NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年9月29日5:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
245351	7.5	HIGH	jelsoft	vbulletin	SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php.	NVD-CWE-Other	CVE-2004-1515	2016-10-18 11:55	2004-12-31	表示	GitHub Exploit DB Packet Storm

245352	7.5	HIGH	new_media_generation	hired_team_trial	Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game players can kick other players off the server, including the administrator.	NVD-CWE-Other	CVE-2004-1526	2016-10-18 11:55	2004-12-31	表示	GitHub Exploit DB Packet Storm

245353	7.5	HIGH	mediawiki	mediawiki	MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary c…	NVD-CWE-Other	CVE-2004-1405	2016-10-18 11:54	2004-12-31	表示	GitHub Exploit DB Packet Storm

245354	5.0	MEDIUM	singapore	image_gallery_web_application	Multiple cross-site scripting vulnerabilities in Image Gallery Web Application 0.9.10 allow remote attackers to inject arbitrary web script or HTML.	NVD-CWE-Other	CVE-2004-1409	2016-10-18 11:54	2004-12-31	表示	GitHub Exploit DB Packet Storm

245355	4.3	MEDIUM	gadu-gadu	gadu-gadu_instant_messenger	Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and earlier allows remote attackers to inject arbitrary web script via a URL, which is echoed in a popup window that displays a parsing…	NVD-CWE-Other	CVE-2004-1410	2016-10-18 11:54	2004-12-31	表示	GitHub Exploit DB Packet Storm

245356	5.0	MEDIUM	gadu-gadu	gadu-gadu_instant_messenger	Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of service (application hang) via a message that contains many special strings that are converted to images.	NVD-CWE-Other	CVE-2004-1414	2016-10-18 11:54	2004-12-31	表示	GitHub Exploit DB Packet Storm

245357	5.0	MEDIUM	korweblog	korweblog	Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to read arbitrary files and execute arbitrary PHP files via .. (dot dot) sequences in the lng…	NVD-CWE-Other	CVE-2004-1426	2016-10-18 11:54	2004-12-31	表示	GitHub Exploit DB Packet Storm

245358	7.5	HIGH	asante	fm2008_managed_ethernet_switch	The configuration backup in Asante FM2008 running firmware 1.06 stores the username and password in cleartext, which could allow remote attackers to gain unauthorized access.	NVD-CWE-Other	CVE-2004-1321	2016-10-18 11:53	2004-12-15	表示	GitHub Exploit DB Packet Storm

245359	4.4	MEDIUM	oracle	application_server collaboration_suite e-business_suite enterprise_manager enterprise_manager_database_control enterprise_manager_grid_control oracle10g oracle8i oracle9i	Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-reada…	CWE-200 情報漏えい	CVE-2004-1367	2016-10-18 11:53	2004-08-4	表示	GitHub Exploit DB Packet Storm

245360	2.1	LOW	gnu	glibc	The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968.	NVD-CWE-Other	CVE-2004-1382	2016-10-18 11:53	2004-12-31	表示	GitHub Exploit DB Packet Storm

245361	7.5	HIGH	hylafax	hylafax	hfaxd in HylaFAX before 4.2.1, when installed with a "weak" hosts.hfaxd file, allows remote attackers to authenticate and bypass intended access restrictions via a crafted (1) username or (2) hostnam…	NVD-CWE-Other	CVE-2004-1182	2016-10-18 11:52	2004-12-31	表示	GitHub Exploit DB Packet Storm

245362	7.5	HIGH	gadu-gadu	gadu-gadu_instant_messenger	Cross-site scripting vulnerability in the parser for Gadu-Gadu allows remote attackers to inject arbitrary web script or HTML via (1) http:// or (2) news:// URLs, a different vulnerability than CVE-2…	NVD-CWE-Other	CVE-2004-1229	2016-10-18 11:52	2005-01-10	表示	GitHub Exploit DB Packet Storm

245363	7.2	HIGH	atari800 debian	atari800 debian_linux	Multiple buffer overflows in the RtConfigLoad function in rt-config.c for Atari800 before 1.3.4 allow local users to execute arbitrary code via large values in the configuration file.	NVD-CWE-Other	CVE-2004-1076	2016-10-18 11:51	2005-01-10	表示	GitHub Exploit DB Packet Storm

245364	7.5	HIGH	rssh gentoo	rssh linux	rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) …	NVD-CWE-Other	CVE-2004-1161	2016-10-18 11:51	2005-01-10	表示	GitHub Exploit DB Packet Storm

245365	2.1	LOW	ssmtp	ssmtp	The log_event function in ssmtp 2.50.6 and earlier allows local users to overwrite arbitrary files via a symlink attack on the ssmtp.log temporary log file.	NVD-CWE-Other	CVE-2004-0423	2016-10-18 11:45	2004-07-7	表示	GitHub Exploit DB Packet Storm

245366	5.0	MEDIUM	microsoft	ie	Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which trig…	NVD-CWE-Other	CVE-2004-0479	2016-10-18 11:45	2004-07-7	表示	GitHub Exploit DB Packet Storm

245367	6.4	MEDIUM	yabb	yabb	Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. (dot dot) in the attachOld parameter.	NVD-CWE-Other	CVE-2004-0344	2016-10-18 11:44	2004-11-23	表示	GitHub Exploit DB Packet Storm

245368	5.0	MEDIUM	lionmax_software	www_file_share_pro	Directory traversal vulnerability in upload capability of WWW File Share Pro 2.42 and earlier allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in the filename parameter…	NVD-CWE-Other	CVE-2004-0059	2016-10-18 11:40	2004-02-17	表示	GitHub Exploit DB Packet Storm

245369	5.0	MEDIUM	lionmax_software	www_file_share_pro	WWW File Share Pro 2.42 and earlier allows remote attackers to cause a denial of service (crash) via a large POST request.	NVD-CWE-Other	CVE-2004-0060	2016-10-18 11:40	2004-02-17	表示	GitHub Exploit DB Packet Storm

245370	7.5	HIGH	lionmax_software	www_file_share_pro	WWW File Share Pro 2.42 and earlier allows remote attackers to bypass directory access restrictions via (1) a URL with a trailing . (dot), or (2) a URI with a leading slash or backslash character.	NVD-CWE-Other	CVE-2004-0061	2016-10-18 11:40	2004-02-17	表示	GitHub Exploit DB Packet Storm

245371	7.5	HIGH	fishnet	fishcart	Integer overflow in the rnd arithmetic rounding function for various versions of FishCart before 3.1 allows remote attackers to "cause negative totals" via an order with a large quantity.	NVD-CWE-Other	CVE-2004-0062	2016-10-18 11:40	2004-02-17	表示	GitHub Exploit DB Packet Storm

245372	2.1	LOW	suse	suse_linux	The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows local users to overwrite arbitrary files via a symlink attack on files within the tmp.SuSEconfig.gnome-filesystem.$RANDOM temporary …	NVD-CWE-Other	CVE-2004-0064	2016-10-18 11:40	2004-02-17	表示	GitHub Exploit DB Packet Storm

245373	7.5	HIGH	phpgedview	phpgedview	Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow remote attackers to execute arbitrary SQL via (1) timeline.php and (2) placelist.php.	NVD-CWE-Other	CVE-2004-0065	2016-10-18 11:40	2004-02-17	表示	GitHub Exploit DB Packet Storm

245374	7.5	HIGH	hd_soft	windows_ftp_server	Format string vulnerability in HD Soft Windows FTP Server 1.6 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username, which is processed by the wsc…	NVD-CWE-Other	CVE-2004-0069	2016-10-18 11:40	2004-02-17	表示	GitHub Exploit DB Packet Storm

245375	7.5	HIGH	pmachine	pmachine_free pmachine_pro	PHP remote file inclusion vulnerability in pm/lib.inc.php in pMachine Free and pMachine Pro 2.2 and 2.2.1 allows remote attackers to execute arbitrary PHP code by modifying the pm_path parameter to r…	NVD-CWE-Other	CVE-2003-1086	2016-10-18 11:39	2003-06-17	表示	GitHub Exploit DB Packet Storm

245376	6.4	MEDIUM	http_fetcher	http_fetcher_library	Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL request via a lon…	NVD-CWE-Other	CVE-2003-1262	2016-10-18 11:39	2003-12-31	表示	GitHub Exploit DB Packet Storm

245377	7.8	HIGH	-	-	Twilight Webserver 1.3.3.0 allows remote attackers to cause a denial of service (application crash) via a GET request for a long URI, a different vulnerability than CVE-2004-2376.	NVD-CWE-Other	CVE-2003-1318	2016-10-18 11:39	2003-12-31	表示	GitHub Exploit DB Packet Storm

245378	5.0	MEDIUM	truegalerie	truegalerie	upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the target filename in the file cookie in form.php, then downloading the file from the image gallery.	CWE-287 不適切な認証	CVE-2003-1489	2016-10-18 11:39	2003-12-31	表示	GitHub Exploit DB Packet Storm

245379	7.5	HIGH	gnu	cfengine	Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction fu…	NVD-CWE-Other	CVE-2003-0849	2016-10-18 11:38	2003-11-17	表示	GitHub Exploit DB Packet Storm

245380	7.5	HIGH	dug_song rafal_wojtczuk	dsniff libnids	The TCP reassembly functionality in libnids before 1.18 allows remote attackers to cause "memory corruption" and possibly execute arbitrary code via "overlarge TCP packets."	NVD-CWE-Other	CVE-2003-0850	2016-10-18 11:38	2003-11-17	表示	GitHub Exploit DB Packet Storm

245381	7.5	HIGH	mpg123	mpg123	Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r and 0.59s allows remote attackers to execute arbitrary code via a long request.	NVD-CWE-Other	CVE-2003-0865	2016-10-18 11:38	2003-11-17	表示	GitHub Exploit DB Packet Storm

245382	2.1	LOW	openslp	openslp	Symbolic link vulnerability in the slpd script slpd.all_init for OpenSLP before 1.0.11 allows local users to overwrite arbitrary files via the route.check temporary file.	NVD-CWE-Other	CVE-2003-0875	2016-10-18 11:38	2003-11-17	表示	GitHub Exploit DB Packet Storm

245383	10.0	HIGH	hylafax	hylafax	Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier allows remote attackers to execute arbitrary code.	NVD-CWE-Other	CVE-2003-0886	2016-10-18 11:38	2003-12-1	表示	GitHub Exploit DB Packet Storm

245384	7.5	HIGH	sun	jre	The loadClass method of the sun.applet.AppletClassLoader class in the Java Virtual Machine (JVM) in Sun SDK and JRE 1.4.1_03 and earlier allows remote attackers to bypass sandbox restrictions and exe…	NVD-CWE-Other	CVE-2003-0896	2016-10-18 11:38	2003-11-17	表示	GitHub Exploit DB Packet Storm

245385	4.6	MEDIUM	ibm	db2_universal_database	IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2.	NVD-CWE-Other	CVE-2003-0898	2016-10-18 11:38	2003-11-17	表示	GitHub Exploit DB Packet Storm

245386	7.5	HIGH	clearswift	mailsweeper	Clearswift MAILsweeper before 4.3.15 does not properly detect and filter RAR 3.20 encoded files, which allows remote attackers to bypass intended policy.	NVD-CWE-Other	CVE-2003-0928	2016-10-18 11:38	2004-09-28	表示	GitHub Exploit DB Packet Storm

245387	7.5	HIGH	clearswift	mailsweeper	Clearswift MAILsweeper before 4.3.15 does not properly detect and filter ZIP 6.0 encoded files, which allows remote attackers to bypass intended policy.	NVD-CWE-Other	CVE-2003-0929	2016-10-18 11:38	2004-09-28	表示	GitHub Exploit DB Packet Storm

245388	7.5	HIGH	clearswift	mailsweeper	Clearswift MAILsweeper before 4.3.15 does not properly detect filenames in BinHex (HQX) encoded files, which allows remote attackers to bypass intended policy.	NVD-CWE-Other	CVE-2003-0930	2016-10-18 11:38	2004-09-28	表示	GitHub Exploit DB Packet Storm

245389	4.6	MEDIUM	symbol_technologies	pdt	Symbol Access Portable Data Terminal (PDT) 8100 does not hide the default WEP keys if they are not changed, which could allow attackers to retrieve the keys and gain access to the wireless network.	NVD-CWE-Other	CVE-2003-0934	2016-10-18 11:38	2003-12-1	表示	GitHub Exploit DB Packet Storm

245390	7.2	HIGH	symantec	pcanywhere	Symantec PCAnywhere 10.x and 11, when started as a service, allows attackers to gain SYSTEM privileges via the help interface using AWHOST32.exe.	NVD-CWE-Other	CVE-2003-0936	2016-10-18 11:38	2003-12-15	表示	GitHub Exploit DB Packet Storm

245391	7.5	HIGH	clam_anti-virus	clamav	Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 through 0.60p, and other versions before 0.65, allows remote attackers to cause a denial of service and possibly execute arbitrary…	NVD-CWE-Other	CVE-2003-0946	2016-10-18 11:38	2003-12-15	表示	GitHub Exploit DB Packet Storm

245392	4.6	MEDIUM	openbsd	openbsd	OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code in 3.4 via a program with an invalid header that is not properly handled …	NVD-CWE-Other	CVE-2003-0955	2016-10-18 11:38	2003-12-15	表示	GitHub Exploit DB Packet Storm

245393	7.5	HIGH	openca	openca	OpenCA before 0.9.1.4 does not use the correct certificate in a chain to check the serial, which could cause OpenCA to accept revoked or expired certificates.	NVD-CWE-Other	CVE-2003-0960	2016-10-18 11:38	2003-12-15	表示	GitHub Exploit DB Packet Storm

245394	7.2	HIGH	linux	linux_kernel	Integer overflow in the do_brk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root privileges.	NVD-CWE-Other	CVE-2003-0961	2016-10-18 11:38	2003-12-15	表示	GitHub Exploit DB Packet Storm

245395	10.0	HIGH	-	-	Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribut…	NVD-CWE-Other	CVE-2003-0968	2016-10-18 11:38	2003-12-15	表示	GitHub Exploit DB Packet Storm

245396	10.0	HIGH	gnu	screen	Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape se…	NVD-CWE-Other	CVE-2003-0972	2016-10-18 11:38	2003-12-15	表示	GitHub Exploit DB Packet Storm

245397	7.5	HIGH	applied_watch_technologies	applied_watch_command_center	Applied Watch Command Center allows remote attackers to conduct unauthorized activities without authentication, such as (1) add new users to a console, as demonstrated using appliedsnatch.c, or (2) a…	NVD-CWE-Other	CVE-2003-0974	2016-10-18 11:38	2003-12-15	表示	GitHub Exploit DB Packet Storm

245398	5.0	MEDIUM	freescripts	visitorbook	FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape line breaks in input, which allows remote attackers to (1) use VisitorBook as an open mail relay, when $mailuser is 1, via extra h…	NVD-CWE-Other	CVE-2003-0979	2016-10-18 11:38	2004-01-5	表示	GitHub Exploit DB Packet Storm

245399	4.3	MEDIUM	freescripts	visitorbook	Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE (visitorbook.pl) allows remote attackers to inject arbitrary HTML or web script via (1) the "do" parameter, (2) via the "user" p…	NVD-CWE-Other	CVE-2003-0980	2016-10-18 11:38	2004-01-5	表示	GitHub Exploit DB Packet Storm

245400	7.2	HIGH	symantec	norton_antivirus norton_internet_security norton_system_works windows_liveupdate	The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and …	NVD-CWE-Other	CVE-2003-0994	2016-10-18 11:38	2004-02-3	表示	GitHub Exploit DB Packet Storm