OSVDB - Apr 14 Code Push
Posted by jericho
Dave pushed a new set of code changes today! Here is a very brief summary of some of the highlights:
Public Enhancements:
- Browse now has: Browse by Top Creditee, Browse by Creditee Name [Remember, we need more entries at 100% to make this more accurate and complete. Mangle your own vulnerabilities and fill in the missing creditee!]
- Three new dates added to schema (Screenshot) [The new date fields won’t appear on the front end yet, as more changes are required, but we now have the capability to track a more thorough history of the vulnerability]
- Menu Changes and new pages in support of that.
- More diverse “Donation” options [Come on, donate 5 bucks and skip that fourth Latte!]
- General bug fixes/tweaks
- Vendor dictionary - change e-mail addresses to stop automatic harvesting
- New template for CSRF vulnerabilities
Behind the Scenes:
There is actually one more really cool public feature people should check out. It is the Narrow Search feature in the search function……
Check out the search results for Microsoft:
You will see that there are 1918 results…..
At the top… click Narrow Search and notice that you can now narrow it by Vulnerability Type and Disclosure Year…..
Vulnerability Type
Other 723 DOS 381 Overflow 292 CodeExecution 205 PrivilegeEscalation 80 InfoDisclosure 75 MemoryCorruption 63 XSS 51 ArbitraryFile 36 PathDisclosure 11 CSRF 1
Disclosure Year
2006 290 2002 248 2004 246 2007 231 2005 184 2000 166 2003 159 2001 139 1999 121 2008 58 1998 35 1997 27 1995 10 1996 4
Very cool!