NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年4月25日4:08

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
313101	6.4	MEDIUM	microsoft	internet_information_server	IIS newdsn.exe CGI script allows remote users to overwrite files.	NVD-CWE-Other	CVE-1999-0191	2008-09-9 21:33	1997-09-1	表示	GitHub Exploit DB Packet Storm

313102	5.0	MEDIUM	webgais_development_team	webgais	websendmail in Webgais 1.0 allows a remote user to access arbitrary files and execute arbitrary code via the receiver parameter ($VAR_receiver variable).	NVD-CWE-Other	CVE-1999-0196	2008-09-9 21:33	1997-07-8	表示	GitHub Exploit DB Packet Storm

313103	7.5	HIGH	google	google_apps	The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a r…	NVD-CWE-noinfo CWE-287 不適切な認証	CVE-2008-3891	2008-09-6 06:44	2008-09-3	表示	GitHub Exploit DB Packet Storm

313104	2.1	LOW	suspend2	software_suspend_2	Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local u…	CWE-200 情報漏えい	CVE-2008-3901	2008-09-6 06:44	2008-09-3	表示	GitHub Exploit DB Packet Storm

313105	7.5	HIGH	speedbit	download_accelerator_plus	SpeedBit Download Accelerator Plus (DAP) before 8.6.3.9 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse upd…	CWE-94 コード・インジェクション	CVE-2008-3433	2008-09-6 06:43	2008-08-1	表示	GitHub Exploit DB Packet Storm

313106	7.5	HIGH	linkedin	browser_toolbar	LinkedIn Browser Toolbar 3.0.3.1100 and earlier does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as …	CWE-94 コード・インジェクション	CVE-2008-3435	2008-09-6 06:43	2008-08-1	表示	GitHub Exploit DB Packet Storm

313107	7.5	HIGH	notepad\+\+	notepad\+\+	The GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse up…	CWE-94 コード・インジェクション	CVE-2008-3436	2008-09-6 06:43	2008-08-1	表示	GitHub Exploit DB Packet Storm

313108	7.5	HIGH	openoffice	openoffice.org	OpenOffice.org (OOo) before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated b…	CWE-94 コード・インジェクション	CVE-2008-3437	2008-09-6 06:43	2008-08-1	表示	GitHub Exploit DB Packet Storm

313109	7.5	HIGH	speedbit	speedbit_video_accelerator	SpeedBit Video Acceleration before 2.2.1.8 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demon…	CWE-94 コード・インジェクション	CVE-2008-3439	2008-09-6 06:43	2008-08-1	表示	GitHub Exploit DB Packet Storm

313110	7.5	HIGH	winzip	winzip	WinZip before 11.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and…	CWE-94 コード・インジェクション	CVE-2008-3442	2008-09-6 06:43	2008-08-1	表示	GitHub Exploit DB Packet Storm

313111	7.5	HIGH	egi_zaberl	e.z._poll	Multiple SQL injection vulnerabilities in admin/login.asp in E. Z. Poll 2 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters. NOTE: the provena…	CWE-89 SQLインジェクション	CVE-2008-3590	2008-09-6 06:43	2008-08-12	表示	GitHub Exploit DB Packet Storm

313112	5.0	MEDIUM	acronis	true_image_echo_server	Acronis True Image Echo Server 9.x build 8072 on Linux does not properly encrypt backups to an FTP server, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this…	CWE-310 暗号の問題	CVE-2008-3671	2008-09-6 06:43	2008-08-14	表示	GitHub Exploit DB Packet Storm

313113	7.5	HIGH	yourfreeworld	stylish_text_ads_script	SQL injection vulnerability in trl.php in YourFreeWorld Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter.	CWE-89 SQLインジェクション	CVE-2008-3754	2008-09-6 06:43	2008-08-22	表示	GitHub Exploit DB Packet Storm

313114	4.3	MEDIUM	wordpress	wordpress	Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN development versions only, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-3233	2008-09-6 06:42	2008-07-19	表示	GitHub Exploit DB Packet Storm

313115	10.0	HIGH	jamroom	jamroom	Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have unknown impact and attack vectors.	NVD-CWE-noinfo CWE-264 認可・権限・アクセス制御	CVE-2008-3376	2008-09-6 06:42	2008-07-31	表示	GitHub Exploit DB Packet Storm

313116	4.3	MEDIUM	opendocman	opendocman	Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-2788	2008-09-6 06:41	2008-06-20	表示	GitHub Exploit DB Packet Storm

313117	6.8	MEDIUM	exerocms	exero_cms	Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to (1) custompa…	CWE-22 パス・トラバーサル	CVE-2008-2840	2008-09-6 06:41	2008-06-25	表示	GitHub Exploit DB Packet Storm

313118	6.8	MEDIUM	webchamado	webchamado	SQL injection vulnerability in index.php in WebChamado 1.1 allows remote attackers to execute arbitrary SQL commands via the eml parameter. NOTE: the provenance of this information is unknown; the d…	CWE-89 SQLインジェクション	CVE-2008-2858	2008-09-6 06:41	2008-06-25	表示	GitHub Exploit DB Packet Storm

313119	4.3	MEDIUM	flicks_software	authentix	Cross-site scripting (XSS) vulnerability in editUser.asp in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-1174	2008-09-6 06:37	2008-03-6	表示	GitHub Exploit DB Packet Storm

313120	4.3	MEDIUM	flicks_software	authentix	Cross-site scripting (XSS) vulnerability in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter to aspAdmin/deleteUser.asp, a different vec…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-1175	2008-09-6 06:37	2008-03-6	表示	GitHub Exploit DB Packet Storm

313121	9.3	HIGH	microsoft	access jet	Unspecified vulnerability in Microsoft Access allows remote user-assisted attackers to execute arbitrary code via a crafted .MDB file, possibly related to Jet Engine (msjet40.dll). NOTE: this is pro…	NVD-CWE-noinfo	CVE-2008-1200	2008-09-6 06:37	2008-03-7	表示	GitHub Exploit DB Packet Storm

313122	7.5	HIGH	lagarde	storefront	SQL injection vulnerability in SearchResults.aspx in LaGarde StoreFront 6 before SP8 allows remote attackers to execute arbitrary SQL commands via the CategoryId parameter. NOTE: the provenance of t…	CWE-89 SQLインジェクション	CVE-2008-1341	2008-09-6 06:37	2008-03-18	表示	GitHub Exploit DB Packet Storm

313123	4.3	MEDIUM	polymita_technologies	bpm_suite collageportal	Multiple cross-site scripting (XSS) vulnerabilities in the search feature in Polymita BPM-Suite and CollagePortal allow remote attackers to inject arbitrary web script or HTML via the (1) _q and (2) …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-1342	2008-09-6 06:37	2008-03-18	表示	GitHub Exploit DB Packet Storm

313124	4.3	MEDIUM	manageengine	supportcenter_plus	Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, a r…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-1432	2008-09-6 06:37	2008-03-21	表示	GitHub Exploit DB Packet Storm

313125	3.6	LOW	paul_pelzl	wyrd	wyrd 1.4.3b allows local users to overwrite arbitrary files via a symlink attack on the wyrd-tmp.[USERID] temporary file.	CWE-59 リンク解釈の問題	CVE-2008-0806	2008-09-6 06:36	2008-02-19	表示	GitHub Exploit DB Packet Storm

313126	4.3	MEDIUM	ikiwiki	ikiwiki	Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-0808	2008-09-6 06:36	2008-02-19	表示	GitHub Exploit DB Packet Storm

313127	4.3	MEDIUM	ikiwiki	ikiwiki	Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-0809	2008-09-6 06:36	2008-02-19	表示	GitHub Exploit DB Packet Storm

313128	10.0	HIGH	caroline	caroline	Unspecified vulnerability in the php2phps function in Claroline before 1.8.9 has unknown impact and attack vectors.	NVD-CWE-noinfo	CVE-2008-0824	2008-09-6 06:36	2008-02-20	表示	GitHub Exploit DB Packet Storm

313129	7.5	HIGH	joomla mambo	com_profile	SQL injection vulnerability in index.php in the com_profile component for Joomla! allows remote attackers to execute arbitrary SQL commands via the oid parameter.	CWE-89 SQLインジェクション	CVE-2008-0846	2008-09-6 06:36	2008-02-21	表示	GitHub Exploit DB Packet Storm

313130	4.3	MEDIUM	schoolwires	academic_portal	Cross-site scripting (XSS) vulnerability in browse.asp in Schoolwires Academic Portal allows remote attackers to inject arbitrary web script or HTML via the c parameter. NOTE: the provenance of this…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-0909	2008-09-6 06:36	2008-02-23	表示	GitHub Exploit DB Packet Storm

313131	4.3	MEDIUM	invision_power_services	invision_power_board	Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via crafted BBCodes in an unspecified context.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-0913	2008-09-6 06:36	2008-02-23	表示	GitHub Exploit DB Packet Storm

313132	4.3	MEDIUM	tor_world	com_vote i-navigator interactive_bbs mobile_frontier quotes_of_the_day simple_bbs simple_vote tor_board tor_news tor_search	Cross-site scripting (XSS) vulnerability in Tor World Tor Search 1.1 and earlier, I-Navigator 4.0, Mobile Frontier 2.1 and earlier, Diary.cgi (aka Quotes of the Day) 1.5 and earlier, Tor News 1.21 an…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-0917	2008-09-6 06:36	2008-02-23	表示	GitHub Exploit DB Packet Storm

313133	7.2	HIGH	freshmeat	xwine	w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file. NOTE: some of these details are obtain…	CWE-59 リンク解釈の問題	CVE-2008-0930	2008-09-6 06:36	2008-03-4	表示	GitHub Exploit DB Packet Storm

313134	6.3	MEDIUM	xwine	xwine	w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modify…	CWE-264 認可・権限・アクセス制御	CVE-2008-0931	2008-09-6 06:36	2008-03-4	表示	GitHub Exploit DB Packet Storm

313135	7.5	HIGH	xoops	prayer_list_module	SQL injection vulnerability in index.php in the Prayer List (prayerlist) 1.04 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.	CWE-89 SQLインジェクション	CVE-2008-0936	2008-09-6 06:36	2008-02-26	表示	GitHub Exploit DB Packet Storm

313136	6.8	MEDIUM	tinyevent xoops	tinyevent tiny_event_module	SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a differ…	CWE-89 SQLインジェクション	CVE-2008-0937	2008-09-6 06:36	2008-02-26	表示	GitHub Exploit DB Packet Storm

313137	4.3	MEDIUM	webgui	webgui	Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.4.24 allows remote attackers to inject arbitrary web script or HTML when creating a username, a different vulnerability than CV…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-0940	2008-09-6 06:36	2008-02-26	表示	GitHub Exploit DB Packet Storm

313138	4.3	MEDIUM	matts_whois	matts_whois	Cross-site scripting (XSS) vulnerability in mwhois.php in Matt Wilson Matt's Whois (MWhois) allows remote attackers to inject arbitrary web script or HTML via the domain parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-1041	2008-09-6 06:36	2008-02-28	表示	GitHub Exploit DB Packet Storm

313139	5.0	MEDIUM	intervideo	windvd_media_center	InterVideo IMC Server (aka IMCSvr.exe) and InterVideo Home Theater (aka IHT.exe) in InterVideo WinDVD Media Center 2.11.15.0 allow remote attackers to cause a denial of service (NULL dereference and …	CWE-20 不適切な入力確認	CVE-2008-1062	2008-09-6 06:36	2008-02-29	表示	GitHub Exploit DB Packet Storm

313140	7.5	HIGH	xoops	xm_memberstats	Multiple SQL injection vulnerabilities in index.php in the XM-Memberstats (xmmemberstats) 2.0e module for XOOPS allow remote attackers to execute arbitrary SQL commands via the (1) letter or (2) sort…	CWE-89 SQLインジェクション	CVE-2008-1065	2008-09-6 06:36	2008-02-29	表示	GitHub Exploit DB Packet Storm

313141	4.3	MEDIUM	maianscriptworld	maian_cart	Cross-site scripting (XSS) vulnerability in index.php in Maian Cart 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search command. NOTE: the prove…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-1075	2008-09-6 06:36	2008-02-29	表示	GitHub Exploit DB Packet Storm

313142	7.8	HIGH	vocera_communications	vocera_communications_badge	Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed…	CWE-200 情報漏えい	CVE-2008-1113	2008-09-6 06:36	2008-03-4	表示	GitHub Exploit DB Packet Storm

313143	3.5	LOW	drupal	drupal	Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-1131	2008-09-6 06:36	2008-03-4	表示	GitHub Exploit DB Packet Storm

313144	4.7	MEDIUM	net_activity_viewer	net_activity_viewer	Untrusted search path vulnerability in src/mainwindow.c in Net Activity Viewer 0.2.1 allows local users with Net Activity Viewer privileges to execute arbitrary code via a malicious gksu program, whi…	CWE-264 認可・権限・アクセス制御	CVE-2008-1132	2008-09-6 06:36	2008-03-4	表示	GitHub Exploit DB Packet Storm

313145	7.5	HIGH	small_axe_solutions	weblog	PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the ffile parameter, a different vector than CV…	CWE-94 コード・インジェクション	CVE-2008-0442	2008-09-6 06:35	2008-01-25	表示	GitHub Exploit DB Packet Storm

313146	4.3	MEDIUM	endian	firewall	Cross-site scripting (XSS) vulnerability in vpnum/userslist.php in Endian Firewall 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the psearch parameter. NOTE: the provenanc…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-0494	2008-09-6 06:35	2008-01-31	表示	GitHub Exploit DB Packet Storm

313147	4.3	MEDIUM	trixbox	trixbox	Multiple cross-site scripting (XSS) vulnerabilities in trixbox 2.4.2.0 allow remote attackers to inject arbitrary web script or HTML via the query string to index.php in (1) user/ or (2) maint/.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-0540	2008-09-6 06:35	2008-02-2	表示	GitHub Exploit DB Packet Storm

313148	4.3	MEDIUM	uniwin	ecart_professional	Cross-site scripting (XSS) vulnerability in Uniwin eCart Professional before 2.0.16 allows remote attackers to inject arbitrary web script or HTML via the rp parameter to cartView.asp and unspecified…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-0558	2008-09-6 06:35	2008-02-5	表示	GitHub Exploit DB Packet Storm

313149	4.3	MEDIUM	liferay	liferay_enterprise_portal	Cross-site request forgery (CSRF) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to perform unspecified actions as unspecified authenticated u…	CWE-352 同一生成元ポリシー違反	CVE-2008-0563	2008-09-6 06:35	2008-02-5	表示	GitHub Exploit DB Packet Storm

313150	6.8	MEDIUM	xlight_ftp_server	xlight_ftp_server	The LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended ac…	CWE-255 証明書・パスワード管理	CVE-2008-0604	2008-09-6 06:35	2008-02-6	表示	GitHub Exploit DB Packet Storm