"Um unseren Kunden Sicherheit zu gewährleisten, vertrauen wir auf MajorSecurity Research."IT Leiter, Geizstrom
"Überraschend und erschreckend zugleich wie einfach selbst moderne Systeme zu "hacken" sind - Sehr hohes Niveau während des Audits." IT-Leiter Tarifprofi
"Sehr gutes und tiefgehendes Wissen im Bereich Web Application Auditing." CEO, HACKATTACK IT SECURITY GmbH
In unregelmäßigen Abständen publiziere ich Security Advisories, in denen Sicherheitslücken aufgedeckt werden. Hierbei handelt es sich um Hinweise auf Verwundbarkeiten in Applikationen. Unter Verwundbarkeit versteht man in diesem Fall, dass eine Applikation konkrete Angriffsvektoren für potentiell böswillige Hacker und Kriminelle bietet.
Der Ablauf sieht folgendermaßen aus:| MajorSecurity-SA-2012-001 | 2022-01-06 | phpMyAdmin <=3.4.7 | Cross-site Scripting in "rename" feature |
| MajorSecurity-SA-2012-002 | 2022-01-06 | phpMyAdmin <=3.4.7 | Cross-site Scripting in "synchronise" feature |
| MajorSecurity-SA-2012-003 | 2022-01-06 | Piwik 1.5.x | Reflected Cross Site Scripting |
| MajorSecurity-SA-2012-004 | 2022-01-06 | Piwik 1.5.x | Persistant Cross Site Scripting |
| MajorSecurity-SA-2012-005 | upcoming | Apache XX | Script Injection via HTTP Header |
| MajorSecurity-SA-2012-006 | upcoming | Opera 11.60 Webbrowser | File Permission Bypass |
| MajorSecurity-SA-2012-007 | upcoming | Typo3 "phpMyAdmin" Plugin | BB-Code Injection |
| MajorSecurity-SA-2012-008 | upcoming | Piwik 1.6 | no information until the vendor has released a fix |
| MajorSecurity-SA-2012-009 | upcoming | Firefox 9.x | Adressbar Spoofing |
| MajorSecurity-SA-2012-010 | upcoming | JQuery | no information until the vendor has released a fix |
| MajorSecurity-SA-2012-011 | upcoming | Safari 5.1.2 Webbrowser | File Permission Bypass |
| MajorSecurity-SA-2012-012 | upcoming | Chive 1.0.1 | no information until the vendor has released a fix |
| #82 | 2022-01-18 | Simploo CMS Community Edition | Remote PHP Code Execution Issue |
| #81 | 2022-01-12 | Contao CMS 2.9.2 | Persistent Cross Site Scripting Issue |
| #80 | 2021-08-13 | WordPress 3.0.1 | Cross Site Scripting Issue |
| #79 | 2021-07-27 | PHPKIT WCMS | Multiple stored Cross Site Scripting Issues |
| #78 | 2021-07-27 | PHPKIT WCMS | Reflected Cross Site Scripting Issue |
| #77 | 2021-07-16 | Conpresso CMS v4.1.1 | Cross site Scripting vulnerabilities |
| #76 | 2022-01-18 | Simploo CMS Community Edition | Remote PHP Code Execution Issue |
| #75 | 16-06-2021 | RedAks CMS 2 | SQL Injection |
| #74 | 15-06-2021 | RedAks CMS 2 | Cross-site Scripting Issues |
| #73 | 14-06-2021 | Subdreamer CMS | SQL Injection |
| #72 | 11-06-2021 | Magnolia CMS Enterprise Edition | Cross site Scripting Issues |
| #71 | 12-06-2021 | phpFaber CMS | Cross-site Scripting Issues |
| #70 | 09-06-2021 | Plume CMS | Cross-site Request Forgery |
| #69 | 08-06-2021 | Invision IP.Board | stored Cross site Scripting Issues |
| #68 | 07-06-2021 | Anantasoft Gazelle CMS | Cross-site Request Forgery |
| #67 | 06-06-2021 | Invision Power Board | type casting issues |
| #66 | 05-06-2021 | chillyCMS | Cross-site Request Forgery |
| #65 | 02-02-2022 | Motorola Milestone smartphone | Remote Crash Exploit |
| #64 | 05-02-2022 | Apple Safari 4 | Remote Denial of Service |
| #63 | Reserved | xt:Commerce | Upcoming coordinated disclosure |
| #62 | Reserved | MS Outlook Web Access | Pending Disclosure |
| #61 | Reserved | DotNetNuke | Pending Disclosure |
| #60 | 04-12-2021 | Mozila Firefox 3.5.5 | Remote Crash Vulnerability |
| #59 | 22-09-2021 | PHP 5.3 | Security issue in mysqli_real_escape_string() |
| #58 | 16-10-2021 | PHP 5.2.11 | Several Vulnerabilites in file_get_contents() |
| #57 | 27-09-2021 | PHP 5.3 | Security issue in preg_match() |
| #56 | 21-09-2021 | moziloWiki | Cross Site Scripting and Session Fixation Issues |
| #55 | 22-09-2021 | moziloCMS | Directory Traversal, Cross Site Scripting,Session Fixation Issues |
| #54 | 21-09-2021 | xt:Commerce | Cross Site Scripting and Session Fixation Issues |
| #53 | 20-09-2021 | BLUEPAGE CMS | Cross Site Scripting and Session Fixation Issues |
| #52 | 13-05-2021 | Actual Analyzer | Cross Site Scripting Issues |
| #51 | 21-07-2021 | Virtual Hosting Control System | Session Fixation Issue |
| #50 | 01-06-2021 | Chameleon CMS | Session Fixation Issue |
| #49 | 01-06-2021 | Calimero.CMS | Session Fixation Issue |
| #48 | 29-05-2021 | eggblog | Session Fixation Issue |
| #47 | 05-05-2021 | Simple Machines Forum | Session Fixation Issue |
| #46 | 24-04-2021 | Plogger | Session Fixation Issue |
| #45 | 15-04-2021 | oe2edit CMS | Cross-Site-Scripting Issue |
| #44 | 13-04-2021 | MailBee WebMail Pro | Cross-Site-Scripting Issue |
| #43 | 11-04-2021 | Calacode ATMail | Cookie Manipulation and Cross-Site-Scripting Issue |
| #42 | 07-04-2021 | webblizzard CMS | Cross-Site-Scripting and Session fixation Issues |
| #41 | 06-04-2021 | courts online | Session fixation and Cross-Site-Scripting Issues |
| #40 | 06-04-2021 | eboShop | Session fixation and Cross-Site-Scripting Issues |
| #39 | 06-04-2021 | onebyone CMS | Session fixation and Cross-Site-Scripting Issues |
| #38 | 04-04-2021 | eXV2 CMS | Session fixation and Cross-Site-Scripting Issues |
| #37 | 03-04-2021 | holaCMS | Cross Site Scripting Issue |
| #36 | 18-11-2021 | dev4u CMS | Multiple Cross Site Scripting and SQL Injection Issues |
| #35 | 18-11-2021 | Travelsized CMS | Multiple Cross Site Scripting Issues |
| #34 | 14-11-2021 | PLESK | Multiple Cross Site Scripting Issues |
| #33 | 11-11-2021 | ShopSystems | SQL Injection Issue |
| #32 | 06-11-2021 | phpComasy CMS | Multiple Cross Site Scripting Issues |
| #31 | 04-11-2021 | Xenis.creator CMS | Multiple Cross Site Scripting and SQL Injection Issues |
| #30 | 04-11-2021 | admin.tool 3 CMS | Multiple Cross Site Scripting Issues |
| #29 | 29-10-2021 | foresite CMS | Cross Site Scripting Issue |
| #28 | 29-09-2021 | ConPresso CMS | Multiple XSS and SQL Injection Issues |
| #27 | 03-08-2021 | Toenda CMS | Cross Site Scripting Issue |
| #26 | 23-06-2021 | Woltlab Burning Board | Cross Site Scripting, Session fixation and SQL Injection Vulnerabilities |
| #25 | 22-07-2021 | Advanced Guestbook for phpBB | Cross Site Scripting and Cookie Disclosure Vulnerability |
| #24 | 22-07-2021 | Fire-Mouse Toplist | Cross Site Scripting and SQL Injection Vulnerabilities |
| #23 | 21-07-2021 | BLOG:CMS | Cross Site Scripting and Cookie Disclosure Vulnerability |
| #22 | 20-07-2021 | Paddelberg TOP XL | Cross Site Scripting and Cookie Disclosure Vulnerability |
| #21 | 19-07-2021 | phpFaber Topsites | Multiple Cross Site Scripting and SQL Injection Vulnerabilities |
| #20 | 18-07-2021 | SiteDepth CMS | Remote File Inclusion Vulnerability |
| #19 | 23-06-2021 | AutoRank PHP Pro | Multiple Cross Site Scripting and Cookie Disclosure Vulnerabilities |
| #18 | 12-06-2021 | Ralf Image Gallery | Multiple Cross Site Scripting , Directory traversal and remote File Inclusion vulnerabilities |
| #17 | 12-06-2021 | SixCMS | Multiple Cross Site Scripting and directory traversal vulnerabilities |
| #16 | 11-06-2021 | Censored | Revoked |
| #15 | 11-06-2021 | Censored | Revoked |
| #14 | 10-06-2021 | CFXe-CMS | Cross Site Scripting Issue |
| #13 | 10-06-2021 | Cababos Web CMS | Cross Site Scripting Issue |
| #12 | 10-06-2021 | ZMS | Revoked |
| #11 | 10-06-2021 | OpenCMS | Cross Site Scripting Issue |
| #10 | 08-06-2021 | i.List Toplist | Multiple Parameter Handling Script Insertion and Cross Site Scripting Issues |
| #9 | 03-06-2021 | HostAdmin | Remote File Inclusion Vulnerability |
| #8 | 03-06-2021 | DreamAccount | Remote File Inclusion Vulnerability |
| #7 | 02-06-2021 | dotWidget CMS | Remote File Inclusion Vulnerability |
| #6 | 23-05-2021 | SocketMail | Remote File Inclusion Vulnerability |
| #5 | 04-05-2021 | phpListPro 2.01 | Multiple Remote File Inclusion Vulnerabilities |
| #4 | 24-04-2021 | phpMyAgenda | Remote File Inclusion Vulnerability |
| #3 | 23-04-2021 | TotalCalendar | Remote File Inclusion Vulnerability |
| #2 | 19-04-2021 | ActualAnalyzer | Remote File Inclusion Vulnerability |
| #1 | 11-04-2021 | phpListPro 1.x | Remote File Inclusion Vulnerability |