Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2005-1833

Publication date:
31/05/2005
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to editpost.php, (5) fid parameter to forumdisplay.php, (6) tid parameter to newreply.php, (7) sid parameter to search.php, (8) tid or (9) pid parameter to showthread.php, (10) tid parameter to usercp2.php, (11) tid parameter to printthread.php, or (12) pid parameter to reputation.php.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-1783

Publication date:
31/05/2005
BookReview beta 1.0 allows remote attackers to obtain the path of the web server via certain parameters to search.htm, possibly due to a search[string] parameter with a missing value or an incorrect submit[type] value, which reveals the path in the resulting error message. NOTE: it is not clear whether BookReview is available to the public. If not, then it should not be included in CVE.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-1779

Publication date:
31/05/2005
SQL injection vulnerability in password.asp in MaxWebPortal 1.35, 1.36, 2.0, and 20050418 Next allows remote attackers to execute arbitrary SQL commands via the memKey parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-1781

Publication date:
31/05/2005
Unknown vulnerability in SMTP authentication for MailEnable allows remote attackers to cause a denial of service (crash).
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-1799

Publication date:
31/05/2005
Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and WikiLite (FSWikiLite) .10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-1866

Publication date:
31/05/2005
Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix Advanced 1.5 allows remote attackers to inject arbitrary web script or HTML via the year parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-1907

Publication date:
31/05/2005
The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-0356

Publication date:
31/05/2005
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-1780

Publication date:
31/05/2005
SQL injection vulnerability in admin/login.asp in Active News Manager allows remote attackers to execute arbitrary SQL commands via the password.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-1785

Publication date:
31/05/2005
SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote attackers to execute arbitrary SQL commands via the password parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-1831

Publication date:
31/05/2005
Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-1796

Publication date:
31/05/2005
Format string vulnerability in the curses_msg function in the Ncurses interface (ec_curses.c) for Ettercap before 0.7.3 allows remote attackers to execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025