NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年10月6日20:10

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
259701	7.1	HIGH	apple	mac_os_x	Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a craf…	NVD-CWE-Other	CVE-2007-0299	2011-03-8 11:49	2007-01-17	表示	GitHub Exploit DB Packet Storm

259702	10.0	HIGH	pancake.org	zina	Multiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have unknown impact and attack vectors related to "Potential security bugs."	NVD-CWE-Other	CVE-2007-0303	2011-03-8 11:49	2007-01-18	表示	GitHub Exploit DB Packet Storm

259703	7.8	HIGH	apple	mac_os_x	The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of …	NVD-CWE-Other	CVE-2007-0318	2011-03-8 11:49	2007-01-18	表示	GitHub Exploit DB Packet Storm

259704	9.3	HIGH	trend_micro	client-server-messaging_security officescan_corporate_edition	Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control in OfficeScanSetupINI.dll, as used in OfficeScan 7.0 before Build 1344, OfficeScan 7.3 before Build…	CWE-119 バッファエラー	CVE-2007-0325	2011-03-8 11:49	2007-02-21	表示	GitHub Exploit DB Packet Storm

259705	9.3	HIGH	trend_micro	client-server-messaging_security officescan_corporate_edition	Successful exploitation requires that OfficeScan client was installed using web deployment.	CWE-119 バッファエラー	CVE-2007-0325	2011-03-8 11:49	2007-02-21	表示	GitHub Exploit DB Packet Storm

259706	9.3	HIGH	trend_micro	client-server-messaging_security officescan_corporate_edition	The vendor has issued a fix (7.0 Security Patch - Build 1344; 7.3 Security Patch - Build 1241).	CWE-119 バッファエラー	CVE-2007-0325	2011-03-8 11:49	2007-02-21	表示	GitHub Exploit DB Packet Storm

259707	7.5	HIGH	bea	weblogic_server	BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an untrusted X.509 certifica…	NVD-CWE-Other	CVE-2007-0408	2011-03-8 11:49	2007-01-23	表示	GitHub Exploit DB Packet Storm

259708	1.5	LOW	bea	weblogic_server	BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users…	NVD-CWE-Other	CVE-2007-0409	2011-03-8 11:49	2007-01-23	表示	GitHub Exploit DB Packet Storm

259709	6.8	MEDIUM	bea	weblogic_server	BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when WS-Security is used, does not properly validate certificates, which allows remote attackers to conduct a man-in-the-middle (MITM)…	NVD-CWE-Other	CVE-2007-0411	2011-03-8 11:49	2007-01-23	表示	GitHub Exploit DB Packet Storm

259710	4.4	MEDIUM	bea	weblogic_server	BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a backup of config.xml after offline editing, which allows local users to obtain sensitive information by reading this backup file.	NVD-CWE-Other	CVE-2007-0413	2011-03-8 11:49	2007-01-23	表示	GitHub Exploit DB Packet Storm

259711	5.0	MEDIUM	bea	weblogic_server	BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, and 9.0 allows remote attackers to cause a denial of service (server hang) via certain requests that cause muxer thr…	NVD-CWE-Other	CVE-2007-0414	2011-03-8 11:49	2007-01-23	表示	GitHub Exploit DB Packet Storm

259712	5.0	MEDIUM	bea	weblogic_server	BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce access control after a dynamic update and dynamic redeployment of an application that is implemented through exploded jars, which all…	NVD-CWE-Other	CVE-2007-0415	2011-03-8 11:49	2007-01-23	表示	GitHub Exploit DB Packet Storm

259713	7.5	HIGH	bea	weblogic_server	The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and 9.1 does not verify credentials when decrypting client messages, which allows remote attackers to bypass application security.	NVD-CWE-Other	CVE-2007-0416	2011-03-8 11:49	2007-01-23	表示	GitHub Exploit DB Packet Storm

259714	10.0	HIGH	bea	weblogic_server	BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows attackers to execute certain EJB container persistence opera…	NVD-CWE-Other	CVE-2007-0417	2011-03-8 11:49	2007-01-23	表示	GitHub Exploit DB Packet Storm

259715	7.5	HIGH	bea	weblogic_server	BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote…	NVD-CWE-Other	CVE-2007-0418	2011-03-8 11:49	2007-01-23	表示	GitHub Exploit DB Packet Storm

259716	5.0	MEDIUM	bea	weblogic_server	The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).	NVD-CWE-Other	CVE-2007-0419	2011-03-8 11:49	2007-01-23	表示	GitHub Exploit DB Packet Storm

259717	5.0	MEDIUM	bea	weblogic_server	BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to obtain sensitive information via malformed HTTP requests, which reveal data from previous requests.	NVD-CWE-Other	CVE-2007-0420	2011-03-8 11:49	2007-01-23	表示	GitHub Exploit DB Packet Storm

259718	5.0	MEDIUM	bea	weblogic_server	BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, allows remote attackers to cause a denial of service (server inaccessibility) via manipulated socket connections.	NVD-CWE-Other	CVE-2007-0422	2011-03-8 11:49	2007-01-23	表示	GitHub Exploit DB Packet Storm

259719	5.0	MEDIUM	bea	weblogic_server	Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for Netscape Enterprise Server before September 2006 for Netscape Enterprise Server allow remote attackers to cause a denial of serv…	NVD-CWE-Other	CVE-2007-0424	2011-03-8 11:49	2007-01-23	表示	GitHub Exploit DB Packet Storm

259720	7.5	HIGH	bea	jrockit weblogic_server	Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 through 8.1 SP5, and JRockit 1.4.2 R4.5 and earlier, allows attackers to gain privileges via unspecified vectors, related to an "over…	NVD-CWE-Other	CVE-2007-0425	2011-03-8 11:49	2007-01-23	表示	GitHub Exploit DB Packet Storm

259721	5.0	MEDIUM	apple	software_update	Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string spec…	NVD-CWE-Other	CVE-2007-0463	2011-03-8 11:49	2007-01-30	表示	GitHub Exploit DB Packet Storm

259722	10.0	HIGH	telestream	flip4mac_windows_media_components_for_quicktime	Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 allows remote attackers to execute arbitrary code via a crafted ASF_File_Properties_Object size field in a WMV file, which triggers…	NVD-CWE-Other	CVE-2007-0466	2011-03-8 11:49	2007-01-31	表示	GitHub Exploit DB Packet Storm

259723	3.7	LOW	smb4k	smb4k	Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_fil…	NVD-CWE-Other	CVE-2007-0472	2011-03-8 11:49	2007-02-4	表示	GitHub Exploit DB Packet Storm

259724	1.9	LOW	smb4k	smb4k	The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 does not preserve /etc/sudoers permissions across modifications, which allows local users to obtain sensitive information (/etc/su…	NVD-CWE-Other	CVE-2007-0473	2011-03-8 11:49	2007-02-4	表示	GitHub Exploit DB Packet Storm

259725	3.3	LOW	smb4k	smb4k	Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to kill arbitrary processes, related to a "design issue with smb4k_kill."	NVD-CWE-Other	CVE-2007-0474	2011-03-8 11:49	2007-02-4	表示	GitHub Exploit DB Packet Storm

259726	4.4	MEDIUM	smb4k	smb4k	Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to t…	NVD-CWE-Other	CVE-2007-0475	2011-03-8 11:49	2007-02-4	表示	GitHub Exploit DB Packet Storm

259727	4.6	MEDIUM	gentoo	linux	The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp secur…	NVD-CWE-Other	CVE-2007-0476	2011-03-8 11:49	2007-01-25	表示	GitHub Exploit DB Packet Storm

259728	6.8	MEDIUM	sky_gunning	myspeach	PHP remote file inclusion vulnerability in up.php in Sky GUNNING MySpeach 3.0.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter, a different v…	NVD-CWE-Other	CVE-2007-0491	2011-03-8 11:49	2007-01-25	表示	GitHub Exploit DB Packet Storm

259729	5.0	MEDIUM	hitachi	tpi_link tpi_server_base	Hitachi TP1/LiNK 05-00 through 05-03-/F, 03-04 through 03-06-/K, and 03-00 through 03-03-/H; and TP1/Server Base 05-00 through 05-00-/M, 03-01-E through 03-01-FD, 03-01 through 03-01-DB, and 05-03; a…	NVD-CWE-Other	CVE-2007-0512	2011-03-8 11:49	2007-01-26	表示	GitHub Exploit DB Packet Storm

259730	6.8	MEDIUM	hitachi	cosminexus_application_server cosminexus_application_server_version_5 cosminexus_developer_light_version_6 cosminexus_developer_professional_version_6 cosminexus_developer_standard_versio…	Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML …	NVD-CWE-Other	CVE-2007-0514	2011-03-8 11:49	2007-01-26	表示	GitHub Exploit DB Packet Storm

259731	6.8	MEDIUM	novell	access_manager_identity_server	Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server before 3.0.0-1013 allows remote attackers to inject arbitrary web script or HTML via the IssueInstan…	NVD-CWE-Other	CVE-2007-0110	2011-03-8 11:48	2007-01-9	表示	GitHub Exploit DB Packet Storm

259732	10.0	HIGH	apple	mac_os_x mac_os_x_server	DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /L…	NVD-CWE-Other	CVE-2007-0117	2011-03-8 11:48	2007-01-9	表示	GitHub Exploit DB Packet Storm

259733	7.5	HIGH	igeneric	ig_shop	Multiple SQL injection vulnerabilities in display_review.php in iGeneric iG Shop 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) user_login_cookie param…	NVD-CWE-Other	CVE-2007-0133	2011-03-8 11:48	2007-01-9	表示	GitHub Exploit DB Packet Storm

259734	7.5	HIGH	hp	openvms	Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, and the DECnet-Plus 7.3 feature in DECnet/OSI 7.3 for OpenVMS VAX, allows attackers to obtain "uninte…	NVD-CWE-Other	CVE-2007-0139	2011-03-8 11:48	2007-01-9	表示	GitHub Exploit DB Packet Storm

259735	5.0	MEDIUM	cisco	ip_contact_center_enterprise ip_contact_center_hosted unified_contact_center_enterprise unified_contact_center_hosted	The JTapi Gateway process in Cisco Unified Contact Center Enterprise, Unified Contact Center Hosted, IP Contact Center Enterprise, and Cisco IP Contact Center Hosted 5.0 through 7.1 allows remote att…	NVD-CWE-Other	CVE-2007-0198	2011-03-8 11:48	2007-01-11	表示	GitHub Exploit DB Packet Storm

259736	4.3	MEDIUM	ibm	websphere_application_server	IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remote attackers to obtain JSP source code and other sensitive information via certain "special URIs."	NVD-CWE-Other	CVE-2006-7165	2011-03-8 11:48	2007-03-20	表示	GitHub Exploit DB Packet Storm

259737	5.0	MEDIUM	ibm	websphere_application_server	IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remote attackers to obtain JSP source code and other sensitive information via "a specific JSP URL."	NVD-CWE-Other	CVE-2006-7166	2011-03-8 11:48	2007-03-20	表示	GitHub Exploit DB Packet Storm

259738	6.3	MEDIUM	hosting_controller	hosting_controller	Directory traversal vulnerability in FolderManager/FolderManager.aspx in Hosting Controller 7c allows remote authenticated users to read and modify arbitrary files, and list arbitrary directories via…	NVD-CWE-Other	CVE-2006-6814	2011-03-8 11:47	2006-12-29	表示	GitHub Exploit DB Packet Storm

259739	7.5	HIGH	mxmania	calendar_mx_basic	Calendar MX BASIC 1.0.2 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for cale…	NVD-CWE-Other	CVE-2006-6825	2011-03-8 11:47	2006-12-30	表示	GitHub Exploit DB Packet Storm

259740	7.5	HIGH	efkan_forum	efkan_forum	Multiple SQL injection vulnerabilities in Efkan Forum 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the grup parameter in admin.asp, or the id parameter in (2) defa…	NVD-CWE-Other	CVE-2006-6828	2011-03-8 11:47	2006-12-31	表示	GitHub Exploit DB Packet Storm

259741	7.8	HIGH	efkan_forum	efkan_forum	Efkan Forum 1.0 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum.mdb. …	NVD-CWE-Other	CVE-2006-6829	2011-03-8 11:47	2006-12-31	表示	GitHub Exploit DB Packet Storm

259742	4.3	MEDIUM	joomla	joomla	Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module ti…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2006-6832	2011-03-8 11:47	2006-12-31	表示	GitHub Exploit DB Packet Storm

259743	7.5	HIGH	joomla	joomla	com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors.	NVD-CWE-Other	CVE-2006-6833	2011-03-8 11:47	2006-12-31	表示	GitHub Exploit DB Packet Storm

259744	6.8	MEDIUM	joomla	joomla	Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unknown impact and attack vectors related to (1) "unneeded legacy functions" and (2) "Several low level security fixes."	NVD-CWE-Other	CVE-2006-6834	2011-03-8 11:47	2006-12-31	表示	GitHub Exploit DB Packet Storm

259745	6.0	MEDIUM	tdiary	tdiary	Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validati…	CWE-20 不適切な入力確認	CVE-2006-6852	2011-03-8 11:47	2006-12-31	表示	GitHub Exploit DB Packet Storm

259746	6.8	MEDIUM	miredo	miredo	Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo bubble during UDP hole punching with HMAC-MD5-64 hashing, which allows remote attackers to impersonate an arbitrary Teredo client.	NVD-CWE-Other	CVE-2006-6858	2011-03-8 11:47	2006-12-31	表示	GitHub Exploit DB Packet Storm

259747	5.0	MEDIUM	avahi	avahi	The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that poi…	NVD-CWE-Other	CVE-2006-6870	2011-03-8 11:47	2006-12-31	表示	GitHub Exploit DB Packet Storm

259748	5.0	MEDIUM	avahi	avahi	This vulnerability is addressed in the following product release: Avahi, Avahi, 0.6.16	NVD-CWE-Other	CVE-2006-6870	2011-03-8 11:47	2006-12-31	表示	GitHub Exploit DB Packet Storm

259749	6.8	MEDIUM	jonathon_freeman	ovbb	Cross-site scripting (XSS) vulnerability in the GetLocation function in online.php in Jonathon J. Freeman OvBB 0.13a allows remote attackers to inject arbitrary web script or HTML via the aRequest va…	NVD-CWE-Other	CVE-2006-6892	2011-03-8 11:47	2006-12-31	表示	GitHub Exploit DB Packet Storm

259750	7.5	HIGH	phpmyfaq	phpmyfaq	Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors.	NVD-CWE-Other	CVE-2006-6913	2011-03-8 11:47	2006-12-31	表示	GitHub Exploit DB Packet Storm