Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Nov. 18, 2024, 6:03 p.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show
Exploit
PoC
Search
192641 4.3 警告 agaresmedia - phpAutoVideo の index.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2008-0432 2012-06-26 15:55 2008-01-23 Show GitHub Exploit DB Packet Storm
192642 7.5 危険 360 web manager - 360 Web Manager の form.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2008-0430 2012-06-26 15:55 2008-01-23 Show GitHub Exploit DB Packet Storm
192643 7.5 危険 AlstraSoft - AlstraSoft Forum Pay Per Post Exchange の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2008-0429 2012-06-26 15:55 2008-01-23 Show GitHub Exploit DB Packet Storm
192644 7.5 危険 bloofox - bloofoxCMS の system/class_permissions.php の login 関数における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2008-0428 2012-06-26 15:55 2008-01-23 Show GitHub Exploit DB Packet Storm
192645 7.8 危険 bloofox - bloofoxCMS の file.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル
CVE-2008-0427 2012-06-26 15:55 2008-01-23 Show GitHub Exploit DB Packet Storm
192646 5 警告 frimousse - Frimousse の explorerdir.php における絶対パストラバーサルの脆弱性 CWE-264
認可・権限・アクセス制御
CVE-2008-0425 2012-06-26 15:55 2008-01-23 Show GitHub Exploit DB Packet Storm
192647 7.5 危険 boastmachine - boastMachine の mail.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2008-0422 2012-06-26 15:55 2008-01-23 Show GitHub Exploit DB Packet Storm
192648 5.5 警告 Belkin International - Belkin Wireless G Plus MIMO Router F5D9230-4 の Web サーバにおける設定を変更される脆弱性 CWE-287
不適切な認証
CVE-2008-0403 2012-06-26 15:55 2008-01-23 Show GitHub Exploit DB Packet Storm
192649 4.3 警告 aflog - aflog におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2008-0398 2012-06-26 15:55 2008-01-23 Show GitHub Exploit DB Packet Storm
192650 6.8 警告 aflog - aflog における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2008-0397 2012-06-26 15:55 2008-01-23 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:Nov. 18, 2024, 4:13 p.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
264661 - otrs otrs Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access … CWE-264
Permissions, Privileges, and Access Controls
CVE-2009-5055 2011-03-22 13:00 2011-03-19 Show GitHub Exploit DB Packet Storm
264662 - otrs otrs Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrict… CWE-20
 Improper Input Validation 
CVE-2009-5056 2011-03-22 13:00 2011-03-19 Show GitHub Exploit DB Packet Storm
264663 - otrs otrs The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to dec… CWE-310
Cryptographic Issues
CVE-2009-5057 2011-03-22 13:00 2011-03-19 Show GitHub Exploit DB Packet Storm
264664 - otrs otrs Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) before 2.3.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) AgentTic… CWE-79
Cross-site Scripting
CVE-2008-7275 2011-03-22 13:00 2011-03-19 Show GitHub Exploit DB Packet Storm
264665 - otrs otrs Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) before 2.3.2 creates a directory under /tmp/ with 1274 permissions, which might allow local users to bypass intended access restricti… CWE-264
Permissions, Privileges, and Access Controls
CVE-2008-7276 2011-03-22 13:00 2011-03-19 Show GitHub Exploit DB Packet Storm
264666 - otrs otrs Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permission, instead of the configured merge permission, during authorization of merge operations, which might allow remote authe… CWE-264
Permissions, Privileges, and Access Controls
CVE-2008-7277 2011-03-22 13:00 2011-03-19 Show GitHub Exploit DB Packet Storm
264667 - otrs otrs The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easi… CWE-20
 Improper Input Validation 
CVE-2008-7278 2011-03-22 13:00 2011-03-19 Show GitHub Exploit DB Packet Storm
264668 - otrs otrs The CustomerInterface component in Open Ticket Request System (OTRS) before 2.2.8 allows remote authenticated users to bypass intended access restrictions and access tickets of arbitrary customers vi… CWE-264
Permissions, Privileges, and Access Controls
CVE-2008-7279 2011-03-22 13:00 2011-03-19 Show GitHub Exploit DB Packet Storm
264669 - otrs otrs Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket Request System (OTRS) before 2.2.7 does not properly handle e-mail messages containing malformed UTF-8 characters, which allows remote… CWE-20
 Improper Input Validation 
CVE-2008-7280 2011-03-22 13:00 2011-03-19 Show GitHub Exploit DB Packet Storm
264670 - otrs otrs Open Ticket Request System (OTRS) before 2.2.7 sends e-mail containing a Bcc header field that lists the Blind Carbon Copy recipients, which allows remote attackers to obtain potentially sensitive e-… CWE-200
Information Exposure
CVE-2008-7281 2011-03-22 13:00 2011-03-19 Show GitHub Exploit DB Packet Storm