Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2002-1648
Publication date:
31/12/2002
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1649
Publication date:
31/12/2002
Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1650
Publication date:
31/12/2002
The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1651
Publication date:
31/12/2002
Cross-site scripting (XSS) vulnerability in Verity Search97 allows remote attackers to insert arbitrary web content and steal sensitive information from other clients, possibly due to certain error messages from template pages that use the (1) vformat or (2) vfilter functions.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1652
Publication date:
31/12/2002
Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long query parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1653
Publication date:
31/12/2002
Farm9 Cryptcat, when started in server mode with the -e option, does not enable encryption, which allows clients to communicate without encryption despite intended configuration, and may allow remote attackers to sniff sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1654
Publication date:
31/12/2002
iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1655
Publication date:
31/12/2002
The Web Publishing feature in Netscape Enterprise Server 3.x and iPlanet Web Server 4.x allows remote attackers to cause a denial of service (crash) via a wp-html-rend request.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1656
Publication date:
31/12/2002
X-News (x_news) 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1658
Publication date:
31/12/2002
Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1659
Publication date:
31/12/2002
user_profile.asp in PortalApp 2.2 allows local users to gain privileges by modifying the user_id variable.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1660
Publication date:
31/12/2002
calendar.php in vBulletin before 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the command parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025
Subscribe to Vulnerabilities