NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年10月6日20:10

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
259751	5.0	MEDIUM	ibm	aix	Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote attackers to obtain sensitive information, including passwords, via unspecified vectors.	NVD-CWE-Other	CVE-2006-6914	2011-03-8 11:47	2006-12-31	表示	GitHub Exploit DB Packet Storm

259752	4.0	MEDIUM	ibm	aix	ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to cause a denial of service (port exhaustion) via unspecified vectors. NOTE: some details were obtained from third party sources.	NVD-CWE-Other	CVE-2006-6915	2011-03-8 11:47	2006-12-31	表示	GitHub Exploit DB Packet Storm

259753	7.5	HIGH	deadlock_user_management_system	deadlock_user_management_system	SQL injection vulnerability in Deadlock User Management System (phpdeadlock) 0.64 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.	NVD-CWE-Other	CVE-2006-6922	2011-03-8 11:47	2007-01-13	表示	GitHub Exploit DB Packet Storm

259754	7.5	HIGH	bitweaver	bitweaver	SQL injection vulnerability in newsletters/edition.php in bitweaver 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the tk parameter.	NVD-CWE-Other	CVE-2006-6923	2011-03-8 11:47	2007-01-13	表示	GitHub Exploit DB Packet Storm

259755	10.0	HIGH	owa	owa	Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP to OWA (pop2owa) 1.1.3 allows remote attackers to execute arbitrary code via a long header in an e-mail message.	NVD-CWE-Other	CVE-2006-6940	2011-03-8 11:47	2007-01-17	表示	GitHub Exploit DB Packet Storm

259756	7.5	HIGH	phpmyadmin	phpmyadmin	phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers.	NVD-CWE-Other	CVE-2006-6944	2011-03-8 11:47	2007-01-19	表示	GitHub Exploit DB Packet Storm

259757	5.0	MEDIUM	myweb4net	myweb4net_browser	Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on t…	NVD-CWE-Other	CVE-2006-6983	2011-03-8 11:47	2007-02-9	表示	GitHub Exploit DB Packet Storm

259758	5.0	MEDIUM	more_quick_tools	greenbrowser	Cross-domain vulnerability in GreenBrowser 3.4.0622 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the a…	NVD-CWE-Other	CVE-2006-6984	2011-03-8 11:47	2007-02-9	表示	GitHub Exploit DB Packet Storm

259759	5.0	MEDIUM	maxthon	maxthon	Cross-domain vulnerability in Maxthon 1.5.6 build 42 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the …	NVD-CWE-Other	CVE-2006-6985	2011-03-8 11:47	2007-02-9	表示	GitHub Exploit DB Packet Storm

259760	7.8	HIGH	phaseout	phaseout	Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker…	NVD-CWE-Other	CVE-2006-6986	2011-03-8 11:47	2007-02-9	表示	GitHub Exploit DB Packet Storm

259761	7.8	HIGH	softinform	finebrowser	Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on …	NVD-CWE-Other	CVE-2006-6987	2011-03-8 11:47	2007-02-9	表示	GitHub Exploit DB Packet Storm

259762	7.8	HIGH	flashpeak	slim_browser	Cross-domain vulnerability in Slim Browser 4.07 build 100 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on…	NVD-CWE-Other	CVE-2006-6988	2011-03-8 11:47	2007-02-9	表示	GitHub Exploit DB Packet Storm

259763	7.8	HIGH	netcaptor	netcaptor	Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a li…	NVD-CWE-Other	CVE-2006-6989	2011-03-8 11:47	2007-02-9	表示	GitHub Exploit DB Packet Storm

259764	7.8	HIGH	advanced_search_technologies_inc.	enigma_browser	Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the at…	NVD-CWE-Other	CVE-2006-6990	2011-03-8 11:47	2007-02-9	表示	GitHub Exploit DB Packet Storm

259765	7.8	HIGH	fast_browser	fast_browser	Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the at…	NVD-CWE-Other	CVE-2006-6991	2011-03-8 11:47	2007-02-9	表示	GitHub Exploit DB Packet Storm

259766	7.8	HIGH	gosurf_browser	gosurf_browser	Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the att…	NVD-CWE-Other	CVE-2006-6992	2011-03-8 11:47	2007-02-9	表示	GitHub Exploit DB Packet Storm

259767	7.5	HIGH	dev	neuron_blog	Multiple SQL injection vulnerabilities in pages/addcomment2.php in Neuron Blog 1.1 allow remote attackers to inject arbitrary SQL commands via the (1) commentname, (2) commentmail, (3) commentwebsite…	NVD-CWE-Other	CVE-2006-6993	2011-03-8 11:47	2007-02-12	表示	GitHub Exploit DB Packet Storm

259768	7.5	HIGH	cmpro_team	clan_manager_pro	PHP remote file inclusion vulnerability in Clan Manager Pro (CMPRO) 1.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the (1) rootpath and possibly (2) sitepath par…	NVD-CWE-Other	CVE-2006-7045	2011-03-8 11:47	2007-02-24	表示	GitHub Exploit DB Packet Storm

259769	7.5	HIGH	sphider	sphider	SQL injection vulnerability in search.php in Sphider before 1.3.1c allows remote attackers to execute arbitrary SQL commands via the category parameter. NOTE: the provenance of this information is u…	NVD-CWE-Other	CVE-2006-7057	2011-03-8 11:47	2007-02-24	表示	GitHub Exploit DB Packet Storm

259770	4.3	MEDIUM	sphider	sphider	Multiple cross-site scripting (XSS) vulnerabilities in Sphider before 1.3.1c allow remote attackers to inject arbitrary web script or HTML via the catid parameter to (1) templates/standard/search_for…	NVD-CWE-Other	CVE-2006-7058	2011-03-8 11:47	2007-02-24	表示	GitHub Exploit DB Packet Storm

259771	5.0	MEDIUM	xerox	workcentre	Unspecified vulnerability in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify signatures of e-mail message…	NVD-CWE-Other	CVE-2006-6431	2011-03-8 11:46	2006-12-10	表示	GitHub Exploit DB Packet Storm

259772	5.0	MEDIUM	xerox	workcentre	Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 does not record accurate timestamps, which makes it easier for remote attackers to a…	NVD-CWE-Other	CVE-2006-6433	2011-03-8 11:46	2006-12-10	表示	GitHub Exploit DB Packet Storm

259773	10.0	HIGH	novell	client	Buffer overflow in the Novell Distributed Print Services (NDPS) Print Provider for Windows component (NDPPNT.DLL) in Novell Client 4.91 has unknown impact and remote attack vectors.	NVD-CWE-Other	CVE-2006-6443	2011-03-8 11:46	2006-12-11	表示	GitHub Exploit DB Packet Storm

259774	7.8	HIGH	trend_micro	officescan pc_cillin_-_internet_security_2006 serverprotect	The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows rem…	NVD-CWE-Other	CVE-2006-6458	2011-03-8 11:46	2006-12-12	表示	GitHub Exploit DB Packet Storm

259775	6.8	MEDIUM	wikyblog	wikyblog	Multiple cross-site scripting (XSS) vulnerabilities in WBmap.php in WikyBlog 1.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) key, (2) d, (3) l, or (4) v pa…	NVD-CWE-Other	CVE-2006-6466	2011-03-8 11:46	2006-12-12	表示	GitHub Exploit DB Packet Storm

259776	5.0	MEDIUM	clam_anti-virus	clamav	Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a diff…	NVD-CWE-Other	CVE-2006-6481	2011-03-8 11:46	2006-12-12	表示	GitHub Exploit DB Packet Storm

259777	5.0	MEDIUM	sisco	ax-s4_iccp ax-s4_mms iccp_toolkit iso_stack mms-ease	The SISCO OSI stack, as used in SISCO MMS-EASE, ICCP Toolkit for MMS-EASE, AX-S4 MMS and AX-S4 ICCP, and possibly other control system applications, allows remote attackers to cause a denial of servi…	NVD-CWE-Other	CVE-2006-6489	2011-03-8 11:46	2007-01-18	表示	GitHub Exploit DB Packet Storm

259778	5.1	MEDIUM	openldap	openldap	Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in OpenLDAP 2.4.3 and earlier, when OpenLDAP is compiled with the --enable-kbind (Kerberos KBIND) option, allows remote att…	NVD-CWE-Other	CVE-2006-6493	2011-03-8 11:46	2006-12-13	表示	GitHub Exploit DB Packet Storm

259779	5.1	MEDIUM	openldap	openldap	Successful exploitation requires that OpenLDAP allows the use of the LDAPv2 protocol, and is compiled with the --enable-kbind (Kerberos KBIND) option which has been disabled by default since version …	NVD-CWE-Other	CVE-2006-6493	2011-03-8 11:46	2006-12-13	表示	GitHub Exploit DB Packet Storm

259780	4.3	MEDIUM	mozilla	firefox	The "Feed Preview" feature in Mozilla Firefox 2.0 before 2.0.0.1 sends the URL of the feed when requesting favicon.ico icons, which results in a privacy leak that might allow feed viewing services to…	NVD-CWE-Other	CVE-2006-6506	2011-03-8 11:46	2006-12-20	表示	GitHub Exploit DB Packet Storm

259781	4.3	MEDIUM	mozilla	firefox	Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass Cross-Site Scripting (XSS) protection via vectors related to a Function.prototype regression error.	NVD-CWE-Other	CVE-2006-6507	2011-03-8 11:46	2006-12-20	表示	GitHub Exploit DB Packet Storm

259782	7.5	HIGH	gizzar	gizzar	PHP remote file inclusion vulnerability in guest.php in Gizzar 03162002 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter. NOTE: the provenance of…	NVD-CWE-Other	CVE-2006-6527	2011-03-8 11:46	2006-12-14	表示	GitHub Exploit DB Packet Storm

259783	7.5	HIGH	drupal	chatroom_module	The Chatroom Module before 4.7.x.-1.0 for Drupal broadcasts Chatroom visitors' session IDs to all participants, which allows remote attackers to hijack sessions and gain privileges.	NVD-CWE-Other	CVE-2006-6528	2011-03-8 11:46	2006-12-14	表示	GitHub Exploit DB Packet Storm

259784	6.8	MEDIUM	cm68_news	cm68_news	Cross-site scripting (XSS) vulnerability in CM68 News allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the…	NVD-CWE-Other	CVE-2006-6544	2011-03-8 11:46	2006-12-14	表示	GitHub Exploit DB Packet Storm

259785	7.5	HIGH	scriptmate	user_manager	Multiple SQL injection vulnerabilities in ScriptMate User Manager 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via "Manage Resources" and possibly other unspecified compon…	NVD-CWE-Other	CVE-2006-6595	2011-03-8 11:46	2006-12-16	表示	GitHub Exploit DB Packet Storm

259786	9.3	HIGH	yahoo	messenger	Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some…	NVD-CWE-Other	CVE-2006-6603	2011-03-8 11:46	2006-12-16	表示	GitHub Exploit DB Packet Storm

259787	7.5	HIGH	webwork	program_generation_language	lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers …	NVD-CWE-Other	CVE-2006-6629	2011-03-8 11:46	2006-12-18	表示	GitHub Exploit DB Packet Storm

259788	7.5	HIGH	webwork	program_generation_language	This vulnerability is addressed in the following product release: WeBWorK, Program Generation Language, 2.3.1	NVD-CWE-Other	CVE-2006-6629	2011-03-8 11:46	2006-12-18	表示	GitHub Exploit DB Packet Storm

259789	6.8	MEDIUM	drupal	drupal_project drupal_project_issue_tracking	Multiple cross-site scripting (XSS) vulnerabilities in Drupal (1) Project Issue Tracking 4.7.x-1.0 and 4.7.x-2.0, and (2) Project 4.6.x-1.0, 4.7.x-1.0, and 4.7.x-2.0 allow remote attackers to inject …	NVD-CWE-Other	CVE-2006-6646	2011-03-8 11:46	2006-12-20	表示	GitHub Exploit DB Packet Storm

259790	6.8	MEDIUM	drupal	drupal_mysite	Cross-site scripting (XSS) vulnerability in the MySite 4.7.x before 4.7.x-3.3 and 5.x before 5.x-1.3 module for Drupal allows remote attackers to inject arbitrary web script or HTML via the Title fie…	NVD-CWE-Other	CVE-2006-6647	2011-03-8 11:46	2006-12-20	表示	GitHub Exploit DB Packet Storm

259791	6.8	MEDIUM	intel	2200bg_proset_wireless	Race condition in W29N51.SYS in the Intel 2200BG wireless driver 9.0.3.9 allows remote attackers to cause memory corruption and execute arbitrary code via a series of crafted beacon frames. NOTE: so…	NVD-CWE-Other	CVE-2006-6651	2011-03-8 11:46	2006-12-20	表示	GitHub Exploit DB Packet Storm

259792	4.3	MEDIUM	kde	libkhtml	The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibl…	NVD-CWE-Other	CVE-2006-6660	2011-03-8 11:46	2006-12-21	表示	GitHub Exploit DB Packet Storm

259793	5.0	MEDIUM	marathon_aleph_one	marathon_aleph_one	The server component in Marathon Aleph One before 0.17.1 and 2006-12-17 allows remote attackers to cause a denial of service (application crash) via unspecified vectors related to "gathering net game…	NVD-CWE-Other	CVE-2006-6663	2011-03-8 11:46	2006-12-21	表示	GitHub Exploit DB Packet Storm

259794	5.0	MEDIUM	marathon_aleph_one	marathon_aleph_one	Format string vulnerability in Marathon Aleph One before 0.17.1 and 2006-12-17 might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via format strin…	NVD-CWE-Other	CVE-2006-6664	2011-03-8 11:46	2006-12-21	表示	GitHub Exploit DB Packet Storm

259795	7.5	HIGH	verliadmin	verliadmin	Multiple SQL injection vulnerabilities in VerliAdmin 0.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) nick_mod or (2) nick parameter to (a) repass.php or (b) verif…	NVD-CWE-Other	CVE-2006-6667	2011-03-8 11:46	2006-12-21	表示	GitHub Exploit DB Packet Storm

259796	6.8	MEDIUM	verliadmin	verliadmin	Cross-site scripting (XSS) vulnerability in VerliAdmin 0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this informatio…	NVD-CWE-Other	CVE-2006-6668	2011-03-8 11:46	2006-12-21	表示	GitHub Exploit DB Packet Storm

259797	10.0	HIGH	nortel	callpilot_server	Unspecified vulnerability in Nortel CallPilot 4.x Server has unknown impact and attack vectors, aka P-2006-0011-GLOBAL.	NVD-CWE-Other	CVE-2006-6670	2011-03-8 11:46	2006-12-21	表示	GitHub Exploit DB Packet Storm

259798	7.5	HIGH	maxiasp	burak_yilmaz_download_portal	Multiple SQL injection vulnerabilities in Burak Yylmaz Download Portal allow remote attackers to execute arbitrary SQL commands via the (1) kid or possibly (2) id parameter to (a) HABERLER.ASP and (b…	NVD-CWE-Other	CVE-2006-6672	2011-03-8 11:46	2006-12-21	表示	GitHub Exploit DB Packet Storm

259799	7.5	HIGH	netrik	netrik	The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands …	NVD-CWE-Other	CVE-2006-6678	2011-03-8 11:46	2006-12-21	表示	GitHub Exploit DB Packet Storm

259800	6.8	MEDIUM	carsen_klock	textsend	Multiple cross-site scripting (XSS) vulnerabilities in index.php in Carsen Klock TextSend 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) error or (2) success parameter.…	NVD-CWE-Other	CVE-2006-6695	2011-03-8 11:46	2006-12-22	表示	GitHub Exploit DB Packet Storm