Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2002-1837
Publication date:
31/12/2002
The getAlbumToDisplay function in idsShared.pm for Image Display System (IDS) 0.81 allows remote attackers to determine the existence of arbitrary directories via ".." sequences in the album parameter, which generates different error messages depending on whether the directory exists or not.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1838
Publication date:
31/12/2002
Charities.cron 1.0.2 through 1.6.0 allows local users to write to arbitrary files via a symlink attack on temporary files.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1839
Publication date:
31/12/2002
Trend Micro InterScan VirusWall for Windows NT 3.52 does not record the sender's IP address in the headers for a mail message when it is passed from VirusWall to the MTA, which allows remote attackers to hide the origin of the message.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1840
Publication date:
31/12/2002
irssi IRC client 0.8.4, when downloaded after 14-March-2002, could contain a backdoor in the configuration file, which allows remote attackers to access the system.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1842
Publication date:
31/12/2002
Perlbot 1.0 beta allows remote attackers to execute arbitrary commands via shell metacharacters in (1) a word that is being spell checked or (2) an e-mail address.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1843
Publication date:
31/12/2002
Perlbot 1.9.2 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the $text variable in SpelCheck.pm or (2) the $filename variable in HTMLPlog.pm.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1844
Publication date:
31/12/2002
Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1845
Publication date:
31/12/2002
Cross-site scripting (XSS) vulnerability in index.php in Yet Another Bulletin Board (YaBB) 1.40 and 1.41 allows remote attackers to inject arbitrary web script or HTML via the password (passwrd) parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1846
Publication date:
31/12/2002
Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a user to submit the correct password before changing it to a new password, which allows remote attackers to modify passwords by stealing the cookie of another user, modifying the expiretime setting, and submitting the change in a profile2 action to index.php.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1848
Publication date:
31/12/2002
TightVNC before 1.2.4 running on Windows stores unencrypted passwords in the password text control of the WinVNC Properties dialog, which could allow local users to access passwords.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1849
Publication date:
31/12/2002
ParaChat Server 4.0 does not log users off if the browser's back button is used, which allows remote attackers to cause a denial of service by repeatedly logging into a chat room, hitting the back button, then logging into the same chat room as a different user, which fills the chat room with invalid users.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2002-1851
Publication date:
31/12/2002
Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute code on a client system via unknown attack vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025
Subscribe to Vulnerabilities