Tell me more ×
IT Security Stack Exchange is a question and answer site for IT security professionals. It's 100% free, no registration required.
up vote 1 down vote favorite

For a web security app I'm working on, I want to list all the exploits that a certain Wordpress version have. (and hopefully the same for other CMSs)

I found some (open) exploits databases that list those kind of exploits:

Unfortunately, their exploits database is not really structured. CVEDetails gives exploits per application, but it's hard to get the version number from that ; Also they don't give an access to some structured database (XML, JSON, ...) or API to easily fetch the exploits. The 'National Vulnerability Database' doesn't give details about which app and version is vulnerable.

Where could I find some open (and free for commercial use) exploit databases?

share|improve this question

2 Answers

up vote 5 down vote

Use the CVE database itself. They have a structured XML where you can extract all vulnerabilities you want.

share|improve this answer
up vote 3 down vote

The OSVDB provides an API for exactly this sort of thing. It's free but limited to 2 queries per day for non-commercial use. You will need to pay for a license if you want more than this.

In the past they have also provided database dumps in various formats however I'm not sure if they still do this.

A word on free-for-commercial-use: No matter where you get your vulnerability information from, you will probably find that if your product is at all successful you will either be contacted with a request for money or your customer's requests will suddenly be blocked.

You should plan accordingly.

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.