Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2002-1651

Publication date:
31/12/2002
Cross-site scripting (XSS) vulnerability in Verity Search97 allows remote attackers to insert arbitrary web content and steal sensitive information from other clients, possibly due to certain error messages from template pages that use the (1) vformat or (2) vfilter functions.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2002-1652

Publication date:
31/12/2002
Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long query parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2002-1653

Publication date:
31/12/2002
Farm9 Cryptcat, when started in server mode with the -e option, does not enable encryption, which allows clients to communicate without encryption despite intended configuration, and may allow remote attackers to sniff sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2002-1654

Publication date:
31/12/2002
iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2002-1655

Publication date:
31/12/2002
The Web Publishing feature in Netscape Enterprise Server 3.x and iPlanet Web Server 4.x allows remote attackers to cause a denial of service (crash) via a wp-html-rend request.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2002-1656

Publication date:
31/12/2002
X-News (x_news) 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2002-1658

Publication date:
31/12/2002
Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2002-1659

Publication date:
31/12/2002
user_profile.asp in PortalApp 2.2 allows local users to gain privileges by modifying the user_id variable.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2002-1660

Publication date:
31/12/2002
calendar.php in vBulletin before 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the command parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2002-1661

Publication date:
31/12/2002
The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote attackers to cause a denial of service (infinite loop) when leafnode requests a cross-posted article to one group whose name is a prefix of another group.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2002-1662

Publication date:
31/12/2002
Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the "Your name" field during account registration.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2002-1663

Publication date:
31/12/2002
The Post_Method function in method.c for Monkey HTTP Daemon before 0.5.1 allows remote attackers to cause a denial of service (crash) via a POST request with an invalid or missing Content-Length header value.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024