NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年10月6日5:12

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
259401	6.4	MEDIUM	mongrel	mongrel	Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double…	CWE-22 パス・トラバーサル	CVE-2007-6612	2011-03-8 12:03	2008-01-4	表示	GitHub Exploit DB Packet Storm

259402	2.1	LOW	ibm	aix	Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to an error in the …	NVD-CWE-Other	CVE-2007-6680	2011-03-8 12:03	2008-01-11	表示	GitHub Exploit DB Packet Storm

259403	9.3	HIGH	ibm	lotus_notes	Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH or 7.0.3, and possibly 8.0 allows remote attackers to execute arbitrary code via crafted text in …	CWE-94 コード・インジェクション	CVE-2007-6706	2011-03-8 12:03	2008-03-9	表示	GitHub Exploit DB Packet Storm

259404	6.0	MEDIUM	xunlei	web_thunder	Heap-based buffer overflow in the PPlayer.XPPlayer.1 ActiveX control in pplayer.dll_1_work in Xunlei Thunder 5.7.4.401 allows remote attackers to execute arbitrary code via a long string in a FlvPlay…	CWE-119 バッファエラー	CVE-2007-6144	2011-03-8 12:02	2007-11-28	表示	GitHub Exploit DB Packet Storm

259405	5.0	MEDIUM	hitachi	jp1_file_transmission_server	Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on Windows might allow remote attackers to cause a denial of service (service stop) via a "specific file" argument to an FTP command.	CWE-20 不適切な入力確認	CVE-2007-6146	2011-03-8 12:02	2007-11-28	表示	GitHub Exploit DB Packet Storm

259406	10.0	HIGH	adobe	connect_enterprise_server flash_media_server_2	Use-after-free vulnerability in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allows remote attackers to execute arbitrary code via an unspec…	CWE-399 リソース管理の問題	CVE-2007-6148	2011-03-8 12:02	2008-02-14	表示	GitHub Exploit DB Packet Storm

259407	7.5	HIGH	vu	case_manager	SQL injection vulnerability in default.asp in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the username parameter, a different vector than CVE-2007-6143. NOTE: the p…	CWE-89 SQLインジェクション	CVE-2007-6168	2011-03-8 12:02	2007-11-29	表示	GitHub Exploit DB Packet Storm

259408	3.5	LOW	cisco	unified_ip_phone	The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on t…	CWE-200 情報漏えい	CVE-2007-6190	2011-03-8 12:02	2007-11-30	表示	GitHub Exploit DB Packet Storm

259409	4.3	MEDIUM	ibm	tivoli_netcool_security_manager	Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool Security Manager 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-6219	2011-03-8 12:02	2007-12-5	表示	GitHub Exploit DB Packet Storm

259410	9.3	HIGH	sonicwall	global_vpn_client	Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string …	CWE-134 書式文字列の問題	CVE-2007-6273	2011-03-8 12:02	2007-12-7	表示	GitHub Exploit DB Packet Storm

259411	10.0	HIGH	ibm	hardware_management_console	Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 6 R1.3 allow attackers to gain privileges via "some HMC commands."	NVD-CWE-noinfo	CVE-2007-6293	2011-03-8 12:02	2007-12-11	表示	GitHub Exploit DB Packet Storm

259412	4.6	MEDIUM	ibm	hardware_management_console	Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 7 R3.2.0 allow attackers to gain privileges via "some HMC commands."	CWE-264 CWE-119 認可・権限・アクセス制御バッファエラー	CVE-2007-6305	2011-03-8 12:02	2007-12-11	表示	GitHub Exploit DB Packet Storm

259413	6.5	MEDIUM	mysql	mysql_community_server	MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements.	CWE-264 認可・権限・アクセス制御	CVE-2007-6313	2011-03-8 12:02	2008-02-19	表示	GitHub Exploit DB Packet Storm

259414	10.0	HIGH	clam_anti-virus	clamav	Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors.	NVD-CWE-noinfo	CVE-2007-6337	2011-03-8 12:02	2008-01-1	表示	GitHub Exploit DB Packet Storm

259415	4.3	MEDIUM	hp	openview_network_node_manager	Cross-site scripting (XSS) vulnerability in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-6343	2011-03-8 12:02	2007-12-14	表示	GitHub Exploit DB Packet Storm

259416	5.0	MEDIUM	aertherwide	exiftags	exiftags before 1.01 allows attackers to cause a denial of service (infinite loop) via recursive IFD references in the EXIF data in a JPEG image.	CWE-399 リソース管理の問題	CVE-2007-6356	2011-03-8 12:02	2007-12-19	表示	GitHub Exploit DB Packet Storm

259417	7.1	HIGH	nokia	n95	Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote attackers to cause a denial of service (device inoperability) via a SIP INVITE message accompanied by an immediately subsequent SIP CA…	CWE-20 不適切な入力確認	CVE-2007-6371	2011-03-8 12:02	2007-12-15	表示	GitHub Exploit DB Packet Storm

259418	5.5	MEDIUM	chandler_project	chandler_server	The DAV component in Chandler Server (Cosmo) before 0.10.1 does not check resource creation permissions, which allows remote authenticated users to create arbitrary resources in another user's home c…	CWE-264 認可・権限・アクセス制御	CVE-2007-6383	2011-03-8 12:02	2007-12-15	表示	GitHub Exploit DB Packet Storm

259419	7.5	HIGH	jboss	seam	The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order paramet…	CWE-20 不適切な入力確認	CVE-2007-6433	2011-03-8 12:02	2007-12-19	表示	GitHub Exploit DB Packet Storm

259420	2.1	LOW	linux	linux_kernel	Linux kernel 2.6.23 allows local users to create low pages in virtual userspace memory and bypass mmap_min_addr protection via a crafted executable file that calls the do_brk function.	CWE-264 認可・権限・アクセス制御	CVE-2007-6434	2011-03-8 12:02	2007-12-19	表示	GitHub Exploit DB Packet Storm

259421	4.3	MEDIUM	ganglia	ganglia	Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-6465	2011-03-8 12:02	2007-12-20	表示	GitHub Exploit DB Packet Storm

259422	9.3	HIGH	hammer_of_thyrion	hammer_of_thyrion	Buffer overflow in the HuffDecode function in hw_utils/hwrcon/huffman.c and hexenworld/Client/huffman.c in Hammer of Thyrion 1.4.2 allows remote attackers to execute arbitrary code or cause a denial …	CWE-119 バッファエラー	CVE-2007-6468	2011-03-8 12:02	2007-12-20	表示	GitHub Exploit DB Packet Storm

259423	10.0	HIGH	swiftview	viewer	Multiple stack-based buffer overflows in SwiftView Viewer before 8.3.5, as used by SwiftView and SwiftSend, allow remote attackers to execute arbitrary code via unspecified vectors to the (1) svocx.o…	CWE-119 バッファエラー	CVE-2007-5602	2011-03-8 12:01	2008-02-5	表示	GitHub Exploit DB Packet Storm

259424	5.0	MEDIUM	nagios	plugins	Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies.	CWE-119 バッファエラー	CVE-2007-5623	2011-03-8 12:01	2007-10-24	表示	GitHub Exploit DB Packet Storm

259425	7.2	HIGH	novell	zenworks_endpoint_security_management	STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management (ESM) 3.5, and other ESM versions before 3.5.0.82, dynamically creates scripts in a world-writable directory when generating diag…	CWE-264 認可・権限・アクセス制御	CVE-2007-5665	2011-03-8 12:01	2008-01-9	表示	GitHub Exploit DB Packet Storm

259426	10.0	HIGH	novell	bordermanager	Heap-based buffer overflow in the Client Trust application (clntrust.exe) in Novell BorderManager 3.8 before Update 1.5 allows remote attackers to execute arbitrary code via a validation request in w…	CWE-119 バッファエラー	CVE-2007-5767	2011-03-8 12:01	2007-11-3	表示	GitHub Exploit DB Packet Storm

259427	7.1	HIGH	stonesoft	stonegate_ips	Stonesoft StoneGate IPS before 4.0 does not properly decode Fullwidth/Halfwidth Unicode encoded data, which makes it easier for remote attackers to scan or penetrate systems and avoid detection.	NVD-CWE-Other	CVE-2007-5793	2011-03-8 12:01	2007-11-2	表示	GitHub Exploit DB Packet Storm

259428	7.5	HIGH	apache	geronimo	SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username …	CWE-287 不適切な認証	CVE-2007-5797	2011-03-8 12:01	2007-11-3	表示	GitHub Exploit DB Packet Storm

259429	4.3	MEDIUM	hitachi	cosminexus_application_server_enterprise cosminexus_application_server_standard cosminexus_developer_light_version_6 cosminexus_developer_professional_version_6 cosminexus_developer_stand…	Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 through 03-10, as used by certain Cosminexus products, allows remote attackers to inject arbitrary web script or HTML via unspecif…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-5809	2011-03-8 12:01	2007-11-6	表示	GitHub Exploit DB Packet Storm

259430	5.0	MEDIUM	hitachi	cosminexus_application_server_enterprise cosminexus_application_server_standard cosminexus_developer_light_version_6 cosminexus_developer_professional_version_6 cosminexus_developer_stand…	Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminexus products, does not properly validate SSL client certificates, which might allow remote attackers to spoof authentication via a…	CWE-20 不適切な入力確認	CVE-2007-5810	2011-03-8 12:01	2007-11-6	表示	GitHub Exploit DB Packet Storm

259431	9.4	HIGH	apple	mac_os_x	Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet.	CWE-287 不適切な認証	CVE-2007-5862	2011-03-8 12:01	2007-12-19	表示	GitHub Exploit DB Packet Storm

259432	9.3	HIGH	activepdf autonomy ibm symantec	docconverter keyview_export_sdk keyview_filter_sdk keyview_viewer_sdk lotus_notes mail_security	Stack-based buffer overflow in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, wp6sr.dll in IBM Lotus Notes 8.0 and before 7.0.3,…	CWE-119 バッファエラー	CVE-2007-5910	2011-03-8 12:01	2007-11-10	表示	GitHub Exploit DB Packet Storm

259433	4.3	MEDIUM	ibm	lotus_domino	Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.2 FP2, allows remote authenticated users to inject arbitrary web script…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-5924	2011-03-8 12:01	2007-11-10	表示	GitHub Exploit DB Packet Storm

259434	4.3	MEDIUM	pear	structures_datagrid_datasource_mdb2	The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2…	CWE-200 情報漏えい	CVE-2007-5934	2011-03-8 12:01	2007-11-14	表示	GitHub Exploit DB Packet Storm

259435	4.6	MEDIUM	tug	texlive_2007	feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file.	CWE-59 リンク解釈の問題	CVE-2007-5940	2011-03-8 12:01	2007-11-14	表示	GitHub Exploit DB Packet Storm

259436	4.3	MEDIUM	ibm	websphere_application_server	Cross-site scripting (XSS) vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server (WAS) 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-5944	2011-03-8 12:01	2007-11-14	表示	GitHub Exploit DB Packet Storm

259437	4.3	MEDIUM	script-fun	sf-shoutbox	Multiple cross-site scripting (XSS) vulnerabilities in main.php in SF-Shoutbox 1.2.1 through 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) nick (aka Name) and (2) shou…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-5948	2011-03-8 12:01	2007-11-14	表示	GitHub Exploit DB Packet Storm

259438	7.5	HIGH	e-vendejo	0.2	SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.	CWE-89 SQLインジェクション	CVE-2007-5951	2011-03-8 12:01	2007-11-14	表示	GitHub Exploit DB Packet Storm

259439	5.0	MEDIUM	really_simple_caldav_store	really_simple_caldav_store	Unspecified vulnerability in Really Simple CalDAV Store (RSCDS) before 0.9.0 allows attackers to obtain sensitive information via unspecified vectors.	NVD-CWE-noinfo	CVE-2007-5953	2011-03-8 12:01	2007-11-14	表示	GitHub Exploit DB Packet Storm

259440	4.3	MEDIUM	trolltech	qsslsocket	QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly verify SSL certificates, which might make it easier for remote attackers to trick a user into accepting an invalid server certificate …	CWE-264 認可・権限・アクセス制御	CVE-2007-5965	2011-03-8 12:01	2008-01-8	表示	GitHub Exploit DB Packet Storm

259441	5.1	MEDIUM	symantec	backup_exec_for_windows_server	The PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0…	CWE-20 不適切な入力確認	CVE-2007-6017	2011-03-8 12:01	2008-03-1	表示	GitHub Exploit DB Packet Storm

259442	10.0	HIGH	ibm	db2_universal_database	Unspecified vulnerability in (1) DB2WATCH and (2) DB2FREEZE in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors.	NVD-CWE-noinfo	CVE-2007-6045	2011-03-8 12:01	2007-11-21	表示	GitHub Exploit DB Packet Storm

259443	7.2	HIGH	ibm	db2_universal_database	Unspecified vulnerability in unspecified setuid programs in IBM DB2 UDB 9.1 before Fixpak 4 allows local users to have an unknown impact.	NVD-CWE-noinfo	CVE-2007-6046	2011-03-8 12:01	2007-11-21	表示	GitHub Exploit DB Packet Storm

259444	10.0	HIGH	ibm	db2_universal_database	Unspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1 before Fixpak 4 allows attackers to execute arbitrary commands as the DB2 instance owner, related to invocation of TPUT by DB2DART.	CWE-264 認可・権限・アクセス制御	CVE-2007-6047	2011-03-8 12:01	2007-11-21	表示	GitHub Exploit DB Packet Storm

259445	10.0	HIGH	ibm	db2_universal_database	IBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on ACLs for DB2NODES.CFG, which has unknown impact and attack vectors. NOTE: the vendor description of this issue is too vague to be certai…	CWE-264 認可・権限・アクセス制御	CVE-2007-6048	2011-03-8 12:01	2007-11-21	表示	GitHub Exploit DB Packet Storm

259446	7.2	HIGH	ibm	db2_universal_database	Unspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, involving a call to dlopen when the effective uid is root.	CWE-264 認可・権限・アクセス制御	CVE-2007-6049	2011-03-8 12:01	2007-11-21	表示	GitHub Exploit DB Packet Storm

259447	7.2	HIGH	ibm	db2_universal_database	Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, related to creation of an "insecure directory."	CWE-264 認可・権限・アクセス制御	CVE-2007-6050	2011-03-8 12:01	2007-11-21	表示	GitHub Exploit DB Packet Storm

259448	7.8	HIGH	ibm	db2_universal_database	IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggregation, which might allow attackers to cause a denial of service (divide-by-zero error and DBMS crash), related to an "overflow."…	NVD-CWE-Other	CVE-2007-6052	2011-03-8 12:01	2007-11-21	表示	GitHub Exploit DB Packet Storm

259449	9.3	HIGH	ibm	db2_universal_database	IBM DB2 UDB 9.1 before Fixpak 4 does not properly handle use of large numbers of file descriptors, which might allow attackers to have an unknown impact involving "memory corruption." NOTE: the vendo…	CWE-399 リソース管理の問題	CVE-2007-6053	2011-03-8 12:01	2007-11-21	表示	GitHub Exploit DB Packet Storm

259450	4.3	MEDIUM	feed2js	feed2js	Cross-site scripting (XSS) vulnerability in Feed to JavaScript (Feed2JS) 1.91 allows remote attackers to inject arbitrary web script or HTML via a URL in a feed.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-6102	2011-03-8 12:01	2007-11-24	表示	GitHub Exploit DB Packet Storm