NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2024年10月6日5:12

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
259451 10.0 HIGH
irc_services irc_services Unspecified vulnerability in IRC Services 5.1.8 has unknown impact and attack vectors. NVD-CWE-noinfo
CVE-2007-6123 2011-03-8 12:01 2007-11-27 表示 GitHub Exploit DB Packet Storm
259452 5.0 MEDIUM
gnu gnump3d gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions. CWE-287
不適切な認証 		CVE-2007-6130 2011-03-8 12:01 2007-11-27 表示 GitHub Exploit DB Packet Storm
259453 2.1 LOW
redhat fedora_core buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite arbitrary files via a symlink attack on the (1) scan.pnm and (2) scan.jpg temporary files. CWE-16
環境設定 		CVE-2007-6131 2011-03-8 12:01 2007-11-27 表示 GitHub Exploit DB Packet Storm
259454 6.8 MEDIUM
xunlei web_thunder Buffer overflow in a certain ActiveX control in Xunlei Web Thunder 5.6.9.344, possibly the DapPlayer ActiveX control in DapPlayer_Now.dll, allows remote attackers to execute arbitrary code via a long… CWE-119
バッファエラー 		CVE-2007-5064 2011-03-8 12:00 2007-09-25 表示 GitHub Exploit DB Packet Storm
259455 2.1 LOW
kaspersky_lab kaspersky_anti-virus
kaspersky_internet_security 		Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows lo… CWE-20
不適切な入力確認 		CVE-2007-5086 2011-03-8 12:00 2007-09-26 表示 GitHub Exploit DB Packet Storm
259456 6.8 MEDIUM
phpbb phpbb_plus Multiple PHP remote file inclusion vulnerabilities in phpBB Plus 1.53, and 1.53a before 20070922, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in t… CWE-94
コード・インジェクション 		CVE-2007-5100 2011-03-8 12:00 2007-09-27 表示 GitHub Exploit DB Packet Storm
259457 4.3 MEDIUM
dragonfrugal dfd_cart Cross-site scripting (XSS) vulnerability in DFD Cart 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2007-5136 2011-03-8 12:00 2007-09-29 表示 GitHub Exploit DB Packet Storm
259458 7.5 HIGH
xoops xoops Unspecified vulnerability in the XOOPS uploader class in Xoops 2.0.17.1-RC1 and earlier allows remote attackers to upload arbitrary files via unspecified vectors related to improper upload configurat… NVD-CWE-noinfo
CVE-2007-5188 2011-03-8 12:00 2007-10-3 表示 GitHub Exploit DB Packet Storm
259459 6.8 MEDIUM
nagios plugins Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10, when running with the -f (follow) option, allows remote web servers to execute arbitrary code via Location heade… CWE-119
バッファエラー 		CVE-2007-5198 2011-03-8 12:00 2007-10-5 表示 GitHub Exploit DB Packet Storm
259460 5.0 MEDIUM
hp openvms Buffer overflow in NET$CSMACD.EXE in HP OpenVMS 8.3 and earlier allows local users to cause a denial of service (machine crash) via the "MCR MCL SHOW CSMA-CD Port * All" command, which overwrites a N… CWE-119
バッファエラー 		CVE-2007-5241 2011-03-8 12:00 2007-10-7 表示 GitHub Exploit DB Packet Storm
259461 4.3 MEDIUM
hp openvms Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) SYS$EI1000_MON.EXE in HP OpenVMS 8.3 and earlier allows remote attackers to cause a denial of service (machine crash) via an "oversize" packet,… NVD-CWE-Other
CVE-2007-5242 2011-03-8 12:00 2007-10-7 表示 GitHub Exploit DB Packet Storm
259462 6.9 MEDIUM
gnu tramp The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via… CWE-59
リンク解釈の問題 		CVE-2007-5377 2011-03-8 12:00 2007-10-12 表示 GitHub Exploit DB Packet Storm
259463 6.8 MEDIUM
david_hansson ruby_on_rails Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions." NVD-CWE-Other
CVE-2007-5380 2011-03-8 12:00 2007-10-20 表示 GitHub Exploit DB Packet Storm
259464 10.0 HIGH
hp select_identity Unspecified vulnerability in HP Select Identity 4.01 through 4.01.010 and 4.10 through 4.13.001 allows remote attackers to obtain unspecified access via unknown vectors. CWE-287
不適切な認証 		CVE-2007-5391 2011-03-8 12:00 2007-10-12 表示 GitHub Exploit DB Packet Storm
259465 9.0 HIGH
sitebar sitebar Directory traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to chmod arbitrary files to 0777 via ".." sequences in the lang paramet… CWE-22
パス・トラバーサル 		CVE-2007-5491 2011-03-8 12:00 2007-10-18 表示 GitHub Exploit DB Packet Storm
259466 9.0 HIGH
sitebar sitebar Refer to: http://sitebar.org/downloads.php and http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markup for patch information. CWE-22
パス・トラバーサル 		CVE-2007-5491 2011-03-8 12:00 2007-10-18 表示 GitHub Exploit DB Packet Storm
259467 4.3 MEDIUM
apple mac_os_x
mac_os_x_server 		Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari. CWE-362
競合状態 		CVE-2007-4696 2011-03-8 11:59 2007-11-15 表示 GitHub Exploit DB Packet Storm
259468 3.5 LOW
claroline claroline Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) dir parameter in admin/admin… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2007-4717 2011-03-8 11:59 2007-09-6 表示 GitHub Exploit DB Packet Storm
259469 5.1 MEDIUM
claroline claroline Directory traversal vulnerability in inc/lib/language.lib.php in Claroline before 1.8.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language paramet… CWE-22
パス・トラバーサル 		CVE-2007-4718 2011-03-8 11:59 2007-09-6 表示 GitHub Exploit DB Packet Storm
259470 10.0 HIGH
hitachi ucosminexus_application_server_enterprise
ucosminexus_application_server_standard
ucosminexus_service_platform 		Multiple buffer overflows in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service or execute arbitrary code v… CWE-119
バッファエラー 		CVE-2007-4758 2011-03-8 11:59 2007-09-8 表示 GitHub Exploit DB Packet Storm
259471 5.0 MEDIUM
hitachi ucosminexus_application_server_enterprise
ucosminexus_application_server_standard
ucosminexus_service_platform 		Multiple unspecified vulnerabilities in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service via unspecified … CWE-119
バッファエラー 		CVE-2007-4759 2011-03-8 11:59 2007-09-8 表示 GitHub Exploit DB Packet Storm
259472 7.2 HIGH
ibm aix Buffer overflow in xlplm in plm.server.rte in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors. CWE-119
バッファエラー 		CVE-2007-4793 2011-03-8 11:59 2007-09-11 表示 GitHub Exploit DB Packet Storm
259473 7.2 HIGH
ibm aix Buffer overflow in mkpath in bos.rte.methods in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long ODM name. CWE-119
バッファエラー 		CVE-2007-4795 2011-03-8 11:59 2007-09-11 表示 GitHub Exploit DB Packet Storm
259474 7.2 HIGH
ibm aix Buffer overflow in uucp in bos.net.uucp in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors. CWE-119
バッファエラー 		CVE-2007-4796 2011-03-8 11:59 2007-09-11 表示 GitHub Exploit DB Packet Storm
259475 7.2 HIGH
ibm aix Multiple buffer overflows in unspecified svprint (System V print) commands in bos.svprint.rte in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors. CWE-119
バッファエラー 		CVE-2007-4797 2011-03-8 11:59 2007-09-11 表示 GitHub Exploit DB Packet Storm
259476 4.9 MEDIUM
ibm aix The perfstat kernel extension in bos.perf.perfstat in AIX 5.3 does not verify privileges when processing a SET call, which allows local users to cause a denial of service (system hang or crash) via u… CWE-264
認可・権限・アクセス制御 		CVE-2007-4799 2011-03-8 11:59 2007-09-11 表示 GitHub Exploit DB Packet Storm
259477 2.1 LOW
hp system_management_homepage HP System Management Homepage (SMH) for Windows, when used in conjunction with HP Version Control Agent or Version Control Repository Manager, leaves old OpenSSL software active after an OpenSSL upda… NVD-CWE-Other
CVE-2007-4931 2011-03-8 11:59 2007-09-19 表示 GitHub Exploit DB Packet Storm
259478 6.8 MEDIUM
phpffl phpffl Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFL_FILE_ROOT parameter to (1) admin.php, (2) custom_pages.p… CWE-94
コード・インジェクション 		CVE-2007-4935 2011-03-8 11:59 2007-09-19 表示 GitHub Exploit DB Packet Storm
259479 9.3 HIGH
baofeng storm Multiple buffer overflows in a certain ActiveX control in sparser.dll in Baofeng Storm 2.8 and earlier allow remote attackers to execute arbitrary code via malformed input in an unknown set of argume… CWE-119
バッファエラー 		CVE-2007-4943 2011-03-8 11:59 2007-09-19 表示 GitHub Exploit DB Packet Storm
259480 7.5 HIGH
redhat certificate_server Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not properly handle new revocations that occur while a Certificate Revocation List (CRL) is being generated, which might prevent certa… CWE-255
証明書・パスワード管理 		CVE-2007-4994 2011-03-8 11:59 2007-11-7 表示 GitHub Exploit DB Packet Storm
259481 6.8 MEDIUM
gnome balsa Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command. CWE-119
バッファエラー 		CVE-2007-5007 2011-03-8 11:59 2007-12-13 表示 GitHub Exploit DB Packet Storm
259482 4.3 MEDIUM
icewarp merak_mail_server Cross-site scripting (XSS) vulnerability in the Webmail interface for IceWarp Merak Mail Server before 9.0.0 allows remote attackers to inject arbitrary JavaScript via a javascript: URI in an attribu… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2007-5046 2011-03-8 11:59 2007-09-24 表示 GitHub Exploit DB Packet Storm
259483 6.9 MEDIUM
ibm aix Buffer overflow in lpd in bos.rte.printers in AIX 5.2 and 5.3 allows local users with printq group privileges to gain root privileges. NVD-CWE-Other
CVE-2007-4236 2011-03-8 11:58 2007-08-9 表示 GitHub Exploit DB Packet Storm
259484 6.9 MEDIUM
ibm aix Buffer overflow in the atm subset in arp in devices.common.IBM.atm.rte in AIX 5.2 and 5.3 allows local users to gain root privileges. NVD-CWE-Other
CVE-2007-4237 2011-03-8 11:58 2007-08-9 表示 GitHub Exploit DB Packet Storm
259485 6.9 MEDIUM
ibm aix AIX 5.2 and 5.3 install pioinit with user and group ownership of bin, which allows local users with bin or possibly printq privileges to gain root privileges by modifying pioinit. NVD-CWE-Other
CVE-2007-4238 2011-03-8 11:58 2007-08-9 表示 GitHub Exploit DB Packet Storm
259486 2.1 LOW
ibm db2_universal_database Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a .. (dot dot) in an unspecified environment variable, whi… CWE-22
パス・トラバーサル 		CVE-2007-4271 2011-03-8 11:58 2007-08-19 表示 GitHub Exploit DB Packet Storm
259487 6.6 MEDIUM
trend_micro pc-cillin_internet_security_2007
scan_engine 		The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) fo… CWE-264
CWE-119
認可・権限・アクセス制御
バッファエラー 		CVE-2007-4277 2011-03-8 11:58 2007-10-31 表示 GitHub Exploit DB Packet Storm
259488 4.3 MEDIUM
knowledgetree open_source Cross-site scripting (XSS) vulnerability in KnowledgeTree Open Source 3.4 and 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the login field on the login page, and other uns… NVD-CWE-Other
CVE-2007-4281 2011-03-8 11:58 2007-08-10 表示 GitHub Exploit DB Packet Storm
259489 4.9 MEDIUM
sun solaris Unspecified vulnerability in the ata disk driver in Sun Solaris 10 on the x86 platform before 20070821 allows local users to cause a denial of service (system panic) via an unspecified ioctl function… NVD-CWE-Other
CVE-2007-4495 2011-03-8 11:58 2007-08-23 表示 GitHub Exploit DB Packet Storm
259490 4.3 MEDIUM
symantec_veritas storage_foundation The Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation 5.0 for Windows allows remote attackers to cause a denial of service (daemon crash or hang) via ma… CWE-20
不適切な入力確認 		CVE-2007-4516 2011-03-8 11:58 2008-02-22 表示 GitHub Exploit DB Packet Storm
259491 4.3 MEDIUM
university_of_minnesota mapserver Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine func… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2007-4542 2011-03-8 11:58 2007-08-28 表示 GitHub Exploit DB Packet Storm
259492 10.0 HIGH
realnetworks helix_dna_server Heap-based buffer overflow in the RTSP service in Helix DNA Server before 11.1.4 allows remote attackers to execute arbitrary code via an RSTP command containing multiple Require headers. CWE-119
CWE-20
バッファエラー
不適切な入力確認 		CVE-2007-4561 2011-03-8 11:58 2007-08-28 表示 GitHub Exploit DB Packet Storm
259493 6.4 MEDIUM
bharat_mediratta gallery Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the Web… NVD-CWE-noinfo
CWE-264
認可・権限・アクセス制御 		CVE-2007-4650 2011-03-8 11:58 2007-09-5 表示 GitHub Exploit DB Packet Storm
259494 5.0 MEDIUM
firebirdsql firebird Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other "file access," via unknown vectors, a… CWE-264
CWE-119
認可・権限・アクセス制御
バッファエラー 		CVE-2007-4668 2011-03-8 11:58 2007-09-5 表示 GitHub Exploit DB Packet Storm
259495 5.0 MEDIUM
asterisk asterisk
asterisk_appliance_developer_kit
asterisknow
s800i_appliance 		The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before… NVD-CWE-Other
CVE-2007-3763 2011-03-8 11:57 2007-07-19 表示 GitHub Exploit DB Packet Storm
259496 10.0 HIGH
hitachi cosminexus_application_server
cosminexus_client
cosminexus_developer
cosminexus_server
cosminexus_studio
ucosminexus_application_server
ucosminexus_client
ucosminexus_developer 		Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit for XML before 20070511, Developer's Kit for Java before 20070312, and third-party products that use this software, allows attacker… NVD-CWE-Other
CVE-2007-3794 2011-03-8 11:57 2007-07-16 表示 GitHub Exploit DB Packet Storm
259497 4.3 MEDIUM
gforge gforge Cross-site scripting (XSS) vulnerability in account/verify.php in GForge 4.6b2 allows remote attackers to inject arbitrary web script or HTML via the confirm_hash parameter. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2007-3918 2011-03-8 11:57 2007-10-6 表示 GitHub Exploit DB Packet Storm
259498 7.8 HIGH
ipswitch imail_server Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving an "overwritten destructor." NVD-CWE-Other
CVE-2007-3926 2011-03-8 11:57 2007-07-21 表示 GitHub Exploit DB Packet Storm
259499 5.0 MEDIUM
ipswitch imserver
ipswitch_collaboration_suite 		The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier in Ipswitch Instant Messaging before 2.07 in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of serv… NVD-CWE-Other
CVE-2007-3959 2011-03-8 11:57 2007-07-25 表示 GitHub Exploit DB Packet Storm
259500 9.3 HIGH
ibm websphere_application_server Multiple unspecified vulnerabilities in IBM WebSphere Application Server (WAS) before Fix Pack 21 (6.0.2.21) have unknown impact and attack vectors, aka (1) PK33799, or (2) a "Potential security expo… NVD-CWE-noinfo
CVE-2007-3960 2011-03-8 11:57 2007-07-25 表示 GitHub Exploit DB Packet Storm