NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年10月6日5:12

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
259351	4.3	MEDIUM	ibm	lotus_notes	IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a user forwards an email message to another user, which allows user-assisted remote attackers to bypass Execution Control List (EC…	CWE-264 認可・権限・アクセス制御	CVE-2008-0862	2011-03-8 12:05	2008-02-21	表示	GitHub Exploit DB Packet Storm

259352	5.0	MEDIUM	bea	weblogic_server	BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service's WSDL and security policies, which allows remote attackers to obtain sensitive information and potentially launch further…	CWE-200 情報漏えい	CVE-2008-0863	2011-03-8 12:05	2008-02-21	表示	GitHub Exploit DB Packet Storm

259353	4.3	MEDIUM	bea	weblogic_workshop	Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Workshop allow remote attackers to inject arbitrary web script or HTML via an invalid action URI, which is not properly handled by …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-0866	2011-03-8 12:05	2008-02-21	表示	GitHub Exploit DB Packet Storm

259354	4.3	MEDIUM	bea bea_systems	weblogic_server weblogic_workshop weblogic	Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "fram…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-0869	2011-03-8 12:05	2008-02-21	表示	GitHub Exploit DB Packet Storm

259355	5.0	MEDIUM	hitachi	eur_print_manager	Unspecified vulnerability in Hitachi EUR Print Manager, and related Client and Local Server products, 05-06 through 05-06-/B and 05-08 allows remote attackers to cause a denial of service (service ha…	NVD-CWE-noinfo	CVE-2008-0875	2011-03-8 12:05	2008-02-22	表示	GitHub Exploit DB Packet Storm

259356	4.3	MEDIUM	hitachi	sewb3_mi-platform sewb3_platform	Unspecified vulnerability in the SEWB3 messaging service in Hitachi SEWB3/PLATFORM and SEWB3/MI-PLATFORM 01-00 through 02-14-/A allows remote attackers to cause a denial of service (service outage) v…	CWE-20 不適切な入力確認	CVE-2008-0876	2011-03-8 12:05	2008-02-22	表示	GitHub Exploit DB Packet Storm

259357	6.4	MEDIUM	bea	weblogic_server	BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers.	CWE-287 不適切な認証	CVE-2008-0895	2011-03-8 12:05	2008-02-23	表示	GitHub Exploit DB Packet Storm

259358	4.9	MEDIUM	bea_systems	weblogic_portal	BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator deletes a single instance of a content portlet, removes entitlement policies for other content portlets, which allows attackers to …	CWE-264 認可・権限・アクセス制御	CVE-2008-0896	2011-03-8 12:05	2008-02-23	表示	GitHub Exploit DB Packet Storm

259359	7.9	HIGH	bea	weblogic_server	Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "receive" permissions to bypass intended access restrictions and receive messages from a st…	CWE-264 認可・権限・アクセス制御	CVE-2008-0897	2011-03-8 12:05	2008-02-23	表示	GitHub Exploit DB Packet Storm

259360	5.8	MEDIUM	bea	weblogic_server	The distributed queue feature in JMS in BEA WebLogic Server 9.0 through 10.0, in certain configurations, does not properly handle when a client cannot send a message to a member of a distributed queu…	CWE-264 認可・権限・アクセス制御	CVE-2008-0898	2011-03-8 12:05	2008-02-23	表示	GitHub Exploit DB Packet Storm

259361	4.3	MEDIUM	bea	weblogic_server	Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via URLs that…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-0899	2011-03-8 12:05	2008-02-23	表示	GitHub Exploit DB Packet Storm

259362	6.0	MEDIUM	bea bea_systems	weblogic_server weblogic_express	Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.	CWE-264 認可・権限・アクセス制御	CVE-2008-0900	2011-03-8 12:05	2008-02-23	表示	GitHub Exploit DB Packet Storm

259363	4.3	MEDIUM	bea bea_systems	weblogic_server	Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOT…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-0902	2011-03-8 12:05	2008-02-23	表示	GitHub Exploit DB Packet Storm

259364	4.3	MEDIUM	bea_systems	weblogic_express weblogic_server	Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of servic…	NVD-CWE-noinfo	CVE-2008-0903	2011-03-8 12:05	2008-02-23	表示	GitHub Exploit DB Packet Storm

259365	7.8	HIGH	bea_systems	aqualogic_interaction plumtree_collaboration	Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted…	CWE-200 情報漏えい	CVE-2008-0904	2011-03-8 12:05	2008-02-23	表示	GitHub Exploit DB Packet Storm

259366	7.5	HIGH	the_sword_project	diatheke_front_end sword	diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter.	CWE-20 不適切な入力確認	CVE-2008-0932	2011-03-8 12:05	2008-02-26	表示	GitHub Exploit DB Packet Storm

259367	10.0	HIGH	novell	iprint iprint_client	Stack-based buffer overflow in the Novell iPrint Control ActiveX control in ienipp.ocx in Novell iPrint Client before 4.34 allows remote attackers to execute arbitrary code via a long argument to the…	CWE-119 バッファエラー	CVE-2008-0935	2011-03-8 12:05	2008-02-26	表示	GitHub Exploit DB Packet Storm

259368	4.3	MEDIUM	apple	mac_os_x mac_os_x_server	Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS X 10.4.11 allows context-dependent attackers to cause a denial of service (crash) via crafted arguments that trigger a buffer ove…	CWE-189 数値処理の問題	CVE-2008-0988	2011-03-8 12:05	2008-03-19	表示	GitHub Exploit DB Packet Storm

259369	10.0	HIGH	fujitsu	interstage_application_server_enterprise interstage_application_server_standard_j interstage_apworks_enterprise interstage_apworks_standard_j interstage_studio_enterprise interstage_st…	Buffer overflow in the Single Sign-On function in Fujitsu Interstage Application Server 8.0.0 through 8.0.3 and 9.0.0, Interstage Studio 8.0.1 and 9.0.0, and Interstage Apworks 8.0.0 allows remote at…	CWE-119 バッファエラー	CVE-2008-1040	2011-03-8 12:05	2008-02-28	表示	GitHub Exploit DB Packet Storm

259370	4.3	MEDIUM	internet_security_systems	internet_scanner	Cross-site scripting (XSS) vulnerability in the report interface in Internet Security Systems (ISS) Internet Scanner 7.0 Service Pack 2 Build 7.2.2005.52 allows remote attackers to inject arbitrary w…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-1073	2011-03-8 12:05	2008-02-29	表示	GitHub Exploit DB Packet Storm

259371	9.3	HIGH	icq	mirabilis_icq	Format string vulnerability in the embedded Internet Explorer component for Mirabilis ICQ 6 build 6043 allows remote servers to execute arbitrary code or cause a denial of service (crash) via unspeci…	CWE-134 書式文字列の問題	CVE-2008-1120	2011-03-8 12:05	2008-03-4	表示	GitHub Exploit DB Packet Storm

259372	6.6	MEDIUM	ibm	websphere_mq	Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and 5.3 before Fix Pack 14 allows attackers to bypass access restrictions for a queue manager via a SVRCONN (MQ client) channel.	CWE-287 不適切な認証	CVE-2008-1130	2011-03-8 12:05	2008-03-4	表示	GitHub Exploit DB Packet Storm

259373	7.5	HIGH	hp	select_identity	Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to gain access via unknown vectors.	CWE-264 認可・権限・アクセス制御	CVE-2008-0214	2011-03-8 12:04	2008-02-8	表示	GitHub Exploit DB Packet Storm

259374	7.5	HIGH	hp	select_identity	In order to download the patch, user must login.	CWE-264 認可・権限・アクセス制御	CVE-2008-0214	2011-03-8 12:04	2008-02-8	表示	GitHub Exploit DB Packet Storm

259375	10.0	HIGH	hp	storage_essentials_srm_enterprise storage_essentials_srm_standard	Multiple unspecified vulnerabilities in HP Storage Essentials Storage Resource Management (SRM) before 6.0.0 allow remote attackers to obtain unspecified access to a managed device via unknown attack…	NVD-CWE-noinfo CWE-264 認可・権限・アクセス制御	CVE-2008-0215	2011-03-8 12:04	2008-02-12	表示	GitHub Exploit DB Packet Storm

259376	5.0	MEDIUM	ingate	firewall ingate_siparator	The SIP module in Ingate Firewall before 4.6.1 and SIParator before 4.6.1 does not reuse SIP media ports in unspecified call hold and send-only stream scenarios, which allows remote attackers to caus…	CWE-399 リソース管理の問題	CVE-2008-0263	2011-03-8 12:04	2008-01-16	表示	GitHub Exploit DB Packet Storm

259377	7.1	HIGH	symantec	scan_engine symantec_antivirus_clearswift symantec_antivirus_filtering_domino_mpe symantec_antivirus_messaging symantec_antivirus_microsoft_sharepoint symantec_antivirus_ms_isa syma…	Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to cause a denial of service (memo…	CWE-399 リソース管理の問題	CVE-2008-0308	2011-03-8 12:04	2008-02-29	表示	GitHub Exploit DB Packet Storm

259378	6.8	MEDIUM	symantec	scan_engine symantec_antivirus_filtering_domino_mpe symantec_antivirus_network_attached_storage symantec_antivirus_scan_engine symantec_antivirus_scan_engine_caching symantec_antivirus…	Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to …	CWE-119 バッファエラー	CVE-2008-0309	2011-03-8 12:04	2008-02-29	表示	GitHub Exploit DB Packet Storm

259379	4.3	MEDIUM	modern singapore	modern singapore	Cross-site scripting (XSS) vulnerability in header.tpl.php in the modern template for Singapore 0.10.1 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter to defa…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-0400	2011-03-8 12:04	2008-01-23	表示	GitHub Exploit DB Packet Storm

259380	4.3	MEDIUM	hal_networks	perl__cgi_cart php_cart shop_hal_v1	Cross-site scripting (XSS) vulnerability in multiple Hal Networks shopping-cart products allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-0522	2011-03-8 12:04	2008-02-1	表示	GitHub Exploit DB Packet Storm

259381	10.0	HIGH	drupal	secure_site_module	Unspecified vulnerability in the IP-authentication feature in the Secure Site 5.x-1.0 and 4.7.x-1.0 module for Drupal allows remote attackers to gain the privileges of a user who has authenticated fr…	NVD-CWE-noinfo	CVE-2008-0568	2011-03-8 12:04	2008-02-5	表示	GitHub Exploit DB Packet Storm

259382	6.4	MEDIUM	drupal	comment_upload_module	The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before 5.x-0.1 module for Drupal does not properly use functions in the upload module, which allows remote attackers to bypass upload validation, and…	CWE-264 認可・権限・アクセス制御	CVE-2008-0569	2011-03-8 12:04	2008-02-5	表示	GitHub Exploit DB Packet Storm

259383	5.0	MEDIUM	drupal	openid	The OpenID 5.x-1.0 and earlier module for Drupal does not properly verify the claimed_id returned by an OpenID provider, which allows remote OpenID providers to spoof OpenID authentication for domain…	CWE-20 不適切な入力確認	CVE-2008-0570	2011-03-8 12:04	2008-02-5	表示	GitHub Exploit DB Packet Storm

259384	4.3	MEDIUM	drupal	userpoints_module	The point moderation form in the Userpoints 4.7.x before 4.7.x-2.3, 5.x-2 before 5.x-2.16, and 5.x-3 before 5.x-3.3 module for Drupal does not follow Drupal's Forms API submission model, which allows…	CWE-352 同一生成元ポリシー違反	CVE-2008-0571	2011-03-8 12:04	2008-02-5	表示	GitHub Exploit DB Packet Storm

259385	4.3	MEDIUM	drupal	project_issue_tracking_module	Cross-site scripting (XSS) vulnerability in the Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in th…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-0576	2011-03-8 12:04	2008-02-5	表示	GitHub Exploit DB Packet Storm

259386	6.4	MEDIUM	drupal	project_issue_tracking_module	The Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlie…	CWE-264 認可・権限・アクセス制御	CVE-2008-0577	2011-03-8 12:04	2008-02-5	表示	GitHub Exploit DB Packet Storm

259387	4.3	MEDIUM	apple	mac_os_x	X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle when the "Allow connections from network client" preference is disabled, which allows remote attackers to bypass intended access res…	CWE-264 認可・権限・アクセス制御	CVE-2008-0037	2011-03-8 12:03	2008-02-13	表示	GitHub Exploit DB Packet Storm

259388	1.9	LOW	apple	mac_os_x	Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security res…	CWE-264 認可・権限・アクセス制御	CVE-2008-0038	2011-03-8 12:03	2008-02-13	表示	GitHub Exploit DB Packet Storm

259389	6.8	MEDIUM	apple	mail	Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL.	CWE-94 コード・インジェクション	CVE-2008-0039	2011-03-8 12:03	2008-02-13	表示	GitHub Exploit DB Packet Storm

259390	10.0	HIGH	apple	mac_os_x	Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via unknown vectors related to …	CWE-399 リソース管理の問題	CVE-2008-0040	2011-03-8 12:03	2008-02-13	表示	GitHub Exploit DB Packet Storm

259391	5.0	MEDIUM	apple	mac_os_x	Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com "when a website is unblocked," which allows remote attackers to determine when a system is running Parental Controls.	CWE-200 情報漏えい	CVE-2008-0041	2011-03-8 12:03	2008-02-13	表示	GitHub Exploit DB Packet Storm

259392	6.8	MEDIUM	apple	mac_os_x	Argument injection vulnerability in Terminal.app in Terminal in Apple Mac OS X 10.4.11 and 10.5 through 10.5.1 allows remote attackers to execute arbitrary code via unspecified URL schemes.	CWE-94 コード・インジェクション	CVE-2008-0042	2011-03-8 12:03	2008-02-13	表示	GitHub Exploit DB Packet Storm

259393	9.3	HIGH	apple	iphoto	Format string vulnerability in Apple iPhoto before 7.1.2 allows remote attackers to execute arbitrary code via photocast subscriptions.	CWE-94 コード・インジェクション	CVE-2008-0043	2011-03-8 12:03	2008-02-8	表示	GitHub Exploit DB Packet Storm

259394	5.0	MEDIUM	maradns	maradns	MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before 1.3.07.04 allows remote attackers to cause a denial of service via a crafted DNS packet that prevents an authoritative name (CNAME) rec…	NVD-CWE-Other	CVE-2008-0061	2011-03-8 12:03	2008-01-4	表示	GitHub Exploit DB Packet Storm

259395	9.3	HIGH	pierreegougelet	gfl_sdk nconvert xnview	Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView 1.91 and 1.92, (2) NConvert 4.85, and (3) libgfl280.dll in GFL SDK 2.870 for Windows allows user-assisted remote attackers to execut…	CWE-119 バッファエラー	CVE-2008-0064	2011-03-8 12:03	2008-02-1	表示	GitHub Exploit DB Packet Storm

259396	9.3	HIGH	groove hp persits	virtual_office loadrunner xupload	Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remo…	CWE-119 バッファエラー	CVE-2007-6530	2011-03-8 12:03	2007-12-28	表示	GitHub Exploit DB Packet Storm

259397	5.0	MEDIUM	xfce	xfce	Stack-based buffer overflow in the Panel (xfce4-panel) component in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via Launcher tooltips. NOTE: a second buffer overflow (ov…	CWE-119 バッファエラー	CVE-2007-6531	2011-03-8 12:03	2008-01-10	表示	GitHub Exploit DB Packet Storm

259398	10.0	HIGH	xfce	xfce	Double free vulnerability in the Widget Library (libxfcegui4) in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via unknown vectors related to the "cliend id, program name a…	NVD-CWE-noinfo CWE-119 バッファエラー	CVE-2007-6532	2011-03-8 12:03	2008-01-10	表示	GitHub Exploit DB Packet Storm

259399	4.3	MEDIUM	sun	java_system_web_proxy_server java_system_web_server	Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via un…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-6569	2011-03-8 12:03	2007-12-29	表示	GitHub Exploit DB Packet Storm

259400	6.9	MEDIUM	ibm	lotus_notes	IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified weak permissions for the installation kit obtained through a Notes 8 download and (2) 0777 permissions for the installdata file that is c…	CWE-264 認可・権限・アクセス制御	CVE-2007-6594	2011-03-8 12:03	2007-12-29	表示	GitHub Exploit DB Packet Storm