NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年10月6日16:10

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
259651	4.3	MEDIUM	php	php	A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, whic…	NVD-CWE-Other	CVE-2007-1287	2011-03-8 11:51	2007-03-7	表示	GitHub Exploit DB Packet Storm

259652	10.0	HIGH	intel lenovo	pro_1000_lan_adapter thinkpad	Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors.	NVD-CWE-Other	CVE-2007-1307	2011-03-8 11:51	2007-03-7	表示	GitHub Exploit DB Packet Storm

259653	9.0	HIGH	novell	access_manager	Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt.	CWE-264 認可・権限・アクセス制御	CVE-2007-1309	2011-03-8 11:51	2007-03-7	表示	GitHub Exploit DB Packet Storm

259654	7.1	HIGH	phpmyadmin	phpmyadmin	The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a…	NVD-CWE-Other	CVE-2007-1325	2011-03-8 11:51	2007-03-8	表示	GitHub Exploit DB Packet Storm

259655	7.1	HIGH	phpmyadmin	phpmyadmin	This vulnerability is addressed in the following product update: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-3	NVD-CWE-Other	CVE-2007-1325	2011-03-8 11:51	2007-03-8	表示	GitHub Exploit DB Packet Storm

259656	6.6	MEDIUM	sun	sun_fire	Unspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 allows local users to gain privileges and reset or turn off the server.	NVD-CWE-Other	CVE-2007-1346	2011-03-8 11:51	2007-03-9	表示	GitHub Exploit DB Packet Storm

259657	7.8	HIGH	linux	linux_kernel	The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before 2.6.21, and possibly 2.4.x, allows remote attackers to cause a denial of service (crash) via an AppleTalk frame that is shorter t…	NVD-CWE-Other	CVE-2007-1357	2011-03-8 11:51	2007-04-11	表示	GitHub Exploit DB Packet Storm

259658	7.5	HIGH	grigoriadis	mini_web_server	Multiple buffer overflows in Nickolas Grigoriadis Mini Web server (MiniWebsvr) before 0.05 have unknown impact and attack vectors.	NVD-CWE-Other	CVE-2007-0525	2011-03-8 11:50	2007-01-26	表示	GitHub Exploit DB Packet Storm

259659	7.5	HIGH	vote_pro	vote_pro	Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the poll_id parameter, wh…	NVD-CWE-Other	CVE-2007-0535	2011-03-8 11:50	2007-01-26	表示	GitHub Exploit DB Packet Storm

259660	4.3	MEDIUM	cgi-rescue	webform	Cross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	NVD-CWE-Other	CVE-2007-0547	2011-03-8 11:50	2007-01-30	表示	GitHub Exploit DB Packet Storm

259661	6.8	MEDIUM	phproxy	phproxy	Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php in PHProxy before 0.5 beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) data[realm] and (2) _url pa…	NVD-CWE-Other	CVE-2007-0553	2011-03-8 11:50	2007-01-30	表示	GitHub Exploit DB Packet Storm

259662	4.0	MEDIUM	symantec	web_security	The license registering interface in Symantec Web Security (SWS) before 3.0.1.85 allows attackers to cause a denial of service (CPU consumption) by submitting a large file.	NVD-CWE-Other	CVE-2007-0564	2011-03-8 11:50	2007-01-31	表示	GitHub Exploit DB Packet Storm

259663	4.0	MEDIUM	symantec	web_security	This vulnerablity is addressed in the following product release: Symantec, Symantec Web Security, 3.0.1.85	NVD-CWE-Other	CVE-2007-0564	2011-03-8 11:50	2007-01-31	表示	GitHub Exploit DB Packet Storm

259664	4.3	MEDIUM	mpg123	mpg123	The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early.	NVD-CWE-Other	CVE-2007-0578	2011-03-8 11:50	2007-01-31	表示	GitHub Exploit DB Packet Storm

259665	6.8	MEDIUM	free_lan_intra_internet_portal	free_lan_intra_internet_portal	Multiple cross-site scripting (XSS) vulnerabilities in Free LAN In(tra\|ter)net Portal (FLIP) before 1.0-RC2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1…	NVD-CWE-Other	CVE-2007-0611	2011-03-8 11:50	2007-01-31	表示	GitHub Exploit DB Packet Storm

259666	9.3	HIGH	chmlib	chmlib	chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption.	NVD-CWE-Other	CVE-2007-0619	2011-03-8 11:50	2007-01-31	表示	GitHub Exploit DB Packet Storm

259667	9.3	HIGH	chmlib	chmlib	Update to version 0.39.	NVD-CWE-Other	CVE-2007-0619	2011-03-8 11:50	2007-01-31	表示	GitHub Exploit DB Packet Storm

259668	7.5	HIGH	x-dev	xnews	Multiple SQL injection vulnerabilities in the generate_csv function in classes/class.news.php in X-dev xNews 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (…	NVD-CWE-Other	CVE-2007-0630	2011-03-8 11:50	2007-02-1	表示	GitHub Exploit DB Packet Storm

259669	7.5	HIGH	asp_edge	asp_edge	SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via a username cookie, a different vector than CVE-2007-0560.	NVD-CWE-Other	CVE-2007-0632	2011-03-8 11:50	2007-02-1	表示	GitHub Exploit DB Packet Storm

259670	2.1	LOW	inotify	incron	Unspecified vulnerability in inotify before 0.3.5 has unknown impact and attack vectors, related to "access rights to watched files."	NVD-CWE-Other	CVE-2007-0636	2011-03-8 11:50	2007-02-1	表示	GitHub Exploit DB Packet Storm

259671	5.4	MEDIUM	intel	enterprise_southbridge_2_bmc enterprise_southbridge_bmc server_board_s5000pal server_board_s5000psl server_board_s5000vcl server_board_s5000vsa server_board_s5000xal server_board…	The IPMI configuration does not appear to be the cause, but an extra condition for when it's possible. This is the reason for medium access complexity.	NVD-CWE-Other	CVE-2007-0661	2011-03-8 11:50	2007-02-2	表示	GitHub Exploit DB Packet Storm

259672	5.4	MEDIUM	intel	enterprise_southbridge_2_bmc enterprise_southbridge_bmc server_board_s5000pal server_board_s5000psl server_board_s5000vcl server_board_s5000vsa server_board_s5000xal server_board…	Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), Intel Server Boards 5000XAL, S5000PAL, S5000PSL, S5000XVN, S5000VCL, S5000VSA, SC5400RA, and OEM Firmware for Intel Enterprise So…	NVD-CWE-Other	CVE-2007-0661	2011-03-8 11:50	2007-02-2	表示	GitHub Exploit DB Packet Storm

259673	7.5	HIGH	eclectic_designs	cascadianfaq	SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter, a different vector than CVE-…	NVD-CWE-Other	CVE-2007-0663	2011-03-8 11:50	2007-02-2	表示	GitHub Exploit DB Packet Storm

259674	7.5	HIGH	fenrir	portable_sleipnir sleipnir	Cross-zone scripting vulnerability in Sleipnir 2.49 and earlier, and Portable Sleipnir 2.45 and earlier, allows remote attackers to bypass Web content zone restrictions via certain script contained i…	NVD-CWE-Other	CVE-2007-0705	2011-03-8 11:50	2007-02-4	表示	GitHub Exploit DB Packet Storm

259675	7.5	HIGH	fenrir	darksky_rss_bar	Cross-zone scripting vulnerability in Darksky RSS bar for Internet Explorer before 1.29, RSS bar for Sleipnir before 1.29, and RSS bar for unDonut before 1.29 allows remote attackers to bypass Web co…	NVD-CWE-Other	CVE-2007-0706	2011-03-8 11:50	2007-02-4	表示	GitHub Exploit DB Packet Storm

259676	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via an image with a crafted ColorSync profile.	NVD-CWE-Other	CVE-2007-0719	2011-03-8 11:50	2007-03-14	表示	GitHub Exploit DB Packet Storm

259677	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	Unspecified vulnerability in diskimages-helper in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted compressed disk image tha…	NVD-CWE-Other	CVE-2007-0721	2011-03-8 11:50	2007-03-14	表示	GitHub Exploit DB Packet Storm

259678	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted AppleSingleEncoding disk image.	NVD-CWE-Other	CVE-2007-0722	2011-03-8 11:50	2007-03-14	表示	GitHub Exploit DB Packet Storm

259679	8.5	HIGH	apple	mac_os_x mac_os_x_server	Unspecified vulnerability in the authentication feature for DirectoryService (DS Plug-Ins) for Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote authenticated LDAP users to modify the root …	NVD-CWE-Other	CVE-2007-0723	2011-03-8 11:50	2007-03-14	表示	GitHub Exploit DB Packet Storm

259680	7.2	HIGH	apple	mac_os_x mac_os_x_server	Buffer overflow in the AirPortDriver module for AirPort in Apple Mac OS X 10.3.9 through 10.4.9, when running on hardware with the original AirPort wireless card, allows local users to execute arbitr…	NVD-CWE-Other	CVE-2007-0725	2011-03-8 11:50	2007-04-25	表示	GitHub Exploit DB Packet Storm

259681	7.2	HIGH	apple	mac_os_x mac_os_x_preview.app mac_os_x_server	Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment before executing commands, which allows local users to gain privileges by setting unsp…	CWE-264 認可・権限・アクセス制御	CVE-2007-0729	2011-03-8 11:50	2007-04-25	表示	GitHub Exploit DB Packet Storm

259682	7.2	HIGH	apple	mac_os_x mac_os_x_server	Unspecified vulnerability in the CoreServices daemon in CarbonCore in Apple Mac OS X 10.4 through 10.4.9 allows local users to gain privileges via unspecified vectors involving "obtaining a send righ…	NVD-CWE-Other	CVE-2007-0732	2011-03-8 11:50	2007-04-25	表示	GitHub Exploit DB Packet Storm

259683	7.2	HIGH	apple	mac_os_x mac_os_x_server	The vendor has addressed this issue through Mac OS software updates.	NVD-CWE-Other	CVE-2007-0732	2011-03-8 11:50	2007-04-25	表示	GitHub Exploit DB Packet Storm

259684	9.3	HIGH	apple	mac_os_x mac_os_x_server	Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspeci…	NVD-CWE-Other	CVE-2007-0735	2011-03-8 11:50	2007-04-25	表示	GitHub Exploit DB Packet Storm

259685	4.6	MEDIUM	apple	mac_os_x	The Login Window in Apple Mac OS X 10.3.9 through 10.4.9 does not properly check certain environment variables, which allows local users to gain privileges via unspecified vectors.	NVD-CWE-Other	CVE-2007-0737	2011-03-8 11:50	2007-04-25	表示	GitHub Exploit DB Packet Storm

259686	4.6	MEDIUM	apple	mac_os_x	The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not display the screen saver authentication dialog in certain circumstances when waking from sleep, even though the "require a password to …	NVD-CWE-Other	CVE-2007-0738	2011-03-8 11:50	2007-04-25	表示	GitHub Exploit DB Packet Storm

259687	4.6	MEDIUM	apple	mac_os_x	The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the software update window beneath the loginwindow authentication dialog in certain circumstances related to running scheduled tasks, w…	NVD-CWE-Other	CVE-2007-0739	2011-03-8 11:50	2007-04-25	表示	GitHub Exploit DB Packet Storm

259688	7.5	HIGH	apple	mac_os_x	Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 through 10.4.9, when Internet Sharing is enabled, allows remote attackers to execute arbitrary code via malformed RTSP packets.	NVD-CWE-Other	CVE-2007-0741	2011-03-8 11:50	2007-04-25	表示	GitHub Exploit DB Packet Storm

259689	7.8	HIGH	apple	mac_os_x	The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allows subdomain cookies to be accessed by the parent domain, which allows remote attackers to obtain sensitive information.	NVD-CWE-Other	CVE-2007-0742	2011-03-8 11:50	2007-04-25	表示	GitHub Exploit DB Packet Storm

259690	4.9	MEDIUM	apple	mac_os_x	URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username and password credentials for mounting filesystems on SMB servers as command line arguments to the mount_sub command, which may all…	NVD-CWE-Other	CVE-2007-0743	2011-03-8 11:50	2007-04-25	表示	GitHub Exploit DB Packet Storm

259691	7.2	HIGH	apple	mac_os_x mac_os_x_server	SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when executing commands, which allows local users to gain privileges by setting unspecified environment variables.	NVD-CWE-Other	CVE-2007-0744	2011-03-8 11:50	2007-04-25	表示	GitHub Exploit DB Packet Storm

259692	10.0	HIGH	apple	mac_os_x mac_os_x_server	Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an au…	NVD-CWE-Other	CVE-2007-0746	2011-03-8 11:50	2007-04-25	表示	GitHub Exploit DB Packet Storm

259693	10.0	HIGH	vbdrupal	vbdrupal	Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector related to Drupal is covered by CVE-2007-0626. These vulnerabilities …	NVD-CWE-Other	CVE-2007-0841	2011-03-8 11:50	2007-02-8	表示	GitHub Exploit DB Packet Storm

259694	6.4	MEDIUM	pam_ssh	pam_ssh	The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when the allow_blank_passphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryp…	NVD-CWE-Other	CVE-2007-0844	2011-03-8 11:50	2007-02-9	表示	GitHub Exploit DB Packet Storm

259695	7.5	HIGH	apache_stats	apache_stats	Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.	NVD-CWE-Other	CVE-2007-0930	2011-03-8 11:50	2007-02-14	表示	GitHub Exploit DB Packet Storm

259696	10.0	HIGH	phpmyadmin	phpmyadmin	Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.	NVD-CWE-Other	CVE-2007-0203	2011-03-8 11:49	2007-01-11	表示	GitHub Exploit DB Packet Storm

259697	6.8	MEDIUM	six_apart	movable_type	Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via …	NVD-CWE-Other	CVE-2007-0231	2011-03-8 11:49	2007-01-13	表示	GitHub Exploit DB Packet Storm

259698	5.0	MEDIUM	poptop	pptp_server	pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before 1.3.4 allows remote attackers to cause a denial of service (PPTP connection tear-down) via (1) GRE packets with out-of-order sequenc…	NVD-CWE-Other	CVE-2007-0244	2011-03-8 11:49	2007-05-11	表示	GitHub Exploit DB Packet Storm

259699	7.1	HIGH	apple	mac_os_x	Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a craf…	NVD-CWE-Other	CVE-2007-0299	2011-03-8 11:49	2007-01-17	表示	GitHub Exploit DB Packet Storm

259700	10.0	HIGH	pancake.org	zina	Multiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have unknown impact and attack vectors related to "Potential security bugs."	NVD-CWE-Other	CVE-2007-0303	2011-03-8 11:49	2007-01-18	表示	GitHub Exploit DB Packet Storm