace with today’s ever-evolving, rapidly-growing world of online business and entrepreneurship. Enterprise community software has been taken up to another lever by the developers of BusinessSpace separating itself from regular social networking software and community software. BusinessSpace is not just a social network CMS, not just a LinkedIn clone: it’s more than that. BusinessSpace was developed by business people, just like you. This means that this business networking software is laced with the features that a businessman, employer, employee or entrepreneur needs. No fancy community software applications, no fancy profiles: it’s simply strictly business. Because that’s what BusinessSpace enterprise social networking software is all about – business.
Vulnerability:
~~~~~~~~~~~~
could be interesting to us:
* Mobile Devices
* Social Netwoking Threats
* Embedded Systems
* Social Networking and Client-Side Techniques
* Red Team Techniques
* Inside Jobs Detection/ Techniques
* Operating Systems
* Career & Management topics
* (cool and useful) Information Security Policies
SYSTEM INFORMATION:
-->WEB: http://www.tuenti.com/
-->DOWNLOAD: No there.
-->DEMO: N/A
-->CATEGORY: Social Networking
-->DESCRIPTION: Tuenti is the biggest and most popular social network in Spain.
SYSTEM VULNERABILITY:
-->TESTED ON: firefox 3 and Internet Explorer 6.0
This issue covers following articles:-
0x00 Tech Gyan - One Line Facebook
0x01 Tool Gyan - SQLMAP – Automated Sql Injection Testing Tool
0x02 Mom's Guide - Social Networking and its Application Security
0x03 Legal Gyan - Powers of Government under the Information Technology Act, 2000
0x04 Matriux Vibhag - Setting up and Getting started with Matriux Krypton
0x05 Poster - "I shall use strong password"
Check http://chmag.in/ for articles.
Application : ProfileCMS
version : <= 1.0
Vendor : http://profilecms.com/
Description :
ProfileCMS is a powerful Content Management System for Social Networking profile codes and widgets. There are no other scripts that offer the freedom, features and practicality of ProfileCMS, we have constructed a easy to use, accessable platform for both webmasters and front end users. Based on the popular MSCMS system which has been the Number 1 Myspace Content Management System for almost 1 year now, ProfileCMS allows webmasters to take advantage of the ever growing popularity of social netowrking sites and offer users codes and widgets from ANY social network.
---------------------------------------------------------------------------
Vulnerability:
~~~~~~~~~~~~~
Original URL:
http://securityreason.com/achievement_securityalert/75
- --- 0.Description ---
Flock is a web browser built on Mozilla.s Firefox codebase that specializes in providing social networking and Web 2.0 facilities built into its user interface. Flock v2.5 was officially released on May 19, 2009.
The Flock browser is available as a free download, and supports Microsoft Windows, Mac OS X, and Linux platforms.
- --- 1. Flock 2.5.2 Remote Array Overrun (Arbitrary code execution) ---
CVE: not assigned
---[ Software description ]
Online dating software, open-source community platform, social networking script, niche social site engine.
---[ Vulnerability description ]
Positive Research Center has discovered an SQL injection vulnerability in Dolphin 6.1. Application incorrectly validates input data. That allows attackers to conduct SQL injection attack.
Jcow CMS 4.2 and lower versions are vulnerable to Cross Site Scripting.
2. BACKGROUND
Jcow is a flexible Social Networking software written in PHP. It can
help you to build a social network for your interests and passions, a
member community for your existing website and a social networking
site like facebook/myspace/twitter.
Kevin Nassery - Diplomatic Security Consulting
Erik Berls - Deploying DNSSEC
Joe McCray - Advanced SQL Injection
Strom Carlson - Why your mother will never care about Linux
Deviant Ollam - Packing and the Friendly Skies
CP, Adam, Frank^2, Vyrus - TwatFS: Surly abuse of social networking bandwidth
Ryan S. Upton, CISSP - Incident Response 101
Doug Cohen - Computation and Modeling
We're particularly excited about the new tool being debuted by the
DC949 folks, TwatFS. Like Twitter? Like the idea of distributed
Scripting and SQL Injection.
2. BACKGROUND
Elgg is an award-winning social networking engine, delivering the
building blocks that enable businesses, schools, universities and
associations to create their own fully-featured social networks and
applications. Well-known Organizations with networks powered by Elgg
include: Australian Government, British Government, Federal Canadian
Government, MITRE, The World Bank, UNESCO, NASA, Stanford University,
>
>
> 2. BACKGROUND
>
> Dolphin is the only "all-in-one" free community software platform for
> creating your own social networking, community or online dating site
> without any limits and under your full control. Dolphin comes with
> hundreds of features, module plugins and tools. Everything is included
> and extension posibilities are literally endless. You can use it for
> free with a BoonEx link in the footer or buy a $99 permanent license
> to remove that requirement.
• Roelof Temmingh, CEO, Paterva: Evaluating the Credibility of a Cyber Threat
• Scott Borg, Director, U.S. Cyber Consequences Unit: The Cyber-Defence Revolution
This conference specifically addresses the relationship between computer security and national security issues.
The registration fee of 495 EUR (195 for students) covers conference proceedings, all meals during the conference, and numerous social networking events in Old Town Tallinn.
The mission of the Cooperative Cyber Defence Centre of Excellence (CCD CoE) is to enhance the cooperative cyber defence capability of NATO and NATO nations (www.ccdcoe.org).
Complete details are available at www.ccdcoe.org/cyberwarfare/.
Beatz 1.x versions are vulnerable to Cross Site Scripting.
2. BACKGROUND
Beatz is a set of powerful Social Networking Script Joomla! 1.5
plugins that allows you to start your own favourite artist band
website. Although it is just a Joomla! plugin, it comes with full
Joolma! bundle for ease of use and installation.
-----[ THE SHED
The cud ain't gonna chew itself:
Email us: kiwicon@kiwicon.org
Hip social networking: http://twitter.com/kiwicon
Website: https://www.kiwicon.org/
Drop by ircs: ircs.kiwicon.org:6697/kiwicon
Join the list: hackers-subscribe@lists.kiwicon.org
(If you subscribed last year, you are still subscribed!)
CVE IDs : CVE-2011-0439 CVE-2011-0440
Debian-specific: no
Two security vulnerabilities have been discovered in Mahara, a fully
featured electronic portfolio, weblog, resume builder and social
networking system:
CVE-2011-0439
A security review commissioned by a Mahara user discovered that
Mahara processes unsanitized input which can lead to cross-site
Application : E-Friends
version : <= 4.98
Vendor : http://www.alstrasoft.com/efriends.htm
Description :
E-Friends is an online social networking script that allows you to start your own profitable community just like Friendster and MySpace social networking site plus the ability to offer paid membership subscriptions. E-Friends allow members to connect to people in their personal networks and make friends, match making, dating, blogging and join groups and events. Features include email importer, messaging system, classifieds, join groups, forums, affiliate program integrated, online chat, personal blog, calendar, custom profile URL, friends search, invite friends, hotornot image ranking, advance admin control panel, upload photos and many more.
---------------------------------------------------------------------------
Vulnerability:
~~~~~~~~~~~~~~
###################
Description By vendor
###################
Elgg is an award-winning social networking engine, delivering
the building blocks that enable businesses, schools, universities
and associations to create their own fully-featured social networks
and applications. Organizations with networks powered by Elgg
include: Australian Government, British Government, Federal Canadian
Government, MITRE, The World Bank, UNESCO, NASA, Stanford University,
Site Scripting.
2. BACKGROUND
Elgg is an award-winning social networking engine, delivering the
building blocks that enable businesses, schools, universities and
associations to create their own fully-featured social networks and
applications. Well-known Organizations with networks powered by Elgg
include: Australian Government, British Government, Federal Canadian
Government, MITRE, The World Bank, UNESCO, NASA, Stanford University,
vulnerable to Arbitrary Code Execution.
2. BACKGROUND
Jcow is a flexible Social Networking software written in PHP. It can
help you to build a social network for your interests and passions, a
member community for your existing website and a social networking
site like facebook/myspace/twitter.
2. BACKGROUND
Dolphin is the only "all-in-one" free community software platform for
creating your own social networking, community or online dating site
without any limits and under your full control. Dolphin comes with
hundreds of features, module plugins and tools. Everything is included
and extension posibilities are literally endless. You can use it for
free with a BoonEx link in the footer or buy a $99 permanent license
to remove that requirement.
|
