social networking software
Application : BusinessSpace
version : <= 1.2
Vendor : http://www.business-space.org
Description :
BusinessSpace - Social Networking in a Box
BusinessSpace is an enterprise collaboration software designed to stand up to and keep in pace with today’s ever-evolving, rapidly-growing world of online business and entrepreneurship. Enterprise community software has been taken up to another lever by the developers of BusinessSpace separating itself from regular social networking software and community software. BusinessSpace is not just a social network CMS, not just a LinkedIn clone: it’s more than that. BusinessSpace was developed by business people, just like you. This means that this business networking software is laced with the features that a businessman, employer, employee or entrepreneur needs. No fancy community software applications, no fancy profiles: it’s simply strictly business. Because that’s what BusinessSpace enterprise social networking software is all about – business.
Vulnerability:
~~~~~~~~~~~~
limited to):
* Operating Systems
* Career and Management topics
* Mobile Devices/Embedded Systems
* Information Security Audit and Control
* Social Networking
* Information Security Policies
* Messing with Protocols
* Networking/Telecommunication
* Wireless and all RF related stuff
* Incident Response & other applicable (and useful) Infosec Policies
Application : ProfileCMS
version : <= 1.0
Vendor : http://profilecms.com/
Description :
ProfileCMS is a powerful Content Management System for Social Networking profile codes and widgets. There are no other scripts that offer the freedom, features and practicality of ProfileCMS, we have constructed a easy to use, accessable platform for both webmasters and front end users. Based on the popular MSCMS system which has been the Number 1 Myspace Content Management System for almost 1 year now, ProfileCMS allows webmasters to take advantage of the ever growing popularity of social netowrking sites and offer users codes and widgets from ANY social network.
---------------------------------------------------------------------------
Vulnerability:
~~~~~~~~~~~~~
* Operating Systems
* Career and Management topics
* Mobile Devices/Embedded Systems
* Information Security Audit and Control
* Social Networking and Search Engine Hacks & Threats
* Information Security Policies
* Privacy
* Messing with Network Protocols
* Security from layer 1 through 7
* 802.11 Wireless and any RF related stuff for that matter
CMS INFORMATION:
-->WEB: http://mt.bioscriptsdb.com/
-->DOWNLOAD: http://sourceforge.net/projects/minitt/
-->DEMO: http://www.bioscripts.net/minitwitter/index.php
-->CATEGORY: Social Networking
-->DESCRIPTION: Your business needs a private twitter. You can add...
several twitters account and use this twitter as a buckup of all...
-->RELEASED: 2009-05-01
CMS VULNERABILITY:
SYSTEM INFORMATION:
-->WEB: http://www.tuenti.com/
-->DOWNLOAD: No there.
-->DEMO: N/A
-->CATEGORY: Social Networking
-->DESCRIPTION: Tuenti is the biggest and most popular social network in Spain.
SYSTEM VULNERABILITY:
-->TESTED ON: firefox 3 and Internet Explorer 6.0
Jcow CMS 4.2 and lower versions are vulnerable to Cross Site Scripting.
2. BACKGROUND
Jcow is a flexible Social Networking software written in PHP. It can
help you to build a social network for your interests and passions, a
member community for your existing website and a social networking
site like facebook/myspace/twitter.
vulnerable to Arbitrary Code Execution.
2. BACKGROUND
Jcow is a flexible Social Networking software written in PHP. It can
help you to build a social network for your interests and passions, a
member community for your existing website and a social networking
site like facebook/myspace/twitter.
CMS INFORMATION:
-->WEB: http://mt.bioscriptsdb.com/
-->DOWNLOAD: http://sourceforge.net/projects/minitt/
-->DEMO: http://www.bioscripts.net/minitwitter/index.php
-->CATEGORY: Social Networking
-->DESCRIPTION: Your business needs a private twitter. You can add...
several twitters account and use this twitter as a buckup of all...
-->RELEASED: 2009-04-30
CMS VULNERABILITY:
CMS INFORMATION:
+->WEB: http://mt.bioscriptsdb.com/
+->DOWNLOAD: http://sourceforge.net/projects/minitt/
+->DEMO: http://www.bioscripts.net/minitwitter/index.php
+->CATEGORY: Social Networking
+->DESCRIPTION: Your business needs a private twitter. You can add...
several twitters account and use this twitter as a buckup of all...
+->RELEASED: 2009-04-30
CMS VULNERABILITY:
-----[ THE SHED
The cud ain't gonna chew itself:
Email us: kiwicon@kiwicon.org
Hip social networking: http://twitter.com/kiwicon
Website: https://www.kiwicon.org/
Drop by ircs: ircs.kiwicon.org:6697/kiwicon
Join the list: hackers-subscribe@lists.kiwicon.org
(If you subscribed last year, you are still subscribed!)
Application : E-Friends
version : <= 4.98
Vendor : http://www.alstrasoft.com/efriends.htm
Description :
E-Friends is an online social networking script that allows you to start your own profitable community just like Friendster and MySpace social networking site plus the ability to offer paid membership subscriptions. E-Friends allow members to connect to people in their personal networks and make friends, match making, dating, blogging and join groups and events. Features include email importer, messaging system, classifieds, join groups, forums, affiliate program integrated, online chat, personal blog, calendar, custom profile URL, friends search, invite friends, hotornot image ranking, advance admin control panel, upload photos and many more.
---------------------------------------------------------------------------
Vulnerability:
~~~~~~~~~~~~~~
Scripting and SQL Injection.
2. BACKGROUND
Elgg is an award-winning social networking engine, delivering the
building blocks that enable businesses, schools, universities and
associations to create their own fully-featured social networks and
applications. Well-known Organizations with networks powered by Elgg
include: Australian Government, British Government, Federal Canadian
Government, MITRE, The World Bank, UNESCO, NASA, Stanford University,
###################
Description By vendor
###################
Elgg is an award-winning social networking engine, delivering
the building blocks that enable businesses, schools, universities
and associations to create their own fully-featured social networks
and applications. Organizations with networks powered by Elgg
include: Australian Government, British Government, Federal Canadian
Government, MITRE, The World Bank, UNESCO, NASA, Stanford University,
• Roelof Temmingh, CEO, Paterva: Evaluating the Credibility of a Cyber Threat
• Scott Borg, Director, U.S. Cyber Consequences Unit: The Cyber-Defence Revolution
This conference specifically addresses the relationship between computer security and national security issues.
The registration fee of 495 EUR (195 for students) covers conference proceedings, all meals during the conference, and numerous social networking events in Old Town Tallinn.
The mission of the Cooperative Cyber Defence Centre of Excellence (CCD CoE) is to enhance the cooperative cyber defence capability of NATO and NATO nations (www.ccdcoe.org).
Complete details are available at www.ccdcoe.org/cyberwarfare/.
I. ABOUT THE APPLICATION
________________________
AlstraSoft E-Friends is an online social networking
software that allows you to start your own site just like
Friendster and MySpace.
Other versions could be vulnerable.
I. ABOUT THE APPLICATION
iScripts SocialWare is an award-winning, easy to use
social networking software that enables you to create
your own social network like MySpace, Orkut, Friendster,
Linkedin, Facebook, Hi5, etc.
II. DESCRIPTION
Original URL:
http://securityreason.com/achievement_securityalert/75
- --- 0.Description ---
Flock is a web browser built on Mozilla.s Firefox codebase that specializes in providing social networking and Web 2.0 facilities built into its user interface. Flock v2.5 was officially released on May 19, 2009.
The Flock browser is available as a free download, and supports Microsoft Windows, Mac OS X, and Linux platforms.
- --- 1. Flock 2.5.2 Remote Array Overrun (Arbitrary code execution) ---
Kevin Nassery - Diplomatic Security Consulting
Erik Berls - Deploying DNSSEC
Joe McCray - Advanced SQL Injection
Strom Carlson - Why your mother will never care about Linux
Deviant Ollam - Packing and the Friendly Skies
CP, Adam, Frank^2, Vyrus - TwatFS: Surly abuse of social networking bandwidth
Ryan S. Upton, CISSP - Incident Response 101
Doug Cohen - Computation and Modeling
We're particularly excited about the new tool being debuted by the
DC949 folks, TwatFS. Like Twitter? Like the idea of distributed
CVE IDs : CVE-2011-0439 CVE-2011-0440
Debian-specific: no
Two security vulnerabilities have been discovered in Mahara, a fully
featured electronic portfolio, weblog, resume builder and social
networking system:
CVE-2011-0439
A security review commissioned by a Mahara user discovered that
Mahara processes unsanitized input which can lead to cross-site
Site Scripting.
2. BACKGROUND
Elgg is an award-winning social networking engine, delivering the
building blocks that enable businesses, schools, universities and
associations to create their own fully-featured social networks and
applications. Well-known Organizations with networks powered by Elgg
include: Australian Government, British Government, Federal Canadian
Government, MITRE, The World Bank, UNESCO, NASA, Stanford University,
|
