From: Walsh, Leo (Leo_Walsh@jeffersonwells.com)
Date: Wed Nov 07 2007 - 08:39:40 EST
I don't personally know of any place that tracks CVE to exploit code nor
a place that tracks all exploit code. Here is what I usually do:
Do a search at milw0rm for exploits matching the product and/or vendor
for the affected technology
Google search the CVE number and/or vulnerability name with the keyword
"exploit"
Follow the links referenced in the CVE for the vulnerability reporter
Follow the links referenced in the CVE for vendor and any other 3rd
party vulnerability companies
That's about it. Sometimes the discussion on the 3rd party vulnerability
company or vendor pages mentions a link to exploit code or that no code
has been released so don't forget to read deeply into those bulletins
linked in the CVE.
-Leo Walsh, GSNA
Jefferson Wells International
816-627-4222 (office)
913-484-8051 (cell)
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Juan B
Sent: Friday, November 02, 2007 7:35 PM
To: pen-test@securityfocus.com
Subject: How to find if exploit exist to a reported CVE ?
Hi,
I got a security vulnerability report and want to check if an known
exploit exist for a particular CVe number. in which site I can find it
out? milw0rm?
thanks!
Juan
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
******* Internet Email Confidentiality ******* The information
contained in this message may be privileged and confidential and
protected from disclosure. If the reader of this message is not the
intended recipient, or an employee or agent responsible for
delivering this message to the intended recipient, you are hereby
notified that it is strictly prohibited (a) to disseminate,
distribute or copy this communication or any of the information
contained in it, or (b) to take any action based on the information
in it. If you have received this communication in error, please
notify us immediately by replying to the message and deleting it
from your computer.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:12 EDT