Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2007-1156

Publication date:
02/03/2007
JBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for _admin/.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-1157

Publication date:
02/03/2007
Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-1158

Publication date:
02/03/2007
Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-1160

Publication date:
02/03/2007
webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-1161

Publication date:
02/03/2007
Cross-site scripting (XSS) vulnerability in call_entry.php in Call Center Software 0,93 allows remote attackers to inject arbitrary web script or HTML via the problem_desc parameter, as demonstrated by the ONLOAD attribute of a BODY element.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-1164

Publication date:
02/03/2007
Multiple PHP remote file inclusion vulnerabilities in DBImageGallery 1.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the donsimg_base_path parameter to (1) attributes.php, (2) images.php, or (3) scan.php in admin/; or (4) attributes.php, (5) db_utils.php, (6) images.php, (7) utils.php, or (8) values.php in includes/.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-1166

Publication date:
02/03/2007
SQL injection vulnerability in result.php in Nabopoll 1.2 allows remote attackers to execute arbitrary SQL commands via the surv parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-1170

Publication date:
02/03/2007
SimBin GTR - FIA GT Racing Game 1.5.0.0 and earlier, GT Legends 1.1.0.0 and earlier, GTR 2 1.1 and earlier, and RACE - The WTCC Game 1.0 and earlier allow remote attackers to cause a denial of service (client disconnection) via an empty UDP packet to the server port.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-1171

Publication date:
02/03/2007
SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-1172

Publication date:
02/03/2007
SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit."
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2007-1194

Publication date:
02/03/2007
Norman SandBox Analyzer does not use the proper range for Interrupt Descriptor Table (IDT) entries, which allows local users to determine that the local machine is an emulator, or a similar environment not based on a physical Intel processor, which allows attackers to produce malware that is more difficult to analyze.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2006-7068

Publication date:
02/03/2007
PHP remote file inclusion vulnerability in CliServ Web Community 0.65 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cl_headers parameter to (1) menu.php3 and (2) login.php3.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025