Vulnerability Report: Open Redirect in Jive Social Networking Platform The enterprise social networking platform, Jive (jiveon.com) uses an exit-link tracking mechanism for all external links. The links through this exit mechanism were not validated. An attacker could leverage the trust in a Jive based social network to perform spear-phishing against community users. This issue was reported to Jive at has been remediated with an optional configuration setting as of the time of publication. Remediation requires action by the Jive instance administrator to enable this setting. 21 Oct 2016 :: Security :: #Jive #Vulnerability Report #open redirect
Vulnerability Report: Information Exposure in Oracle's iRecruitment Oracle's iRecruitment software is a HR system used by many government agencies and large private corporations. The system can be used to manage hiring information as well as current employee records. Upon using one such company's hiring system as an external applicant, I followed a hyperlink and was able to recover the entire company's corporate hierarchy, which includes employees names, contact information (primarily business-centric, but some personal information such as cell phones). More importantly, the vulnerability shows departmental breakdowns and reporting relationships in the hierarchy. Depending upon the amount of information stored and where by a particular organization, this could result in violation of employee privacy protection laws such as those from the state of Massachusetts… 27 Apr 2010 :: Security :: #Oracle #Vulnerability Report