Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2006-0805

Publication date:

21/02/2006

The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2006-0806

Publication date:

21/02/2006

Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2006-0807

Publication date:

21/02/2006

Stack-based buffer overflow in NJStar Chinese and Japanese Word Processor 4.x and 5.x before 5.10 allows user-assisted attackers to execute arbitrary code via font names in NJStar (.njx) documents.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2006-0804

Publication date:

21/02/2006

Off-by-one error in TIN 1.8.0 and earlier might allow attackers to execute arbitrary code via unknown vectors that trigger a buffer overflow.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2006-0800

Publication date:

20/02/2006

Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "" character by some web browsers but bypasses the blacklist protection in (1) the pnVarCleanFromInput function in pnAPI.php, (2) the pnSecureInput function in pnAntiCracker.php, and (3) the htmltext parameter in an edituser operation to user.php.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2006-0801

Publication date:

20/02/2006

SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2006-0802

Publication date:

20/02/2006

Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translation operation.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2006-0797

Publication date:

19/02/2006

Nokia N70 cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the actual length of the packet, possibly triggering a buffer overflow, as demonstrated using the Bluetooth Stack Smasher (BSS).

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2006-0790

Publication date:

19/02/2006

Rockliffe MailSite 7.0 and earlier allows remote attackers to cause a denial of service by sending crafted LDAP packets to port 389/TCP, as demonstrated by the ProtoVer LDAP testsuite.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2006-0792

Publication date:

19/02/2006

Cross-site scripting (XSS) vulnerability in preferences.personal.php in V-webmail 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the newid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2006-0793

Publication date:

19/02/2006

frameset.php in V-webmail 1.6.2 allows remote attackers to conduct phishing attacks by referencing arbitrary websites in the rframe parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2006-0794

Publication date:

19/02/2006

help.php in V-webmail 1.6.2 allows remote attackers to obtain the installation path via unspecified invalid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

Subscribe to Vulnerabilities