Täglich werden weltweit tausende von Webseiten kompromittiert.
Wie sicher ist Ihre eigene Webpräsenz?
Wir finden es für Sie heraus! Klicken Sie hier für nähere Informationen.

Security Advisories von MajorSecurity


Wir publizieren Security Advisories, in denen Sicherheitslücken aufgedeckt werden. Hierbei handelt es sich um Hinweise auf Verwundbarkeiten in Webanwendungen. Unter Verwundbarkeit versteht man in diesem Fall, dass eine Anwendung anfällig für Hackerangriffe ist.

Der Ablauf sieht folgendermaßen aus:

1. Überprüfen einer Anwendung auf Verwundbarkeiten
2. Erstellung von Proof of Concept Exploits
3. Kontaktieren des Herstellers
4. Abwarten der Rückmeldung des Herstellers
5. Gegebenenfalls Zusendung eines funktionstüchtigen Patches für die Sicherheitslücken
6. Publizieren des Advisorys, sobald der Hersteller einen Patch für die jeweilige Sicherheitslücke bereit stellt

Hier sehen Sie die Auflistungen der von uns aufgedeckten Sicherheitslücken in bekannten Applikationen.

Release:Date:Application:Type:
#8013-08-2010WordPress 3Cross-site Scripting Issue
#7927-07-2010PHPKIT WCMSstored Cross Site Scripting Issues
#7827-07-2010PHPKIT WCMSCross-site Scripting Issue
#7718-07-2010XINHA WYSIWYG EditorCross Site Scripting Issue
#7613-07-2010Conpresso CMS 4.1.1Cross-site Scripting Issues
#7516-06-2010RedAks CMS 2SQL Injection
#7415-06-2010RedAks CMS 2Cross-site Scripting Issues
#7314-06-2010Subdreamer CMSSQL Injection
#7211-06-2010Magnolia CMS Enterprise EditionCross site Scripting Issues
#7112-06-2010phpFaber CMSCross-site Scripting Issues
#7009-06-2010Plume CMSCross-site Request Forgery
#6908-06-2010Invision IP.Boardstored Cross site Scripting Issues
#6807-06-2010Anantasoft Gazelle CMS Cross-site Request Forgery
#6706-06-2010Invision Power BoardFull Path Disclosures
#6605-06-2010chillyCMSCross-site Request Forgery
#6502-02-2010Motorola Milestone smartphoneRemote Crash Exploit
#6405-02-2010Apple Safari 4Remote Denial of Service
#63Reservedxt:CommerceUpcoming coordinated disclosure
#62ReservedMS Outlook Web AccessPending Disclosure
#61ReservedDotNetNukePending Disclosure
#6004-12-2009Mozila Firefox 3.5.5Remote Crash Vulnerability
#5922-09-2009PHP 5.3Security issue in mysqli_real_escape_string()
#5816-10-2009PHP 5.2.11Several Vulnerabilites in file_get_contents()
#5727-09-2009PHP 5.3Security issue in preg_match()
#5621-09-2008moziloWikiCross Site Scripting and Session Fixation Issues
#5522-09-2009moziloCMSDirectory Traversal, Cross Site Scripting,Session Fixation Issues
#5421-09-2008xt:CommerceCross Site Scripting and Session Fixation Issues
#5320-09-2008BLUEPAGE CMSCross Site Scripting and Session Fixation Issues
#5213-05-2008Actual AnalyzerCross Site Scripting Issues
#5121-07-2007Virtual Hosting Control SystemSession Fixation Issue
#5001-06-2007Chameleon CMS Session Fixation Issue
#4901-06-2007Calimero.CMS Session Fixation Issue
#4829-05-2007eggblog Session Fixation Issue
#4705-05-2007Simple Machines Forum Session Fixation Issue
#4624-04-2007Plogger Session Fixation Issue
#4515-04-2007oe2edit CMS Cross-Site-Scripting Issue
#4413-04-2007MailBee WebMail Pro Cross-Site-Scripting Issue
#4311-04-2007Calacode ATMail Cookie Manipulation and Cross-Site-Scripting Issue
#4207-04-2007webblizzard CMSCross-Site-Scripting and Session fixation Issues
#4106-04-2007courts onlineSession fixation and Cross-Site-Scripting Issues
#4006-04-2007eboShopSession fixation and Cross-Site-Scripting Issues
#3906-04-2007onebyone CMSSession fixation and Cross-Site-Scripting Issues
#3804-04-2007eXV2 CMSSession fixation and Cross-Site-Scripting Issues
#3703-04-2007holaCMSCross Site Scripting Issue
#3618-11-2006dev4u CMSMultiple Cross Site Scripting and SQL Injection Issues
#3518-11-2006Travelsized CMSMultiple Cross Site Scripting Issues
#3414-11-2006PLESKMultiple Cross Site Scripting Issues
#3311-11-2006ShopSystemsSQL Injection Issue
#3206-11-2006phpComasy CMSMultiple Cross Site Scripting Issues
#3104-11-2006Xenis.creator CMSMultiple Cross Site Scripting and SQL Injection Issues
#3004-11-2006admin.tool 3 CMSMultiple Cross Site Scripting Issues
#2929-10-2006foresite CMSCross Site Scripting Issue
#2829-09-2006ConPresso CMSMultiple XSS and SQL Injection Issues
#2703-08-2006Toenda CMSCross Site Scripting Issue
#2623-06-2006Woltlab Burning BoardCross Site Scripting, Session fixation and SQL Injection Vulnerabilities
#2522-07-2006Advanced Guestbook for phpBBCross Site Scripting and Cookie Disclosure Vulnerability
#2422-07-2006Fire-Mouse ToplistCross Site Scripting and SQL Injection Vulnerabilities
#2321-07-2006BLOG:CMSCross Site Scripting and Cookie Disclosure Vulnerability
#2220-07-2006Paddelberg TOP XLCross Site Scripting and Cookie Disclosure Vulnerability
#2119-07-2006phpFaber TopsitesMultiple Cross Site Scripting and SQL Injection Vulnerabilities
#2018-07-2006SiteDepth CMSRemote File Inclusion Vulnerability
#1923-06-2006AutoRank PHP ProMultiple Cross Site Scripting and Cookie Disclosure Vulnerabilities
#1812-06-2006Ralf Image GalleryMultiple Cross Site Scripting , Directory traversal and remote File Inclusion vulnerabilities
#1712-06-2006SixCMSMultiple Cross Site Scripting and directory traversal vulnerabilities
#1611-06-2006CensoredRevoked
#1511-06-2006CensoredRevoked
#1410-06-2006CFXe-CMSCross Site Scripting Issue
#1310-06-2006Cababos Web CMSCross Site Scripting Issue
#1210-06-2006ZMSRevoked
#1110-06-2006OpenCMSCross Site Scripting Issue
#1008-06-2006i.List ToplistMultiple Parameter Handling Script Insertion and Cross Site Scripting Issues
#903-06-2006HostAdminRemote File Inclusion Vulnerability
#803-06-2006DreamAccountRemote File Inclusion Vulnerability
#702-06-2006dotWidget CMSRemote File Inclusion Vulnerability
#623-05-2006SocketMailRemote File Inclusion Vulnerability
#504-05-2006phpListPro 2.01Multiple Remote File Inclusion Vulnerabilities
#424-04-2006phpMyAgendaRemote File Inclusion Vulnerability
#323-04-2006TotalCalendarRemote File Inclusion Vulnerability
#219-04-2006ActualAnalyzerRemote File Inclusion Vulnerability
#111-04-2006phpListPro 1.xRemote File Inclusion Vulnerability
Dienstleistungen
MajorSecurity
Kundenmeinungen
"Um unseren Kunden Sicherheit zu gewährleisten, vertrauen wir auf MajorSecurity Research." - IT Leiter Geizstrom.de

"Durch Sie ist Sedo noch ein Stück sicherer geworden." - Leiter Softwareentwicklung Sedo GmbH

"Vielen Dank für die schnelle Schwachstellenidentifikation und die Behebung der gefundenen Sicherheitslücken." - IT Verantwortlicher Privatekrankenversicherung24.de