Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2005-4754
Publication date:
31/12/2005
BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allow remote attackers to obtain sensitive information (intranet IP addresses) via unknown attack vectors involving "network address translation."
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-4755
Publication date:
31/12/2005
BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config; or, during domain creation with the Configuration Wizard, renders an SSL private key passphrase in cleartext (2) on a terminal or (3) in a log file, which might allow local users to obtain cryptographic keys.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-4756
Publication date:
31/12/2005
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not properly validate derived Principals with multiple PrincipalValidators, which might allow attackers to gain privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-4757
Publication date:
31/12/2005
BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, do not properly "constrain" a "/" (slash) servlet root URL pattern, which might allow remote attackers to bypass intended servlet protections.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-4758
Publication date:
31/12/2005
Unspecified vulnerability in the Administration server in BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allows remote authenticated Admin users to read arbitrary files via unknown attack vectors related to an "internal servlet" accessed through HTTP.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-4760
Publication date:
31/12/2005
BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, when fullyDelegatedAuthorization is enabled for a servlet, does not cause servlet deployment to fail when failures occur in authorization or role providers, which might prevent the servlet from being "fully protected."
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-4852
Publication date:
31/12/2005
The siteaccess URIMatching implementation in eZ publish 3.5 through 3.8 before 20050812 converts all non-alphanumeric characters in a URI to '_' (underscore), which allows remote attackers to bypass access restrictions by inserting certain characters in a URI, as demonstrated by a request for /admin:de, which matches a rule allowing only /admin_de to access /admin.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-4855
Publication date:
31/12/2005
Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload certain types of files, as demonstrated by .js files, which may enable cross-site scripting (XSS) attacks or other attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-1752
Publication date:
31/12/2005
viewFile.php in the scm component of Gforge before 4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file_name parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-1755
Publication date:
31/12/2005
PHP remote file inclusion vulnerability in poll_vote.php in PHP Poll Creator 1.01 allows remote attackers to execute arbitrary PHP code via the relativer_pfad parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-2460
Publication date:
31/12/2005
Multiple cross-site scripting (XSS) vulnerabilities in Kayako liveResponse 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter or (2) name field when entering a session or sending a message.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-2461
Publication date:
31/12/2005
Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) date parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025
Subscribe to Vulnerabilities