Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-9626
Publication date:
07/03/2019
PHPSHE 1.7 allows module/index/cart.php pintuan_id SQL Injection to index.php.
Severity CVSS v4.0: Pending analysis
Last modification:
07/03/2019

CVE-2019-9625
Publication date:
07/03/2019
JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to create a new admin account.
Severity CVSS v4.0: Pending analysis
Last modification:
12/03/2019

CVE-2019-9623
Publication date:
07/03/2019
Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "
Severity CVSS v4.0: Pending analysis
Last modification:
07/03/2019

CVE-2019-9624
Publication date:
07/03/2019
Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-9622
Publication date:
07/03/2019
eBrigade through 4.5 allows Arbitrary File Download via ../ directory traversal in the showfile.php file parameter, as demonstrated by reading the user-data/save/backup.sql file.
Severity CVSS v4.0: Pending analysis
Last modification:
08/03/2019

CVE-2019-9617
Publication date:
06/03/2019
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadFile URI.
Severity CVSS v4.0: Pending analysis
Last modification:
07/03/2019

CVE-2019-9608
Publication date:
06/03/2019
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadImage URI.
Severity CVSS v4.0: Pending analysis
Last modification:
07/03/2019

CVE-2019-9615
Publication date:
06/03/2019
An issue was discovered in OFCMS before 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java.
Severity CVSS v4.0: Pending analysis
Last modification:
07/03/2019

CVE-2019-9613
Publication date:
06/03/2019
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadVideo URI.
Severity CVSS v4.0: Pending analysis
Last modification:
07/03/2019

CVE-2019-9612
Publication date:
06/03/2019
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/upload URI.
Severity CVSS v4.0: Pending analysis
Last modification:
07/03/2019

CVE-2019-9606
Publication date:
06/03/2019
PHP Scripts Mall Personal Video Collection Script 4.0.4 has Stored XSS via the "Update profile" feature.
Severity CVSS v4.0: Pending analysis
Last modification:
07/03/2019

CVE-2019-9607
Publication date:
06/03/2019
PHP Scripts Mall Medical Store Script 3.0.3 allows Path Traversal by navigating to the parent directory of a jpg or png file.
Severity CVSS v4.0: Pending analysis
Last modification:
07/03/2019
Subscribe to Vulnerabilities