Security Advisories von MajorSecurity
Wir publizieren Security Advisories, in denen Sicherheitslücken aufgedeckt werden. Hierbei handelt es sich um Hinweise auf Verwundbarkeiten in Webanwendungen. Unter Verwundbarkeit versteht man in diesem Fall, dass eine Anwendung anfällig für Hackerangriffe ist.
Der Ablauf sieht folgendermaßen aus:1. Überprüfen einer Anwendung auf Verwundbarkeiten
2. Erstellung von Proof of Concept Exploits
3. Kontaktieren des Herstellers
4. Abwarten der Rückmeldung des Herstellers
5. Gegebenenfalls Zusendung eines funktionstüchtigen Patches für die Sicherheitslücken
6. Publizieren des Advisorys, sobald der Hersteller einen Patch für die jeweilige Sicherheitslücke bereit stellt
Hier sehen Sie die Auflistungen der von uns aufgedeckten Sicherheitslücken in bekannten Applikationen.
| Release: | Date: | Application: | Type: |
|---|---|---|---|
| #80 | 13-08-2010 | WordPress 3 | Cross-site Scripting Issue |
| #79 | 27-07-2010 | PHPKIT WCMS | stored Cross Site Scripting Issues |
| #78 | 27-07-2010 | PHPKIT WCMS | Cross-site Scripting Issue |
| #77 | 18-07-2010 | XINHA WYSIWYG Editor | Cross Site Scripting Issue |
| #76 | 13-07-2010 | Conpresso CMS 4.1.1 | Cross-site Scripting Issues |
| #75 | 16-06-2010 | RedAks CMS 2 | SQL Injection |
| #74 | 15-06-2010 | RedAks CMS 2 | Cross-site Scripting Issues |
| #73 | 14-06-2010 | Subdreamer CMS | SQL Injection |
| #72 | 11-06-2010 | Magnolia CMS Enterprise Edition | Cross site Scripting Issues |
| #71 | 12-06-2010 | phpFaber CMS | Cross-site Scripting Issues |
| #70 | 09-06-2010 | Plume CMS | Cross-site Request Forgery |
| #69 | 08-06-2010 | Invision IP.Board | stored Cross site Scripting Issues |
| #68 | 07-06-2010 | Anantasoft Gazelle CMS | Cross-site Request Forgery |
| #67 | 06-06-2010 | Invision Power Board | Full Path Disclosures |
| #66 | 05-06-2010 | chillyCMS | Cross-site Request Forgery |
| #65 | 02-02-2010 | Motorola Milestone smartphone | Remote Crash Exploit |
| #64 | 05-02-2010 | Apple Safari 4 | Remote Denial of Service |
| #63 | Reserved | xt:Commerce | Upcoming coordinated disclosure |
| #62 | Reserved | MS Outlook Web Access | Pending Disclosure |
| #61 | Reserved | DotNetNuke | Pending Disclosure |
| #60 | 04-12-2009 | Mozila Firefox 3.5.5 | Remote Crash Vulnerability |
| #59 | 22-09-2009 | PHP 5.3 | Security issue in mysqli_real_escape_string() |
| #58 | 16-10-2009 | PHP 5.2.11 | Several Vulnerabilites in file_get_contents() |
| #57 | 27-09-2009 | PHP 5.3 | Security issue in preg_match() |
| #56 | 21-09-2008 | moziloWiki | Cross Site Scripting and Session Fixation Issues |
| #55 | 22-09-2009 | moziloCMS | Directory Traversal, Cross Site Scripting,Session Fixation Issues |
| #54 | 21-09-2008 | xt:Commerce | Cross Site Scripting and Session Fixation Issues |
| #53 | 20-09-2008 | BLUEPAGE CMS | Cross Site Scripting and Session Fixation Issues |
| #52 | 13-05-2008 | Actual Analyzer | Cross Site Scripting Issues |
| #51 | 21-07-2007 | Virtual Hosting Control System | Session Fixation Issue |
| #50 | 01-06-2007 | Chameleon CMS | Session Fixation Issue |
| #49 | 01-06-2007 | Calimero.CMS | Session Fixation Issue |
| #48 | 29-05-2007 | eggblog | Session Fixation Issue |
| #47 | 05-05-2007 | Simple Machines Forum | Session Fixation Issue |
| #46 | 24-04-2007 | Plogger | Session Fixation Issue |
| #45 | 15-04-2007 | oe2edit CMS | Cross-Site-Scripting Issue |
| #44 | 13-04-2007 | MailBee WebMail Pro | Cross-Site-Scripting Issue |
| #43 | 11-04-2007 | Calacode ATMail | Cookie Manipulation and Cross-Site-Scripting Issue |
| #42 | 07-04-2007 | webblizzard CMS | Cross-Site-Scripting and Session fixation Issues |
| #41 | 06-04-2007 | courts online | Session fixation and Cross-Site-Scripting Issues |
| #40 | 06-04-2007 | eboShop | Session fixation and Cross-Site-Scripting Issues |
| #39 | 06-04-2007 | onebyone CMS | Session fixation and Cross-Site-Scripting Issues |
| #38 | 04-04-2007 | eXV2 CMS | Session fixation and Cross-Site-Scripting Issues |
| #37 | 03-04-2007 | holaCMS | Cross Site Scripting Issue |
| #36 | 18-11-2006 | dev4u CMS | Multiple Cross Site Scripting and SQL Injection Issues |
| #35 | 18-11-2006 | Travelsized CMS | Multiple Cross Site Scripting Issues |
| #34 | 14-11-2006 | PLESK | Multiple Cross Site Scripting Issues |
| #33 | 11-11-2006 | ShopSystems | SQL Injection Issue |
| #32 | 06-11-2006 | phpComasy CMS | Multiple Cross Site Scripting Issues |
| #31 | 04-11-2006 | Xenis.creator CMS | Multiple Cross Site Scripting and SQL Injection Issues |
| #30 | 04-11-2006 | admin.tool 3 CMS | Multiple Cross Site Scripting Issues |
| #29 | 29-10-2006 | foresite CMS | Cross Site Scripting Issue |
| #28 | 29-09-2006 | ConPresso CMS | Multiple XSS and SQL Injection Issues |
| #27 | 03-08-2006 | Toenda CMS | Cross Site Scripting Issue |
| #26 | 23-06-2006 | Woltlab Burning Board | Cross Site Scripting, Session fixation and SQL Injection Vulnerabilities |
| #25 | 22-07-2006 | Advanced Guestbook for phpBB | Cross Site Scripting and Cookie Disclosure Vulnerability |
| #24 | 22-07-2006 | Fire-Mouse Toplist | Cross Site Scripting and SQL Injection Vulnerabilities |
| #23 | 21-07-2006 | BLOG:CMS | Cross Site Scripting and Cookie Disclosure Vulnerability |
| #22 | 20-07-2006 | Paddelberg TOP XL | Cross Site Scripting and Cookie Disclosure Vulnerability |
| #21 | 19-07-2006 | phpFaber Topsites | Multiple Cross Site Scripting and SQL Injection Vulnerabilities |
| #20 | 18-07-2006 | SiteDepth CMS | Remote File Inclusion Vulnerability |
| #19 | 23-06-2006 | AutoRank PHP Pro | Multiple Cross Site Scripting and Cookie Disclosure Vulnerabilities |
| #18 | 12-06-2006 | Ralf Image Gallery | Multiple Cross Site Scripting , Directory traversal and remote File Inclusion vulnerabilities |
| #17 | 12-06-2006 | SixCMS | Multiple Cross Site Scripting and directory traversal vulnerabilities |
| #16 | 11-06-2006 | Censored | Revoked |
| #15 | 11-06-2006 | Censored | Revoked |
| #14 | 10-06-2006 | CFXe-CMS | Cross Site Scripting Issue |
| #13 | 10-06-2006 | Cababos Web CMS | Cross Site Scripting Issue |
| #12 | 10-06-2006 | ZMS | Revoked |
| #11 | 10-06-2006 | OpenCMS | Cross Site Scripting Issue |
| #10 | 08-06-2006 | i.List Toplist | Multiple Parameter Handling Script Insertion and Cross Site Scripting Issues |
| #9 | 03-06-2006 | HostAdmin | Remote File Inclusion Vulnerability |
| #8 | 03-06-2006 | DreamAccount | Remote File Inclusion Vulnerability |
| #7 | 02-06-2006 | dotWidget CMS | Remote File Inclusion Vulnerability |
| #6 | 23-05-2006 | SocketMail | Remote File Inclusion Vulnerability |
| #5 | 04-05-2006 | phpListPro 2.01 | Multiple Remote File Inclusion Vulnerabilities |
| #4 | 24-04-2006 | phpMyAgenda | Remote File Inclusion Vulnerability |
| #3 | 23-04-2006 | TotalCalendar | Remote File Inclusion Vulnerability |
| #2 | 19-04-2006 | ActualAnalyzer | Remote File Inclusion Vulnerability |
| #1 | 11-04-2006 | phpListPro 1.x | Remote File Inclusion Vulnerability |