Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2003-1303

Publication date:

31/12/2003

Buffer overflow in the imap_fetch_overview function in the IMAP functionality (php_imap.c) in PHP before 4.3.3 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long e-mail address in a (1) To or (2) From header.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2003-1106

Publication date:

31/12/2003

The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2003-1448

Publication date:

31/12/2003

Memory leak in the Windows 2000 kernel allows remote attackers to cause a denial of service (SMB request hang) via a NetBIOS continuation packet.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2003-1178

Publication date:

31/12/2003

Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 allows remote attackers to execute arbitrary PHP code via the (1) id, (2) template_set, or (3) action parameter.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2003-1179

Publication date:

31/12/2003

Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2.0.2 allow remote attackers to execute arbitrary PHP code via the include_path parameter in (1) booth.php, (2) png.php, (3) poll_ssi.php, or (4) popup.php, the (5) base_path parameter to common.inc.php.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2003-1234

Publication date:

31/12/2003

Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2003-1304

Publication date:

31/12/2003

EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information via a direct request.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2003-1307

Publication date:

31/12/2003

The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server&#39;s process group and use the server&#39;s file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server&#39;s TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2003-1340

Publication date:

31/12/2003

Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2003-1412

Publication date:

31/12/2003

PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6departamentadmin/index.php, (3) 5terminals/index.php, (4) 4mailinglists/index.php, (5) 3departaments/index.php, and (6) 2groupd/index.php in 2administration/; or (7) the base parameter to include/help.php.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2003-1439

Publication date:

31/12/2003

Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores passwords and sessions in plaintext in memory, which could allow local users to obtain sensitive information.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025