NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2024年11月7日5:21

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
270151 6.2 MEDIUM
chetcpasswd chetcpasswd Buffer overflow in Pedro Lineu Orso chetcpasswd before 1.12, when configured for access from 0.0.0.0, allows local users to gain privileges via unspecified vectors. NVD-CWE-Other
CVE-2002-2220 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270152 6.2 MEDIUM
chetcpasswd chetcpasswd Untrusted search path vulnerability in Pedro Lineu Orso chetcpasswd 2.4.1 and earlier allows local users to gain privileges via a modified PATH that references a malicious cp binary. NOTE: this issu… NVD-CWE-Other
CVE-2002-2221 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270153 5.1 MEDIUM
safenet softremote_vpn_client SafeNet VPN client allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly involving buffer overflo… NVD-CWE-Other
CVE-2002-2225 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270154 6.4 MEDIUM
mailscanner mailscanner MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers to bypass protection via attachments with a filename with (1) extra leading spaces, (2) extra trailing spaces, or (3) alternate c… CWE-20
不適切な入力確認 		CVE-2002-2228 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270155 5.0 MEDIUM
sapio_design_ltd webreflex Directory traversal vulnerability in Sapio Design Ltd. WebReflex 1.53 allows remote attackers to read arbitrary files via a .. in an HTTP request. CWE-22
パス・トラバーサル 		CVE-2002-2229 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270156 8.5 HIGH
mollensoft_software enceladus_server_suite Buffer overflow in Enceladus Server Suite 3.9 allows remote attackers to execute arbitrary code via a long CD (CWD) command. CWE-119
バッファエラー 		CVE-2002-2232 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270157 4.3 MEDIUM
netscreen screenos NetScreen ScreenOS before 4.0.1 allows remote attackers to bypass the Malicious-URL blocking feature by splitting the URL into fragmented IP requests. CWE-16
環境設定 		CVE-2002-2234 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270158 5.0 MEDIUM
jelsoft vbulletin member2.php in vBulletin 2.2.9 and earlier does not properly restrict the $perpage variable to be an integer, which causes an error message to be reflected back to the user without quoting, which fac… CWE-189
数値処理の問題 		CVE-2002-2235 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270159 10.0 HIGH
apt-www-proxy apt-www-proxy Format string vulnerability in the awp_log function in apt-www-proxy 0.1 allows remote attackers to execute arbitrary code. CWE-20
不適切な入力確認 		CVE-2002-2236 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270160 5.0 MEDIUM
netbsd ftpd ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a digit in response to a STAT command for a filename that contains a carriage return followed by a digit, which can cause firewalls an… CWE-189
数値処理の問題 		CVE-2002-2245 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270161 10.0 HIGH
hp secure_web_server_for_tru64 Unspecified vulnerability in Internet Group Management Protocol (IGMP) of HP Tru64 4.0F through 5.1A allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: this might… NVD-CWE-noinfo
CVE-2002-2264 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270162 10.0 HIGH
hp secure_web_server_for_tru64 More Information: http://www.securityfocus.com/bid/6175/info NVD-CWE-noinfo
CVE-2002-2264 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270163 5.0 MEDIUM
pyramid benhur_software_update The default configuration of BenHur Firewall release 3 update 066 fix 2 allows remote attackers to access arbitrary services by connecting from source port 20. NVD-CWE-Other
CVE-2002-2307 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270164 5.0 MEDIUM
netscape communicator Netscape Communicator 6.2.1 allows remote attackers to cause a denial of service in client browsers via a webpage containing a recursive META refresh tag where the content tag is blank and the URL ta… NVD-CWE-Other
CVE-2002-2308 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270165 7.8 HIGH
php php php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments. CWE-399
リソース管理の問題 		CVE-2002-2309 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270166 5.0 MEDIUM
kryptronic clickcartpro ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and pa… CWE-255
証明書・パスワード管理 		CVE-2002-2310 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270167 5.8 MEDIUM
opera_software opera Opera 6.0.1 allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a web… NVD-CWE-Other
CVE-2002-2312 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270168 8.8 HIGH
qualcomm eudora Eudora email client 5.1.1, with "use Microsoft viewer" enabled, allows remote attackers to execute arbitrary programs via an HTML email message containing a META refresh tag that references an embedd… NVD-CWE-Other
CVE-2002-2313 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270169 5.0 MEDIUM
mozilla mozilla Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail. CWE-20
不適切な入力確認 		CVE-2002-2314 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270170 7.8 HIGH
cisco ios Cisco IOS 11.2.x and 12.0.x does not limit the size of its redirect table, which allows remote attackers to cause a denial of service (memory consumption) via spoofed ICMP redirect packets to the rou… NVD-CWE-Other
CVE-2002-2315 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270171 5.0 MEDIUM
cisco catos Cisco Catalyst 4000 series switches running CatOS 5.5.5, 6.3.5, and 7.1.2 do not always learn MAC addresses from a single initial packet, which causes unicast traffic to be broadcast across the switc… NVD-CWE-Other
CVE-2002-2316 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270172 7.8 HIGH
symantec velociraptor Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociRaptor 1.0 allows remote attackers to cause a denial of service (memory consumption) via an unknown method. NVD-CWE-noinfo
CWE-200
情報漏えい 		CVE-2002-2317 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270173 4.3 MEDIUM
blueface falcon_web_server Cross-site scripting (XSS) vulnerability in Falcon web server 2.0.0.1009 through 2.0.0.1021 allows remote attackers to inject arbitrary web script or HTML via the URI, which is inserted into 301 erro… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2002-2318 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270174 7.5 HIGH
mysimplenews mysimplenews Static code injection vulnerability in users.php in MySimpleNews allows remote attackers to inject arbitrary PHP code and HTML via the (1) LOGIN, (2) DATA, and (3) MESS parameters, which are inserted… CWE-94
コード・インジェクション 		CVE-2002-2319 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270175 7.8 HIGH
mysimplenews mysimplenews MySimpleNews 1.0 allows remote attackers to delete arbitrary email messages via a direct request to vider.php3. CWE-264
認可・権限・アクセス制御 		CVE-2002-2320 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270176 4.3 MEDIUM
phplinkat phplinkat Cross-site scripting (XSS) vulnerability in (1) showcat.php and (2) addyoursite.php in phpLinkat 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the catid parameter. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2002-2321 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270177 5.0 MEDIUM
ultimate_php_board ultimate_php_board Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords. CWE-20
不適切な入力確認 		CVE-2002-2322 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270178 7.2 HIGH
microsoft windows_xp The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) p… CWE-264
認可・権限・アクセス制御 		CVE-2002-2324 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270179 7.8 HIGH
university_of_washington pine The c-client library in Internet Message Access Protocol (IMAP) dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service (client crash) via a MIM… CWE-20
不適切な入力確認 		CVE-2002-2325 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270180 5.0 MEDIUM
apple mac_os_x The default configuration of Mail.app in Mac OS X 10.0 through 10.0.4 and 10.1 through 10.1.5 sends iDisk authentication credentials in cleartext when connecting to Mac.com, which could allow remote … CWE-310
暗号の問題 		CVE-2002-2326 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270181 7.8 HIGH
mirabilis icq ICQ client 2001b, 2002a and 2002b allows remote attackers to cause a denial of service (CPU consumption or crash) via a message with a large number of emoticons. CWE-20
不適切な入力確認 		CVE-2002-2329 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270182 5.8 MEDIUM
cascadesoft w3mail W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in the attachments directory does not properly restrict the types of files that can be uploaded as attachments, which allows remote… CWE-16
環境設定 		CVE-2002-2331 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270183 5.0 MEDIUM
opera_software opera_web_browser Buffer overflow in Opera 6.01 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes. CWE-119
バッファエラー 		CVE-2002-2332 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270184 5.0 MEDIUM
kde kde Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes. CWE-119
バッファエラー 		CVE-2002-2333 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270185 3.6 LOW
joseph_allen joe Joe text editor 2.8 through 2.9.7 does not remove the group and user setuid bits for backup files, which could allow local users to execute arbitrary setuid and setgid root programs when root edits s… CWE-264
認可・権限・アクセス制御 		CVE-2002-2334 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270186 5.0 MEDIUM
john_drake killer_protection Killer Protection 1.0 stores the vars.inc include file under the web root with insufficient access control, which allows remote attackers to obtain user names and passwords and log in using protectio… CWE-16
環境設定 		CVE-2002-2335 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270187 4.3 MEDIUM
symantec norton_personal_firewall Norton Personal Firewall 2002 4.0, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets. CWE-16
環境設定 		CVE-2002-2336 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270188 5.0 MEDIUM
kaspersky_lab kaspersky_anti-hacker Kaspersky Anti-Hacker 1.0, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets. NVD-CWE-Other
CVE-2002-2337 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270189 5.0 MEDIUM
mozilla
netscape 		mozilla
communicator
navigator 		The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) … CWE-20
不適切な入力確認 		CVE-2002-2338 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270190 4.3 MEDIUM
script_shed ssgbook Cross-site scripting (XSS) vulnerability in configure.asp in Script-Shed GuestBook 1.0 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in (1) image, (2) img, (3) … CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2002-2339 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270191 4.3 MEDIUM
sonicwall soho3 Cross-site scripting (XSS) vulnerability in content blocking in SonicWALL SOHO3 6.3.0.0 allows remote attackers to inject arbitrary web script or HTML via a blocked URL. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2002-2341 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270192 4.3 MEDIUM
nocc nocc Cross-site scripting (XSS) vulnerability in NOCC 0.9 through 0.9.5 allows remote attackers to inject arbitrary web script or HTML via email messages. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2002-2343 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270193 5.0 MEDIUM
ensim webppliance Ensim WEBppliance 3.0 and 3.1 allows remote attackers to read mail intended for other users by defining an alias that is the target's email address. CWE-264
認可・権限・アクセス制御 		CVE-2002-2344 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270194 7.5 HIGH
oracle application_server Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access. CWE-255
証明書・パスワード管理 		CVE-2002-2345 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270195 5.0 MEDIUM
phpbb phpbb phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses. CWE-200
情報漏えい 		CVE-2002-2346 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270196 4.3 MEDIUM
oracle application_server Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2002-2347 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270197 4.3 MEDIUM
authoria authoria Cross-site scripting (XSS) vulnerability in athcgi.exe in Authoria HR allows remote attackers to inject arbitrary web script or HTML via the command parameter. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2002-2348 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270198 5.0 MEDIUM
phpbb phpbbmod phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information. CWE-200
情報漏えい 		CVE-2002-2349 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270199 4.3 MEDIUM
phpoutsourcing zorum Cross-site scripting (XSS) vulnerability in z_user_show.php in dbtreelistproperty_method.php in Zorum 2.4 allows remote attackers to inject arbitrary web script or HTML via the class parameter. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2002-2350 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
270200 6.4 MEDIUM
qualcomm eudora Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." (dot). CWE-22
パス・トラバーサル 		CVE-2002-2351 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm