Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2006-4483

Publication date:
31/08/2006
The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2006-4460

Publication date:
31/08/2006
Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0.96 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2006-4474

Publication date:
31/08/2006
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.11 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) Admin Module Manager, (2) Admin Help, and (3) Search.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2006-4462

Publication date:
31/08/2006
Gonafish.com LinksCaffe 2.0 and 3.0 do not properly restrict access to administrator functions, which allows remote attackers to gain full administration rights via a direct request to Admin/admin1953.php.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2006-4463

Publication date:
31/08/2006
SQL injection vulnerability in the administrator control panel in Jetstat.com JS ASP Faq Manager 1.10 allows remote attackers to execute arbitrary SQL commands via the pwd parameter (aka the Password field).
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2006-4464

Publication date:
31/08/2006
The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, allows remote attackers to cause a denial of service (crash) via JavaScript that constructs a large Unicode string.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2006-4467

Publication date:
31/08/2006
Simple Machines Forum (SMF) 1.1RCx before 1.1RC3, and 1.0.x before 1.0.8, does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to perform directory traversal attacks to read arbitrary local files, lock topics, and possibly have other security impacts. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Simple Machines Forum.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2006-4466

Publication date:
31/08/2006
Joomla! before 1.0.11 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to have an unspecified impact. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Joomla!.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2006-4473

Publication date:
31/08/2006
Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2006-4475

Publication date:
31/08/2006
Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2006-4476

Publication date:
31/08/2006
Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5) content submissions when frontpage is selected; (6) the mosPageNav constructor; (7) saveOrder functions; (8) the absence of "exploit blocking rules" in htaccess; and (9) the ACL.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2006-4461

Publication date:
31/08/2006
Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly implement a "list of acceptable host IP addresses in the probe settings," which has unknown impact and attack vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025