Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2012-2968
Publication date:
12/08/2012
Directory traversal vulnerability in Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to create files in arbitrary directories via a .. (dot dot) in a pathname within an HTTP request.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2012-2969
Publication date:
12/08/2012
Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an HTTP request.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2012-2964
Publication date:
12/08/2012
The BreakingPoint Storm appliance before 3.0 requires cleartext credentials for establishing a session from a GUI administrative client, which allows remote attackers to obtain sensitive information by sniffing the network for XML documents.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2012-2577
Publication date:
12/08/2012
Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName field of an snmpd.conf file.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2012-2602
Publication date:
12/08/2012
Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts via CreateUserStepContainer actions to Admin/Accounts/Add/OrionAccount.aspx or (2) modify account privileges via a ynAdminRights action to Admin/Accounts/EditAccount.aspx.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2012-2963
Publication date:
12/08/2012
The administrative interface in the embedded web server on the BreakingPoint Storm appliance before 3.0 does not require authentication for the gwt/BugReport script, which allows remote attackers to obtain sensitive information by downloading a .tgz file.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2012-4246
Publication date:
12/08/2012
Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the (2) footer, (3) status, or (4) testtarget parameter in the send page.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2012-4247
Publication date:
12/08/2012
Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) remote_user, (2) remote_database, (3) remote_userprefix, (4) remote_password, or (5) remote_prefix parameter to the import4 page; or the (6) id parameter to the bouncerule page.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2012-4034
Publication date:
12/08/2012
Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to the send page, (2) email parameter to the forget page, (3) password parameter to the forum_archive page, (4) section parameter to the management page, (5) section_id parameter to the managementreply page, (6) member_id parameter to the new_password page, or (7) subjectid parameter to the tags page to index.php.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2012-4035
Publication date:
12/08/2012
The new_password page in PBBoard 2.1.4 allows remote attackers to change the password of arbitrary user accounts via the member_id and new_password parameters to index.php.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2012-3457
Publication date:
12/08/2012
PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for process_perfdata.cfg, which allows local users to obtain the Gearman shared secret by reading the file.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2012-3952
Publication date:
12/08/2012
Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025
Subscribe to Vulnerabilities