SecurityAlert is Vulnerability Database that monitors vulnerabilities and helps you to keep track of the latest security vulnerabilities.
Every Vulnerability is identified by unique "SecurityAlert" id and "CVE" number providing easy access to each Vulnerability in our database through search engine ( Selecting "CVE" in the "Where:" ) and links visiting .

  http://securityreason.com/securityalert/cvename/CVE-NUMBER

  http://securityreason.com/securityalert/SECURITYALERT-ID

We implemented CVE in our SecurityAlert Database, because we know that CVE is authoritative and dependable source of information about vulnerabilities and one of the first sites putting information about new vulnerabilities.
SecurityReason realizes the importance of common security identifiers in security vulnerability advisories.

The SecurityAlert Database is updated everyday and it is based on the most recent updates made by CVE, CERT, US-CERT, NVD and others sources of information .
In our database we have three stage of security "SecurityRisk" :

- Low - It is used for Cross-site scripting, Cross-site request forgery, Full path disclosure vulnerabilities and locally exploitable Denial of Service vulnerabilities. Also it is used for vulnerabilities allowing system information disclosure and exposure of sensitive data .

- Medium - It is used for SQL Injection, Directory traversal, Privilege escalation vulnerabilities and remotely exploitable Denial of Service vulnerabilities. Also it is used for vulnerabilities that can lead to system compromise but require user interaction.

- High - It is used for Buffer overflow vulnerabilities and Remote file inclusion (RFI) vulnerabilities. Also it is used for vulnerabilities that can lead to system compromise and remote command execution. Usually vulnerabilities are remotely exploitable and does not require any user interaction.

"Remote Exploit" - describes vulnerabilities where attacker can remotely take over vulnerable application and don't need access to system or local network.

"Local Exploit" - describes vulnerabilities where attacker is authenticated user and require access to the system .

"Exploit Given " - describes if in advisory was given proof of concept (POC)

Common Vulnerabilities and Exposures (CVE) is: A list of standardized names for vulnerabilities and other information security exposures - CVE aims to standardize the names for all publicly known vulnerabilities and security exposures. More

Common Weakness Enumeration (CWE) is a formal list of software weakness types created to:

More

Cross-site scripting (XSS) weakness occurs when dynamically generated web pages display input, such as login information, that is not properly validated, allowing an attacker to embed malicious scripts into the generated page and then execute the script on the machine of any user that views the site. If successful, Cross-site scripting vulnerabilities can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on the end user systems for a variety of nefarious purposes.
Source : CWE ID : 79

SQL injection attacks are another instantiation of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.
Source : CWE ID : 89

Cross-site request forgery - The web product does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. Note: CSRF is multi-channel: 1. Attacker-to-victim (injection; external or internal channel) 2. Victim-to-server (activation; internal channel)
Source : CWE ID : 352

Directory traversal - The software, when constructing file or directory names from input, does not properly cleanse special character sequences that resolve to a file or directory name that is outside of a restricted directory.
Source : CWE ID : 22

Privilege escalation is the act of exploiting a bug in an application to gain access to resources which normally would have been protected from an application or user. The result is that the application performs actions with a higher security context than intended by the application developer or system administrator.
Privilege escalation occurs when an application with high privileges has flawed assumptions about how it will be used. More

A denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to, motives for and targets of a DoS attack may vary, it generally comprises the concerted, malevolent efforts of a person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. More

Buffer overflow (Buffer overrun),(BO) - A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer. In this case, a buffer is a sequential section of memory allocated to contain anything from a character string to an array of integers.
Source : CWE ID : 120

Full path disclosure - A directory listing is innapropriately exposed yielding potentially sensitive information to attackers.
Source : CWE ID : 548

Remote File Inclusion (RFI) - A PHP product uses "require" or "include" statements, or equivalent statements, that use attacker-controlled data to identify code or HTML to be directly processed by the PHP interpreter before inclusion in the script.
Source : CWE ID : 98