Exploit/Vulnerability database?
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

Exploit/Vulnerability database?

littleguylittleguy Member
edited October 2012 in General

Backstory: Have deployed a lot of Wordpress, Drupal, Joomla sites. I'd like to be able to see in a list or receive digests (emails) when new 0-day vulnerabilities that affect these systems are released into the wild.

Fine-grained control (such as only core, or core+specific plugins/modules) would be awesome. Haven't found anything like this. Does anyone know?

Comments

  • jhjh Member

    Not sure of this but there are plenty of ways of keeping your scripts up to date automatically, which might be easier :)

    I'm an experienced software engineer. Want something built? Contact me!

  • For WP you can subscribe to their mailing list, most likely same for other CMS's

    For WP: http://codex.wordpress.org/Mailing_Lists#Announcements

    Patrick | INIZ
    Thanked by 1ErawanArifNugroho
  • littleguylittleguy Member
    edited October 2012

    @jhadley said: there are plenty of ways of keeping your scripts up to date automatically

    Automatically updating core/plugins is a bad move. There are plenty of things that change or break between versions. Having to explain to your customers why their site doesn't work after a failed/buggy "auto update" is not a good strategy. In fact, I'm not even sure how you can write that with a straight face.

    @StormVZ said: For WP you can subscribe to their mailing list, most likely same for other CMS's

    Will subscribe, but since it's "major announcements" only, I'm not sure they report 0-day?

    Edit: Also, what's with the stupid requirement for their development news list?

    This list is only open to developers who have a plugin in the WordPress Plugins Directory or a theme in the WordPress Themes

  • @littleguy Yeah lol a bit weird, I was just browsing through the WP plugins and this may be of use: http://wordpress.org/extend/plugins/mail-on-update/

    Might install it myself on our blog

    Patrick | INIZ
  • Your best bet may be to subscribe to Bugtraq and Full Disclosure. Most stuff is posted there before it ever becomes "public".

  • For Drupal security updates, check out http://drupal.org/security You would have to subscribe for the updates. I did it a while back and I notice they do a pretty good job releasing updates. Good luck.

    'When someone says its free, know that someone else paid the price for it'

    UptimeTrack Free website and server monitoring! Get 10 free monitors today!

    WHM Superb Energize your cPanel with Radio Streaming, Voice Conferencing and more!

Sign In or Register to comment.