Month: October 2009

  • Malware to Vulnerability Mappings.. Anyone?

    [This was originally published on the OSVDB blog.] Unbeknownst to many of us, MITRE’s Common Malware Enumeration (CME) project was declared dead, and apparently has been for a while. What is CME? From their site: CME was created to provide single, common identifiers to new virus threats and to the most prevalent virus threats in…

  • What features are sorely lacking from VDBs?

    [This was originally published on the OSVDB blog.] For over ten years, most Vulnerability Databases (VDBs) have done little to evolve. In some cases, they appear to be devolving. OSVDB recognized this many long ago but has struggled for years with a lack of resources, particularly developers. Now that we have saved up enough money,…

  • OSVDB – Search Enhance: by CVSS Score or Attribute

    [This was originally published on the OSVDB blog.] Using the ‘Advanced Search‘, you can now search the database by entering a CVSSv2 score range (e.g., 8 to 10) or by a specific CVSSv2 attribute (e.g., Confidentiality : Partial). To search for entries with only a 10 score, use the search range 10 to 10. Using…

  • OSVDB – Metasploit Reference Support Added & More

    [This was originally published on the OSVDB blog.] This week, HDMoore of Metasploit and OSVDB moderators discussed cross-reference support for each product. As many are now seeing, Metasploit has a search module that allows for fast searches by a number of external references, including OSVDB. On the OSVDB side, we now support a ‘Metasploit ID’…

  • OSVDB – Classification: Exploit Status Overhaul

    [This was originally published on the OSVDB blog.] OSVDB’s classification system is designed to categorize certain attributes of a vulnerability. This facilitates custom searches by a specific attribute, helps researchers develop metrics and gives a better picture of the vulnerability landscape. Until now, we’ve tracked if an exploit is ‘available’, ‘unavailable’, ‘rumored / private’ or…

  • OSVDB – Classification: Minor Touch-ups and Reorganization

    [This was originally published on the OSVDB blog.] In addition to overhauling the ‘exploit’ classification, additional touch-ups and reorganization has been done to the classification system. For volunteers that help mangle entries, watch out as items have shifted in flight. For users of OSVDB, these will be mostly cosmetic changes and should not impact searching.…

  • Boxes on the Porch

    On Thursday, I lost Figlet. After six months of diagnosis with two doctors, we finally determined she had Hyperthyroidism, which is extremely rare in piggies. The doctor I was taking her to was an exotic specialist who had specifically done research on Hyperthyroidism in guinea pigs. In all of his time, he had six confirmed…

  • OSVDB Now Supports CVSSv2 Scoring

    [This was originally published on the OSVDB blog.] OSVDB now displays CVSSv2 scores, mostly as calculated by the National Vulnerability Database (NVD): Along with the score, we display the date that NVD generated it and give users a method for recommending updates if they feel the score is inaccurate. While this is long overdue, this…