Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2008-7115
Publication date:
28/08/2009
The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6.01.08 allows remote attackers to bypass authentication and gain administrator privileges via a direct request to (1) statusprocess.exe, (2) system_all.exe, or (3) restore.exe in cgi-bin/. NOTE: the setup_dns.exe vector is already covered by CVE-2008-1244.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2008-7116
Publication date:
28/08/2009
SQL injection vulnerability in the admin panel (admin/) in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the username.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2008-7117
Publication date:
28/08/2009
eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading style sheets (CSS) files via a certain request with the file parameter set to style.css. NOTE: this can probably be leveraged for cross-site scripting (XSS) attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2008-7118
Publication date:
28/08/2009
WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2008-7119
Publication date:
28/08/2009
SQL injection vulnerability in item.php in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2008-7120
Publication date:
28/08/2009
SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to execute arbitrary SQL commands via the news.php parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2008-7121
Publication date:
28/08/2009
Cross-site scripting (XSS) vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search bar.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2009-3000
Publication date:
28/08/2009
The sockfs module in the kernel in Sun Solaris 10 and OpenSolaris snv_41 through snv_122, when Network Cache Accelerator (NCA) logging is enabled, allows remote attackers to cause a denial of service (panic) via unspecified web-server traffic that triggers a NULL pointer dereference in the nl7c_http_log function, related to "improper http response handling."
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2009-3004
Publication date:
28/08/2009
Avant Browser 11.7 Builds 35 and 36 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. NOTE: a related attack was reported in which an arbitrary file: URL is shown.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2009-2695
Publication date:
28/08/2009
The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that target page zero and other low memory addresses, which allows local users to gain privileges by exploiting NULL pointer dereference vulnerabilities, related to (1) the default configuration of the allow_unconfined_mmap_low boolean in SELinux on Red Hat Enterprise Linux (RHEL) 5, (2) an error that causes allow_unconfined_mmap_low to be ignored in the unconfined_t domain, (3) lack of a requirement for the CAP_SYS_RAWIO capability for these mmap operations, and (4) interaction between the mmap_min_addr protection mechanism and certain application programs.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2008-7105
Publication date:
27/08/2009
Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (EdgeTransport.exe termination) via a TNEF-encoded message with a crafted rich text body that is not properly handled during conversion to plain text. NOTE: this might be related to CVE-2008-7104.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2008-7096
Publication date:
27/08/2009
Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35MP, DP35DP, DG33FB, DG33BU, DG33TL, MGM965TW, D945GCPE, and DX38BT allows local administrators with ring 0 privileges to gain additional privileges and modify code that is running in System Management Mode, or access hypervisory memory as demonstrated at Black Hat 2008 by accessing certain remapping registers in Xen 3.3.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025
Subscribe to Vulnerabilities