Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2008-0181

Publication date:

05/02/2008

Cross-site scripting (XSS) vulnerability in the Admin portlet in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Shutdown message.

Severity CVSS v4.0: Pending analysis

Last modification:

05/09/2008

CVE-2008-0182

Publication date:

05/02/2008

Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message.

Severity CVSS v4.0: Pending analysis

Last modification:

05/09/2008

CVE-2008-0563

Publication date:

05/02/2008

Cross-site request forgery (CSRF) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to perform unspecified actions as unspecified authenticated users via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format.

Severity CVSS v4.0: Pending analysis

Last modification:

05/09/2008

CVE-2007-4130

Publication date:

05/02/2008

The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise Linux (RHEL) 4 on Itanium (ia64) does not properly handle page faults during NUMA memory access, which allows local users to cause a denial of service (panic) via invalid arguments to set_mempolicy in an MPOL_BIND operation.

Severity CVSS v4.0: Pending analysis

Last modification:

29/09/2017

CVE-2008-0558

Publication date:

04/02/2008

Cross-site scripting (XSS) vulnerability in Uniwin eCart Professional before 2.0.16 allows remote attackers to inject arbitrary web script or HTML via the rp parameter to cartView.asp and unspecified other components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Severity CVSS v4.0: Pending analysis

Last modification:

05/09/2008

CVE-2008-0386

Publication date:

04/02/2008

Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email.

Severity CVSS v4.0: Pending analysis

Last modification:

09/01/2024

CVE-2008-0557

Publication date:

04/02/2008

SQL injection vulnerability in index.php in the CatalogShop (com_catalogshop) 1.0b1 componenent for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

Severity CVSS v4.0: Pending analysis

Last modification:

29/09/2017

CVE-2008-0559

Publication date:

04/02/2008

Multiple directory traversal vulnerabilities in Nilson&#39;s Blogger 0.11 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the permalink parameter in core.php, accessed through index.php; and (2) the thispost parameter in comments.php.

Severity CVSS v4.0: Pending analysis

Last modification:

15/10/2018

CVE-2008-0560

Publication date:

04/02/2008

PHP remote file inclusion vulnerability in cforms-css.php in Oliver Seidel cforms (contactforms), a Wordpress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the tm parameter. NOTE: CVE disputes this issue for 7.3, since there is no tm parameter, and the code exits with a fatal error due to a call to an undefined function

Severity CVSS v4.0: Pending analysis

Last modification:

07/08/2024

CVE-2008-0561

Publication date:

04/02/2008

SQL injection vulnerability in index.php in the Arthur Konze AkoGallery (com_akogallery) 2.5 beta component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

Severity CVSS v4.0: Pending analysis

Last modification:

29/09/2017

CVE-2008-0562

Publication date:

04/02/2008

SQL injection vulnerability in index.php in the Restaurant (com_restaurant) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

Severity CVSS v4.0: Pending analysis

Last modification:

29/09/2017

CVE-2007-6699

Publication date:

04/02/2008

Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control in YGPPicEdit.dll in AOL You&#39;ve Got Pictures (YGP) Picture Editor allow remote attackers to cause a denial of service (browser crash) via a long string in the (1) DisplayName, (2) FinalSavePath, (3) ForceSaveTo, (4) HiddenControls, (5) InitialEditorScreen, (6) Locale, (7) Proxy, and (8) UserAgent property values.

Severity CVSS v4.0: Pending analysis

Last modification:

15/11/2008

Subscribe to Vulnerabilities