Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2005-1133
Publication date:
02/05/2005
The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-1135
Publication date:
02/05/2005
Cross-site scripting (XSS) vulnerability in search.php for Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-0216
Publication date:
02/05/2005
Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab Burning Board Lite 1.0.0, 1.0.1e, and possibly other versions, allows remote attackers to inject arbitrary web script and HTML via the userid parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-0501
Publication date:
02/05/2005
Buffer overflow in Bontago 1.1 and earlier allows remote attackers to execute arbitrary code via a long nickname.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-0595
Publication date:
02/05/2005
Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers to execute arbitrary code via a long mfcisapicommand parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-1163
Publication date:
02/05/2005
Multiple buffer overflows in Yager 5.24 and earlier allow remote attackers to execute arbitrary code via (1) a crafted nickname or (2) a packet with a large amount of data.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-0776
Publication date:
02/05/2005
adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify administrative privileges before manipulating photos, which could allow remote attackers to manipulate other users' photos.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-0777
Publication date:
02/05/2005
Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP 5.0 RC3 allow remote attackers to inject arbitrary web script or HTML via (1) the check_tags function or (2) the editbio field in the user profile.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-0778
Publication date:
02/05/2005
PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is an image file, which allows remote attackers to inject arbitrary Javascript by uploading non-image files with an image extension such as .gif.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-0781
Publication date:
02/05/2005
SQL injection vulnerability in (1) viewall.php and (2) category.php in paFileDB 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter to pafiledb.php.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-0782
Publication date:
02/05/2005
Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) category.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the start parameter to pafiledb.php.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2005-0785
Publication date:
02/05/2005
Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2.0 rc1 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025
Subscribe to Vulnerabilities