Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-10082
Publication date:
13/04/2018
CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php, /admin/footer.php, /lib/tasks/class.ClearCache.task.php, or /lib/tasks/class.CmsSecurityCheck.task.php.
Severity CVSS v4.0: Pending analysis
Last modification:
13/04/2018

CVE-2018-10081
Publication date:
13/04/2018
CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the "0e" substring.
Severity CVSS v4.0: Pending analysis
Last modification:
17/04/2018

CVE-2018-10084
Publication date:
13/04/2018
CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because an SHA-1 cryptographic protection mechanism can be bypassed.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-10086
Publication date:
13/04/2018
CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implementation uses "eval('function testfunction'.rand()" and it is possible to bypass certain restrictions on these "testfunction" functions.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-10085
Publication date:
13/04/2018
CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call in the _get_data function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-10080
Publication date:
13/04/2018
Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52_es_FRI01 allow DNS settings changes via a goform/AdvSetDns?GO=wan_dns.asp request in conjunction with a crafted admin cookie.
Severity CVSS v4.0: Pending analysis
Last modification:
22/05/2018

CVE-2018-6900
Publication date:
12/04/2018
PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name field on the My Profile page.
Severity CVSS v4.0: Pending analysis
Last modification:
11/05/2018

CVE-2018-6902
Publication date:
12/04/2018
PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name field in an Edit Profile action.
Severity CVSS v4.0: Pending analysis
Last modification:
11/05/2018

CVE-2018-6870
Publication date:
12/04/2018
Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 via the Listings Search feature.
Severity CVSS v4.0: Pending analysis
Last modification:
11/05/2018

CVE-2018-6934
Publication date:
12/04/2018
CSRF exists in student/personal-info in PHP Scripts Mall Online Tutoring Script 2.0.3.
Severity CVSS v4.0: Pending analysis
Last modification:
11/05/2018

CVE-2018-6903
Publication date:
12/04/2018
PHP Scripts Mall Hot Scripts Clone Script Classified v3.1 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code.
Severity CVSS v4.0: Pending analysis
Last modification:
16/05/2018

CVE-2018-6879
Publication date:
12/04/2018
PHP Scripts Mall Website Seller Script 2.0.3 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code.
Severity CVSS v4.0: Pending analysis
Last modification:
16/05/2018
Subscribe to Vulnerabilities