New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Exploit/Vulnerability database?
Backstory: Have deployed a lot of Wordpress, Drupal, Joomla sites. I'd like to be able to see in a list or receive digests (emails) when new 0-day vulnerabilities that affect these systems are released into the wild.
Fine-grained control (such as only core, or core+specific plugins/modules) would be awesome. Haven't found anything like this. Does anyone know?
Comments
Not sure of this but there are plenty of ways of keeping your scripts up to date automatically, which might be easier
For WP you can subscribe to their mailing list, most likely same for other CMS's
For WP:
http://codex.wordpress.org/Mailing_Lists#Announcements
Automatically updating core/plugins is a bad move. There are plenty of things that change or break between versions. Having to explain to your customers why their site doesn't work after a failed/buggy "auto update" is not a good strategy. In fact, I'm not even sure how you can write that with a straight face.
Will subscribe, but since it's "major announcements" only, I'm not sure they report 0-day?
Edit: Also, what's with the stupid requirement for their development news list?
@littleguy Yeah lol a bit weird, I was just browsing through the WP plugins and this may be of use:
http://wordpress.org/extend/plugins/mail-on-update/
Might install it myself on our blog
Your best bet may be to subscribe to Bugtraq and Full Disclosure. Most stuff is posted there before it ever becomes "public".
For Drupal security updates, check out http://drupal.org/security
You would have to subscribe for the updates. I did it a while back and I notice they do a pretty good job releasing updates. Good luck.