Exploit/Vulnerability database?

Exploit/Vulnerability database?

littleguylittleguy Member
edited October 2012 in General

Backstory: Have deployed a lot of Wordpress, Drupal, Joomla sites. I'd like to be able to see in a list or receive digests (emails) when new 0-day vulnerabilities that affect these systems are released into the wild.

Fine-grained control (such as only core, or core+specific plugins/modules) would be awesome. Haven't found anything like this. Does anyone know?

Comments

  • Not sure of this but there are plenty of ways of keeping your scripts up to date automatically, which might be easier :)

    Loading Deck - Cloud Consultants: Server Management | Consultancy | Software Development
  • For WP you can subscribe to their mailing list, most likely same for other CMS's

    For WP: http://codex.wordpress.org/Mailing_Lists#Announcements

    Patrick ~ INIZ Rep

    | Inactive
    Thanked by 1ErawanArifNugroho
  • littleguylittleguy Member
    edited October 2012

    @jhadley said: there are plenty of ways of keeping your scripts up to date automatically

    Automatically updating core/plugins is a bad move. There are plenty of things that change or break between versions. Having to explain to your customers why their site doesn't work after a failed/buggy "auto update" is not a good strategy. In fact, I'm not even sure how you can write that with a straight face.

    @StormVZ said: For WP you can subscribe to their mailing list, most likely same for other CMS's

    Will subscribe, but since it's "major announcements" only, I'm not sure they report 0-day?

    Edit: Also, what's with the stupid requirement for their development news list?

    This list is only open to developers who have a plugin in the WordPress Plugins Directory or a theme in the WordPress Themes

  • @littleguy Yeah lol a bit weird, I was just browsing through the WP plugins and this may be of use: http://wordpress.org/extend/plugins/mail-on-update/

    Might install it myself on our blog

    Patrick ~ INIZ Rep

    | Inactive
  • Your best bet may be to subscribe to Bugtraq and Full Disclosure. Most stuff is posted there before it ever becomes "public".

  • For Drupal security updates, check out http://drupal.org/security You would have to subscribe for the updates. I did it a while back and I notice they do a pretty good job releasing updates. Good luck.

Sign In or Register to comment.