Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: RE: How to find if exploit exist to a reported CVE ?

RE: How to find if exploit exist to a reported CVE ?

From: Walsh, Leo <Leo_Walsh_at_jeffersonwells.com>
Date: Wed, 7 Nov 2007 07:39:40 -0600

I don't personally know of any place that tracks CVE to exploit code nor a place that tracks all exploit code. Here is what I usually do: Do a search at milw0rm for exploits matching the product and/or vendor for the affected technology Google search the CVE number and/or vulnerability name with the keyword "exploit" Follow the links referenced in the CVE for the vulnerability reporter Follow the links referenced in the CVE for vendor and any other 3rd party vulnerability companies That's about it. Sometimes the discussion on the 3rd party vulnerability company or vendor pages mentions a link to exploit code or that no code has been released so don't forget to read deeply into those bulletins linked in the CVE. -Leo Walsh, GSNA Jefferson Wells International 816-627-4222 (office) 913-484-8051 (cell) -----Original Message----- From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On Behalf Of Juan B Sent: Friday, November 02, 2007 7:35 PM To: pen-test@securityfocus.com Subject: How to find if exploit exist to a reported CVE ? Hi, I got a security vulnerability report and want to check if an known exploit exist for a particular CVe number. in which site I can find it out? milw0rm? thanks! Juan __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------ ******* Internet Email Confidentiality ******* The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that it is strictly prohibited (a) to disseminate, distribute or copy this communication or any of the information contained in it, or (b) to take any action based on the information in it. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Received on Nov 07 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]