Cross-Site Scripting Vulnerability in phpSocial aka phpDolphin Social Network Script [CVE-2017-10801]

[-] Product Description:
phpSocial is a Social Network Platform similar with Facebook, allowing users to interact with each other by live chatting, sending messages, comments, like, share photos, life events and so much more.

Continue reading “Cross-Site Scripting Vulnerability in phpSocial aka phpDolphin Social Network Script [CVE-2017-10801]”

Share

OpenProject Session Management Security Vulnerability aka CVE-2017-11667

 

Today we will talk about a session management vulnerability affects OpenProject with all its version before 6.1.6 (old Stable) and 7.0.3 (latest stable) and may lead to accounts compromise and perform unauthorized actions via physical access to the logged in user session. but first lets know some general info.

First what is OpenProject?

OpenProject is a web-based project management system for location-independent team collaboration. This open source application is released under the GNU General Public License Version 3 and is continuously developed by an active open source community.

In addition to numerous smaller OpenProject installations there are also some very large installations in global organizations with more than 2,500 projects.

Continue reading “OpenProject Session Management Security Vulnerability aka CVE-2017-11667”

Share

CVE-2017-10711: Reflected XSS vulnerability in SimpleRisk – Open Source Risk Management System

Hi Guys,

Today we will discuss about a basic hunt of a reflected cross site vulnerability in SimpleRisk platform but first lets know some general details about the platform itself

What is SimpleRisk?

SimpleRisk is an open-source risk management system released under Mozilla Public License and used for risk management activities. It enables risk managers to account for risks, plan mitigation measures, facilitate management reviews, prioritize for project planning, and track periodic reviews. SimpleRisk allows risk managers to prioritize enterprise responses according to the severity of threats and vulnerabilities that could impact the business.

SimpleRisk sports a dashboard for submitting a new risk for consideration by your team, for creating risk reports and graphs of risk levels and locations. Highly configurable, SimpleRisk report generation is dynamic; risk formulas could be tweaked on the fly.

Continue reading “CVE-2017-10711: Reflected XSS vulnerability in SimpleRisk – Open Source Risk Management System”

Share