NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年9月29日5:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
245401	6.8	MEDIUM	phpwebsite	phpwebsite	Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via (1) the day parameter in the calendar module, (2) the fa…	NVD-CWE-Other	CVE-2003-0736	2016-10-18 11:37	2003-10-20	表示	GitHub Exploit DB Packet Storm

245402	5.0	MEDIUM	phpwebsite	phpwebsite	The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to obtain the full pathname of phpWebSite via an invalid year, which generates an error from localtime() in TimeZone.php of…	NVD-CWE-Other	CVE-2003-0737	2016-10-18 11:37	2003-10-20	表示	GitHub Exploit DB Packet Storm

245403	7.8	HIGH	phpwebsite	phpwebsite	The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to cause a denial of service (crash) via a long year parameter.	CWE-134 書式文字列の問題	CVE-2003-0738	2016-10-18 11:37	2003-10-20	表示	GitHub Exploit DB Packet Storm

245404	4.6	MEDIUM	vmware	workstation	VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows local users to delete arbitrary files via a symlink attack.	NVD-CWE-Other	CVE-2003-0739	2016-10-18 11:37	2003-10-20	表示	GitHub Exploit DB Packet Storm

245405	4.6	MEDIUM	stunnel	stunnel	Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server.	NVD-CWE-Other	CVE-2003-0740	2016-10-18 11:37	2003-10-20	表示	GitHub Exploit DB Packet Storm

245406	7.5	HIGH	university_of_cambridge	exim	Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument…	NVD-CWE-Other	CVE-2003-0743	2016-10-18 11:37	2003-10-20	表示	GitHub Exploit DB Packet Storm

245407	5.0	MEDIUM	leafnode	leafnode	The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows remote attackers to cause a denial of service (process hang and termination) via certain malformed Usenet news articles that cause fetchne…	NVD-CWE-Other	CVE-2003-0744	2016-10-18 11:37	2003-10-20	表示	GitHub Exploit DB Packet Storm

245408	7.2	HIGH	ibm	db2_universal_database	Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before Fixpak 10a allows local users to gain root privileges via a long command line argument.	NVD-CWE-Other	CVE-2003-0759	2016-10-18 11:37	2003-10-6	表示	GitHub Exploit DB Packet Storm

245409	4.3	MEDIUM	squished_mosquito	escapade	Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine (ESP) allows remote attackers to inject arbitrary script via the method parameter, as demonstrated using the PAGE parameter.	NVD-CWE-Other	CVE-2003-0763	2016-10-18 11:37	2003-09-17	表示	GitHub Exploit DB Packet Storm

245410	5.0	MEDIUM	squished_mosquito	escapade	Escapade Scripting Engine (ESP) allows remote attackers to obtain sensitive path information via a malformed request, which leaks the information in an error message, as demonstrated using the PAGE p…	NVD-CWE-Other	CVE-2003-0764	2016-10-18 11:37	2003-09-17	表示	GitHub Exploit DB Packet Storm

245411	7.5	HIGH	nullsoft	winamp	The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value.	NVD-CWE-Other	CVE-2003-0765	2016-10-18 11:37	2003-09-17	表示	GitHub Exploit DB Packet Storm

245412	7.5	HIGH	gamespy	roger_wilco_dedicated_server roger_wilco_graphical_server	Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, dedicated server 0.32a and earlier for Windows, and 0.27 and earlier for Linux and BSD, allows remote attackers to cause a denial o…	NVD-CWE-Other	CVE-2003-0767	2016-10-18 11:37	2003-09-17	表示	GitHub Exploit DB Packet Storm

245413	6.8	MEDIUM	microsoft	asp.net	Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name.	NVD-CWE-Other	CVE-2003-0768	2016-10-18 11:37	2003-09-22	表示	GitHub Exploit DB Packet Storm

245414	7.5	HIGH	ikonboard.com	ikonboard	FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the "lang" cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when…	NVD-CWE-Other	CVE-2003-0770	2016-10-18 11:37	2003-09-22	表示	GitHub Exploit DB Packet Storm

245415	4.6	MEDIUM	apache_gallery	apache_gallery	Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apa…	NVD-CWE-Other	CVE-2003-0771	2016-10-18 11:37	2003-09-22	表示	GitHub Exploit DB Packet Storm

245416	5.0	MEDIUM	gnu quagga sgi	zebra quagga propack	The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial…	CWE-20 不適切な入力確認	CVE-2003-0795	2016-10-18 11:37	2003-12-15	表示	GitHub Exploit DB Packet Storm

245417	7.5	HIGH	university_of_minnesota	gopherd	Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisTex…	NVD-CWE-Other	CVE-2003-0805	2016-10-18 11:37	2003-10-6	表示	GitHub Exploit DB Packet Storm

245418	7.5	HIGH	gnu	lsh	lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attacke…	NVD-CWE-Other	CVE-2003-0826	2016-10-18 11:37	2003-10-6	表示	GitHub Exploit DB Packet Storm

245419	5.0	MEDIUM	ibm	db2_universal_database	The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote attackers to cause a denial of service (crash) via a long packet to UDP port 523.	NVD-CWE-Other	CVE-2003-0827	2016-10-18 11:37	2003-10-6	表示	GitHub Exploit DB Packet Storm

245420	7.5	HIGH	mplayer	mplayer	Multiple buffer overflows in asf_http_request of MPlayer before 0.92 allows remote attackers to execute arbitrary code via an ASX header with a long hostname.	NVD-CWE-Other	CVE-2003-0835	2016-10-18 11:37	2003-11-17	表示	GitHub Exploit DB Packet Storm

245421	5.0	MEDIUM	microsoft	windows_2003_server	Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link.	NVD-CWE-Other	CVE-2003-0839	2016-10-18 11:37	2003-11-17	表示	GitHub Exploit DB Packet Storm

245422	7.2	HIGH	hp	hp-ux	Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other operating systems, allows local users to gain root privileges via a long DISPLAY environment variable.	NVD-CWE-Other	CVE-2003-0840	2016-10-18 11:37	2003-11-17	表示	GitHub Exploit DB Packet Storm

245423	7.5	HIGH	dag_apt_repository	mod_gzip	Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode, allows remote attackers to execute arbitrary code …	NVD-CWE-Other	CVE-2003-0842	2016-10-18 11:37	2003-11-17	表示	GitHub Exploit DB Packet Storm

245424	7.5	HIGH	dag_apt_repository	mod_gzip	Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers t…	NVD-CWE-Other	CVE-2003-0843	2016-10-18 11:37	2003-11-17	表示	GitHub Exploit DB Packet Storm

245425	4.6	MEDIUM	suse	suse_linux	SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro allows local users to overwrite arbitrary files via a symlink attack on the .java_wrapper temporary file.	NVD-CWE-Other	CVE-2003-0846	2016-10-18 11:37	2003-11-17	表示	GitHub Exploit DB Packet Storm

245426	4.6	MEDIUM	suse	suse_linux	SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows local users to overwrite arbitrary files via a symlink attack on the susewm.$$ temporary file.	NVD-CWE-Other	CVE-2003-0847	2016-10-18 11:37	2003-11-17	表示	GitHub Exploit DB Packet Storm

245427	5.0	MEDIUM	peoplesoft	peopletools	PeopleSoft Gateway Administration servlet (gateway.administration) in PeopleTools 8.43 and earlier allows remote attackers to obtain the full pathnames for server-side include (SSI) files via an HTTP…	NVD-CWE-Other	CVE-2003-0628	2016-10-18 11:36	2003-12-15	表示	GitHub Exploit DB Packet Storm

245428	4.3	MEDIUM	peoplesoft	peopletools	Cross-site scripting (XSS) vulnerability in PeopleSoft IScript environment for PeopleTools 8.43 and earlier allows remote attackers to insert arbitrary web script via a certain HTTP request to IScrip…	NVD-CWE-Other	CVE-2003-0629	2016-10-18 11:36	2003-12-15	表示	GitHub Exploit DB Packet Storm

245429	7.2	HIGH	atari800	atari800	Multiple buffer overflows in the atari800.svgalib setuid program of the Atari 800 emulator (atari800) before 1.2.2 allow local users to gain privileges via long command line arguments, as demonstrate…	NVD-CWE-Other	CVE-2003-0630	2016-10-18 11:36	2003-10-20	表示	GitHub Exploit DB Packet Storm

245430	7.2	HIGH	vmware	gsx_server workstation	VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 and earlier, allows local users to gain root privileges via certain enivronment variables that are used when launching a virtual ma…	NVD-CWE-Other	CVE-2003-0631	2016-10-18 11:36	2003-08-27	表示	GitHub Exploit DB Packet Storm

245431	7.5	HIGH	oracle	applications e-business_suite	Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrar…	NVD-CWE-Other	CVE-2003-0632	2016-10-18 11:36	2003-08-27	表示	GitHub Exploit DB Packet Storm

245432	5.0	MEDIUM	oracle	applications e-business_suite	Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J Setup Test Suite in Oracle E-Business Suite 11.5.1 through 11.5.8 allow a remote attacker to obtain sensitive information without…	NVD-CWE-Other	CVE-2003-0633	2016-10-18 11:36	2003-08-27	表示	GitHub Exploit DB Packet Storm

245433	5.0	MEDIUM	novell	ichain	Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before Support Pack 1, with unknown impact, possibly related to unauthorized access to (1) NCPIP.NLM and (2) JSTCP.NLM.	NVD-CWE-Other	CVE-2003-0635	2016-10-18 11:36	2003-08-27	表示	GitHub Exploit DB Packet Storm

245434	7.5	HIGH	novell	ichain	Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, and iChain 2.2 before Field Patch 1a, allow attackers to cause a denial of service (ABEND) and possibly execute arbitrary code via…	NVD-CWE-Other	CVE-2003-0638	2016-10-18 11:36	2003-08-27	表示	GitHub Exploit DB Packet Storm

245435	5.0	MEDIUM	novell	ichain	Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 allows users to access restricted or secure pages without authentication.	NVD-CWE-Other	CVE-2003-0639	2016-10-18 11:36	2003-08-27	表示	GitHub Exploit DB Packet Storm

245436	7.5	HIGH	gamespy	arcade	Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, possibly versions before 1.3e, allows remote attackers to overwrite arbitrary files and execute arbitrary code via .. (dot dot) seq…	NVD-CWE-Other	CVE-2003-0650	2016-10-18 11:36	2003-08-27	表示	GitHub Exploit DB Packet Storm

245437	4.6	MEDIUM	xtokkaetama	xtokkaetama	Buffer overflow in xtokkaetama allows local users to gain privileges via a long -nickname command line argument, a different vulnerability than CVE-2003-0611.	NVD-CWE-Other	CVE-2003-0652	2016-10-18 11:36	2003-08-27	表示	GitHub Exploit DB Packet Storm

245438	7.2	HIGH	cdrtools	cdrtools	rscsi in cdrtools 2.01 and earlier allows local users to overwrite arbitrary files and gain root privileges by specifying the target file as a command line argument, which is modified while rscsi is …	NVD-CWE-Other	CVE-2003-0655	2016-10-18 11:36	2003-08-27	表示	GitHub Exploit DB Packet Storm

245439	2.1	LOW	eroaster	eroaster	eroaster before 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file that is used as a lockfile.	NVD-CWE-Other	CVE-2003-0656	2016-10-18 11:36	2003-08-27	表示	GitHub Exploit DB Packet Storm

245440	5.0	MEDIUM	sun	iplanet_directory_server one_directory_server	Directory traversal vulnerability in ViewLog for iPlanet Administration Server 5.1 (aka Sun ONE) allows remote attackers to read arbitrary files via "..%2f" (partially encoded dot dot) sequences.	NVD-CWE-Other	CVE-2003-0676	2016-10-18 11:36	2003-08-27	表示	GitHub Exploit DB Packet Storm

245441	7.5	HIGH	netris	netris	Buffer overflow in Netris 0.52 and earlier, and possibly other versions, allows remote malicious Netris servers to execute arbitrary code on netris clients via a long server response.	NVD-CWE-Other	CVE-2003-0685	2016-10-18 11:36	2003-08-27	表示	GitHub Exploit DB Packet Storm

245442	6.4	MEDIUM	horde	horde	Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL.	NVD-CWE-Other	CVE-2003-0728	2016-10-18 11:36	2003-10-20	表示	GitHub Exploit DB Packet Storm

245443	7.5	HIGH	tellurian	tftpdnt	Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to execute arbitrary code via a TFTP request with a long filename.	NVD-CWE-Other	CVE-2003-0729	2016-10-18 11:36	2003-10-20	表示	GitHub Exploit DB Packet Storm

245444	7.5	HIGH	xfree86_project netbsd	x11r6 netbsd	Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflo…	NVD-CWE-Other	CVE-2003-0730	2016-10-18 11:36	2003-10-20	表示	GitHub Exploit DB Packet Storm

245445	7.5	HIGH	phpwebsite	phpwebsite	SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter.	NVD-CWE-Other	CVE-2003-0735	2016-10-18 11:36	2003-10-20	表示	GitHub Exploit DB Packet Storm

245446	3.6	LOW	phpsysinfo	phpsysinfo	Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (do…	NVD-CWE-Other	CVE-2003-0536	2016-10-18 11:35	2003-08-18	表示	GitHub Exploit DB Packet Storm

245447	7.5	HIGH	netscape	navigator	Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename.	NVD-CWE-Other	CVE-2003-0553	2016-10-18 11:35	2003-08-18	表示	GitHub Exploit DB Packet Storm

245448	5.0	MEDIUM	neomodus	direct_connect	NeoModus Direct Connect 1.0 build 9, and possibly other versions, allows remote attackers to cause a denial of service (connection and possibly memory exhaustion) via a flood of ConnectToMe requests …	NVD-CWE-Other	CVE-2003-0554	2016-10-18 11:35	2003-08-18	表示	GitHub Exploit DB Packet Storm

245449	7.5	HIGH	imagemagick	imagemagick	ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a "%x" filename, possibly triggering a format string vulnerability.	NVD-CWE-Other	CVE-2003-0555	2016-10-18 11:35	2003-08-18	表示	GitHub Exploit DB Packet Storm

245450	5.0	MEDIUM	polycom	mgc-100 mgc-25 mgc-50	Polycom MGC 25 allows remote attackers to cause a denial of service (crash) via a large number of "user" requests to the control port 5003, as demonstrated using the blast TCP stress tester.	NVD-CWE-Other	CVE-2003-0556	2016-10-18 11:35	2003-08-18	表示	GitHub Exploit DB Packet Storm