NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2026年4月24日4:00

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
313701 5.0 MEDIUM
stalker communigate_pro Directory traversal vulnerability in CommuniGate Pro 4.0b4 and possibly earlier versions allows remote attackers to list the contents of the WebUser directory and its parent directory via a (1) .. (d… CWE-22
パス・トラバーサル 		CVE-2002-2375 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313702 4.3 MEDIUM
leung e-guest Cross-site scripting (XSS) vulnerability in E-Guest_sign.pl in E-Guest 1.1 allows remote attackers to inject arbitrary SSI directives, web script, and HTML via the (1) full name, (2) email, (3) homep… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2002-2376 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313703 4.3 MEDIUM
sephiroth32 zap_book Cross-site scripting (XSS) vulnerability in addentry.cgi in ZAP 1.0.3 allows remote attackers to inject arbitrary SSi directives, web script, and HTML via the entry field. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2002-2377 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313704 4.3 MEDIUM
nakata an_httpd Cross-site scripting (XSS) vulnerability in AN HTTP 1.41d allows remote attackers to inject arbitrary web script or HTML via a colon (:) in the query string, which is inserted into the resulting erro… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2002-2378 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313705 6.4 MEDIUM
microsoft network_firmware NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic. CWE-200
情報漏えい 		CVE-2002-2380 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313706 7.5 HIGH
ka-shu_wong gtetrinet Multiple buffer overflows in (1) tetrinet_inmessage, (2) speclist_add and (3) config-getthemeinfo of GTetrinet 0.4.3 and earlier allow remote attackers to casue a denial of service and possibly execu… CWE-119
バッファエラー 		CVE-2002-2381 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313707 7.2 HIGH
cvsup cvsup cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on /var/tmp/cvsupd.out. CWE-59
リンク解釈の問題 		CVE-2002-2382 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313708 3.6 LOW
hotfoon_corporation hotfoon hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in cleartext in the hotfoon2 registry key, which allows local users to gain access to user accounts and steal phone service. CWE-255
証明書・パスワード管理 		CVE-2002-2384 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313709 7.5 HIGH
hotfoon_corporation hotfoon Buffer overflow in hotfoon4.exe in Hotfoon 4.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL containing a long voice phone number. CWE-119
バッファエラー 		CVE-2002-2385 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313710 4.3 MEDIUM
xoops xoops Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote attackers to inject arbitrary web script or HTML via a javascript… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2002-2386 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313711 5.0 MEDIUM
mollensoft_software hyperion_ftp_server Directory traversal vulnerability in Hyperion FTP server 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the LS command. CWE-22
パス・トラバーサル 		CVE-2002-2387 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313712 5.0 MEDIUM
inweb mail_server Buffer overflow in INweb POP3 mail server 2.01 allows remote attackers to cause a denial of service (crash) via a long HELO command. CWE-119
バッファエラー 		CVE-2002-2388 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313713 5.0 MEDIUM
fastlink_software the_server TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log fil… CWE-255
証明書・パスワード管理 		CVE-2002-2389 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313714 10.0 HIGH
cerulean_studios trillian
trillian_pro 		Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725, 0.73, 0.74 and 1.0 pro allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a l… CWE-119
バッファエラー 		CVE-2002-2390 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313715 7.5 HIGH
webchat.org
xoops 		webchat
xoops 		SQL injection vulnerability in index.php of WebChat 1.5 included in XOOPS 1.0 allows remote attackers to execute arbitrary SQL commands via the roomid parameter. CWE-89
SQLインジェクション 		CVE-2002-2391 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313716 6.4 MEDIUM
nullsoft winamp Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedde… NVD-CWE-Other
CVE-2002-2392 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313717 5.0 MEDIUM
trend_micro interscan_viruswall InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 chunked transfer encoding. CWE-264
認可・権限・アクセス制御 		CVE-2002-2394 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313718 5.0 MEDIUM
trend_micro interscan_viruswall InterScan VirusWall 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 gzip content encoding. CWE-264
認可・権限・アクセス制御 		CVE-2002-2395 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313719 7.2 HIGH
remi_lefebvre advanced_tftp Buffer overflow in Advanced TFTP (atftp) 0.5 and 0.6, if installed setuid or setgid, may allow local users to execute arbitrary code via a long argument to the -g option. CWE-119
バッファエラー 		CVE-2002-2396 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313720 10.0 HIGH
symantec sygate_personal_firewall Sygate personal firewall 5.0 could allow remote attackers to bypass firewall filters via spoofed (1) source IP address of 127.0.0.1 or (2) network address of 127.0.0.0. CWE-287
不適切な認証 		CVE-2002-2397 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313721 5.0 MEDIUM
app apboard The new thread posting page in APBoard 2.02 and 2.03 allows remote attackers to post messages to protected forums by modifying the insertinto parameter. NVD-CWE-Other
CVE-2002-2398 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313722 6.4 MEDIUM
cascadesoft w3mail Directory traversal vulnerability in viewAttachment.cgi in W3Mail 1.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. CWE-22
パス・トラバーサル 		CVE-2002-2399 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313723 5.0 MEDIUM
key_focus kf_web_server Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via "...", "....", ".....", and other multiple dot sequen… CWE-22
パス・トラバーサル 		CVE-2002-2403 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313724 4.9 MEDIUM
checkpoint firewall-1 Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth configured to proxy HTTP traffic only, allows remote attackers to pass unauthorized HTTPS, FTP and possibly other traffic through th… CWE-264
認可・権限・アクセス制御 		CVE-2002-2405 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313725 5.0 MEDIUM
perception liteserve Buffer overflow in HTTP server in LiteServe 2.0, 2.0.1 and 2.0.2 allows remote attackers to cause a denial of service (hang) via a large number of percent characters (%) in an HTTP GET request. CWE-20
不適切な入力確認 		CVE-2002-2406 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313726 6.9 MEDIUM
qnx rtos Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2.0 set insecure permissions for the files (1) /sbin/io-audio by OS Update Patch A, (2) /bin/shutdown, (3) /sbin/fs-pkg, and (4) ph… CWE-264
認可・権限・アクセス制御 		CVE-2002-2407 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313727 7.5 HIGH
gordano ntmail Gordano Messaging Server (GMS) Mail 8 (a.k.a. NTMail) only filters email messages for the first recipient, which allows remote attackers to bypass JUCE filters by sending a message to more than one u… NVD-CWE-Other
CVE-2002-2408 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313728 3.5 LOW
qnx neutrino_rtos
photon_microgui 		Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name … CWE-200
情報漏えい 		CVE-2002-2409 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313729 5.0 MEDIUM
open_webmail open_webmail openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify v… CWE-200
情報漏えい 		CVE-2002-2410 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313730 2.1 LOW
nullsoft winamp Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts. CWE-255
証明書・パスワード管理 		CVE-2002-2412 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313731 5.0 MEDIUM
deerfield website_pro WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script source code for files with extensions greater than 3 characters via a URL request that uses the equivalent 8.3 file name. NVD-CWE-Other
CVE-2002-2413 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313732 6.8 MEDIUM
alliedtelesyn at-8024
rapier_24 		Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero (null) bytes sent via UDP to a runni… CWE-20
不適切な入力確認 		CVE-2002-2415 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313733 5.0 MEDIUM
zeroo http_server Directory traversal vulnerability in Zeroo web server 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL GET request. CWE-22
パス・トラバーサル 		CVE-2002-2416 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313734 10.0 HIGH
acftp acftp acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and po… CWE-287
不適切な認証 		CVE-2002-2417 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313735 4.3 MEDIUM
acfp_project acfreeproxy Cross-site scripting (XSS) vulnerability in acFreeProxy (aka acFP) 1.33 beta 7 allows remote attackers to inject arbitrary web script or HTML via the URL, which is inserted into an error page. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2002-2418 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313736 7.8 HIGH
dctc_project dctc Direct connect text client (DCTC) client 0.83.3 allows remote attackers to cause a denial of service (crash) via a string ending with a NULL byte character. CWE-189
数値処理の問題 		CVE-2002-2419 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313737 7.5 HIGH
independent_solution simple_site_searcher
super_site_searcher 		site_searcher.cgi in Super Site Searcher allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter. CWE-20
不適切な入力確認 		CVE-2002-2420 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313738 7.8 HIGH
andrey_cherezov acweb acWEB 1.14 allows remote attackers to cause a denial of service (crash) via an HTTP request for a MS-DOS device name such as COM2. CWE-20
不適切な入力確認 		CVE-2002-2421 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313739 4.3 MEDIUM
compaq insight_management_agent Cross-site scripting (XSS) vulnerability in Compaq Insight Management Agents 2.0, 2.1, 3.6.0, 4.2 and 4.3.7 allows remote attackers to inject arbitrary web script or HTML via a URL, which inserts the… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2002-2422 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313740 6.4 MEDIUM
sendmail sendmail Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 characters, which allows remote attackers to prevent the IP address from being logged via a long IDENT response. CWE-20
不適切な入力確認 		CVE-2002-2423 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313741 4.3 MEDIUM
ekilat_llc php\(reactor\) Cross-site scripting (XSS) vulnerability in PHP(Reactor) 1.2.7 pl1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the style attribute of an HTML tag. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2002-2424 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313742 10.0 HIGH
sun solaris_answerbook2 Sun AnswerBook2 1.2 through 1.4.2 allows remote attackers to execute administrative scripts such as (1) AdminViewError and (2) AdminAddadmin via a direct request. CWE-264
認可・権限・アクセス制御 		CVE-2002-2425 2008-09-6 05:33 2002-12-31 表示 GitHub Exploit DB Packet Storm
313743 2.1 LOW
linux linux_kernel ifconfig, when used on the Linux kernel 2.2 and later, does not report when the network interface is in promiscuous mode if it was put in promiscuous mode using PACKET_MR_PROMISC, which could allow a… NVD-CWE-Other
CVE-2002-1976 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
313744 2.1 LOW
pgp pgp Network Associates PGP 7.0.4 and 7.1 does not time out according to the value set in the "Passphrase Cache" option, which could allow attackers to open encrypted files without providing a passphrase. NVD-CWE-Other
CVE-2002-1977 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
313745 5.0 MEDIUM
microsoft sql_server Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify… NVD-CWE-Other
CVE-2002-1981 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
313746 5.0 MEDIUM
icecast icecast Directory traversal vulnerability in the list_directory function in Icecast 1.3.12 allows remote attackers to determine if a directory exists via a .. (dot dot) in the GET request, which returns diff… NVD-CWE-Other
CVE-2002-1982 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
313747 5.0 MEDIUM
incognito_software_inc ismtp_gateway iSMTP 5.0.1 allows remote attackers to cause a denial of service via a long "MAIL FROM" command, possibly triggering a buffer overflow. NVD-CWE-Other
CVE-2002-1985 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
313748 5.0 MEDIUM
perception liteserve Perception LiteServe 2.0 through 2.0.1 allows remote attackers to obtain the source code of CGI scripts via an HTTP request with a trailing dot ("."). NVD-CWE-Other
CVE-2002-1986 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
313749 5.0 MEDIUM
caucho_technology resin Directory traversal vulnerability in view_source.jsp in Resin 2.1.2 allows remote attackers to read arbitrary files via a "\.." (backslash dot dot). NVD-CWE-Other
CVE-2002-1987 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
313750 5.0 MEDIUM
caucho_technology resin Resin 2.1.1 allows remote attackers to cause a denial of service (memory consumption and hang) via a URL with long variables for non-existent resources. NVD-CWE-Other
CVE-2002-1988 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm