0

I'm looking for a description list for major vulnerabilities such as SQLi, XSS etc.

The format should be like this:

Short Description:
Description:
Impact:
Solution/How to prevent:
References:

S.L. Barth
  • 5,486
  • 8
  • 38
  • 47
user3220381
  • 1
  • 1
  • Hi user3220381 - please read [ask] to understand what we need from questions here, and why your questions are all being closed. – Rory Alsop Jun 01 '15 at 22:18
  • possible dupe of http://security.stackexchange.com/questions/1225/which-site-do-you-use-to-view-details-of-vulnerabilities and http://security.stackexchange.com/questions/829/how-to-keep-an-eye-on-upgrades-patches-and-security-issues-for-used-open-source – dave_thompson_085 Jun 02 '15 at 02:17

5 Answers5

2

Since you mention SQLi and XSS, this seems to be primarily about web vulnerabilities. In that case, take a look at OWASP.

If you're asking this from a developer's point of view, you will be especially interested in their Cheat Sheets. For example, here is the XSS Cheat Sheet.

S.L. Barth
  • 5,486
  • 8
  • 38
  • 47
0

The most famous place where to list and discuss vulnerabilities is probably the Bugtraq mailing list.

dr_
  • 5,060
  • 4
  • 19
  • 30
0

A professionnal grade list of common vulnerabilities and exposures is available on the MITRE web server Common Vulnerabilities and Exposures.

For example if your would be interested in XSS: search on CVE for ID on XSS.

dan
  • 3,033
  • 14
  • 34
0

I like http://www.cvedetails.com/ since it allows me to generate a feed and search by product and version, but it is not the only place where I go to stay up to date, securityfocus.com (as mentioned in another answer) is also a very good resource. When it comes to staying up to date, my advise is not to rely on just one source, even reddit.com/r/security comes up with interesting things now and then.

Most often, the specific vendor also has a way of communicating changes in their versions, for example for MySQL Oracle releases these every so often.

Hope it helps

Purefan
  • 3,560
  • 19
  • 26
0

Maybe a bit too detailed for you, but I recommend the Common Vulnerabilities and Exposures list.
Although it's primary purpose is to provide a dictionary of common names (CVE Identifiers) for publicly known information security vulnerabilities, the fact that they are recognized and used throughout the industry makes them a source.
They partner with the U.S. National Vulnerability Database (NVD).

They have RSS feeds, or you can download their master lists or updates.

They just changed their syntax last januari 2015.

Others have built APIs around CVE Google cve api Common Vulnerabilities and Exposures to find e.g. the CVE-search API developed by CIRCL.