NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月14日4:12

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
349751	6.4	MEDIUM	apple	mac_os_x mac_os_x_server	Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through 10.4.5 allows context-dependent attackers to execute arbitrary code by causing an application that uses LibSystem to request a large a…	NVD-CWE-Other	CVE-2005-3706	2017-07-11 10:33	2005-12-31	表示	GitHub Exploit DB Packet Storm

349752	7.5	HIGH	apple	quicktime	Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files.	NVD-CWE-Other	CVE-2005-3707	2017-07-11 10:33	2005-12-31	表示	GitHub Exploit DB Packet Storm

349753	7.5	HIGH	apple	quicktime	Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files.	NVD-CWE-Other	CVE-2005-3708	2017-07-11 10:33	2005-12-31	表示	GitHub Exploit DB Packet Storm

349754	7.5	HIGH	apple	quicktime	Integer underflow in Apple Quicktime before 7.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Color Map Entry Size in a TGA image file.	CWE-189 数値処理の問題	CVE-2005-3709	2017-07-11 10:33	2005-12-31	表示	GitHub Exploit DB Packet Storm

349755	6.5	MEDIUM	apple	mac_os_x mac_os_x_server	Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 allows remote authenticated users to execute arbitrary code via long extended attributes.	CWE-119 バッファエラー	CVE-2005-3712	2017-07-11 10:33	2005-12-31	表示	GitHub Exploit DB Packet Storm

349756	6.4	MEDIUM	zyxel	p2000w_version_1_voip_wifi_phone prestige_2000w_v.1voip_wi-fi_phone	Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undoc…	CWE-200 情報漏えい	CVE-2005-3724	2017-07-11 10:33	2005-11-21	表示	GitHub Exploit DB Packet Storm

349757	7.5	HIGH	apboard	apboard	SQL injection vulnerability in thread.php in APBoard allows remote attackers to execute arbitrary SQL commands via the start parameter.	NVD-CWE-Other	CVE-2005-3746	2017-07-11 10:33	2005-11-22	表示	GitHub Exploit DB Packet Storm

349758	7.2	HIGH	ibm	aix	Unspecified "absolute path vulnerabilities" in the diagela command (diagela.sh) in IBM AIX 5.2 and 5.3 have unknown impact and attack vectors.	NVD-CWE-noinfo	CVE-2005-3749	2017-07-11 10:33	2005-11-22	表示	GitHub Exploit DB Packet Storm

349759	7.5	HIGH	exponent	exponent	SQL injection vulnerability in the navigation module (navigationmodule) in Exponent CMS 0.96.3 and later versions allows remote attackers to execute arbitrary SQL commands via the parent parameter.	NVD-CWE-Other	CVE-2005-3762	2017-07-11 10:33	2005-11-23	表示	GitHub Exploit DB Packet Storm

349760	5.0	MEDIUM	exponent	exponent	Exponent CMS 0.96.3 and later versions does not properly restrict the types of uploaded files, which allows remote attackers to upload and execute PHP files.	NVD-CWE-Other	CVE-2005-3767	2017-07-11 10:33	2005-11-23	表示	GitHub Exploit DB Packet Storm

349761	7.5	HIGH	joomla	joomla	Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow remote attackers to execute arbitrary SQL commands via the (1) Itemid variable in the Polls modules and (2) multiple unspecified m…	NVD-CWE-Other	CVE-2005-3772	2017-07-11 10:33	2005-11-23	表示	GitHub Exploit DB Packet Storm

349762	7.5	HIGH	alstrasoft	affiliate_network_pro	Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to bypass authentication and execute arbitrary SQL commands via the (1) username or (2) password …	NVD-CWE-Other	CVE-2005-3793	2017-07-11 10:33	2005-11-24	表示	GitHub Exploit DB Packet Storm

349763	5.0	MEDIUM	alstrasoft	affiliate_network_pro	AlstraSoft Affiliate Network Pro 7.2 allows remote attackers to obtain sensitive information via a direct request to scripts such as (1) togateway.php and (2) other unspecified scripts.	NVD-CWE-Other	CVE-2005-3794	2017-07-11 10:33	2005-11-24	表示	GitHub Exploit DB Packet Storm

349764	4.3	MEDIUM	alstrasoft	affiliate_network_pro	Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to inject arbitrary web script or HTML via (1) the Err parameter in admin/index.php …	NVD-CWE-Other	CVE-2005-3795	2017-07-11 10:33	2005-11-24	表示	GitHub Exploit DB Packet Storm

349765	7.5	HIGH	alstrasoft	affiliate_network_pro	Direct static code injection vulnerability in admin_options_manage.php in AlstraSoft Affiliate Network Pro 7.2 allows attackers to execute arbitrary PHP code via the number parameter. NOTE: it is no…	NVD-CWE-Other	CVE-2005-3796	2017-07-11 10:33	2005-11-24	表示	GitHub Exploit DB Packet Storm

349766	7.5	HIGH	alstrasoft	template_seller	PHP remote file inclusion vulnerability in payment_paypal.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary PHP code via the config[basepath] parameter.	NVD-CWE-Other	CVE-2005-3797	2017-07-11 10:33	2005-11-24	表示	GitHub Exploit DB Packet Storm

349767	7.5	HIGH	alstrasoft	template_seller	SQL injection vulnerability in admin/index.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary SQL commands via the username field.	NVD-CWE-Other	CVE-2005-3798	2017-07-11 10:33	2005-11-24	表示	GitHub Exploit DB Packet Storm

349768	5.0	MEDIUM	-	-	Macromedia Contribute Publishing Server (CPS) before 1.11 uses a weak algorithm to encrypt user password in connection keys that use shared FTP login credentials, which allows attackers to obtain sen…	NVD-CWE-Other	CVE-2005-3800	2017-07-11 10:33	2005-11-24	表示	GitHub Exploit DB Packet Storm

349769	6.4	MEDIUM	cisco	7920_wireless_ip_phone	Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support a VxWorks debugger, which allows remote attackers to obtain sensitive information and cause a denial of service.	NVD-CWE-Other	CVE-2005-3804	2017-07-11 10:33	2005-11-24	表示	GitHub Exploit DB Packet Storm

349770	5.0	MEDIUM	amax_information_technologies	magic_winmail_server	Directory traversal vulnerability in admin/main.php in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to overwrite arbitrary files with session information via the sid…	NVD-CWE-Other	CVE-2005-3811	2017-07-11 10:33	2005-11-26	表示	GitHub Exploit DB Packet Storm

349771	7.5	HIGH	softbiz	web_hosting_directory_script	Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2…	CWE-89 SQLインジェクション	CVE-2005-3817	2017-07-11 10:33	2005-11-26	表示	GitHub Exploit DB Packet Storm

349772	7.5	HIGH	nicecoder	idesk	SQL injection vulnerability in faq.php in Nicecoder iDesk 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.	NVD-CWE-Other	CVE-2005-3843	2017-07-11 10:33	2005-11-27	表示	GitHub Exploit DB Packet Storm

349773	7.5	HIGH	ezinvoiceinc	ez_invoice_inc	SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 allows remote attackers to execute arbitrary SQL commands via the i parameter. NOTE: the vendor has stated "EZ Invoice, Inc has a pa…	CWE-89 SQLインジェクション	CVE-2005-3845	2017-07-11 10:33	2005-11-27	表示	GitHub Exploit DB Packet Storm

349774	7.5	HIGH	fscripts	fantastic_news	SQL injection vulnerability in news.php in Fantastic News 2.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter.	NVD-CWE-Other	CVE-2005-3846	2017-07-11 10:33	2005-11-27	表示	GitHub Exploit DB Packet Storm

349775	7.5	HIGH	unalz	unalz	Buffer overflow in unalz before 0.53 allows remote attackers to execute arbitrary code via long file names in ALZ archives.	NVD-CWE-Other	CVE-2005-3862	2017-07-11 10:33	2005-11-29	表示	GitHub Exploit DB Packet Storm

349776	7.5	HIGH	dillo	dillo_web_browser	Format string vulnerability in the a_Interface_msg function in Dillo before 0.8.3-r4 allows remote attackers to execute arbitrary code via format string specifiers in a web page.	NVD-CWE-Other	CVE-2005-0012	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349777	7.5	HIGH	crosswire_bible_society	sword	diatheke.pl in Sword 1.5.7a allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.	NVD-CWE-Other	CVE-2005-0015	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349778	7.2	HIGH	gatos	gatos	Buffer overflow in the exported_display function in xatitv in gatos before 0.0.5 allows local users to execute arbitrary code.	NVD-CWE-Other	CVE-2005-0016	2017-07-11 10:32	2005-04-14	表示	GitHub Exploit DB Packet Storm

349779	4.6	MEDIUM	yongguang_zhang	hztty	Unknown vulnerability in hztty 2.0 and earlier allows local users to execute arbitrary commands.	NVD-CWE-Other	CVE-2005-0019	2017-07-11 10:32	2005-04-27	表示	GitHub Exploit DB Packet Storm

349780	7.2	HIGH	playmidi mandrakesoft	playmidi mandrake_linux mandrake_linux_corporate_server	Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code.	NVD-CWE-Other	CVE-2005-0020	2017-07-11 10:32	2005-04-14	表示	GitHub Exploit DB Packet Storm

349781	2.1	LOW	gnome	libvte4 libzvt2	gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed.	NVD-CWE-Other	CVE-2005-0023	2017-07-11 10:32	2005-10-6	表示	GitHub Exploit DB Packet Storm

349782	5.0	MEDIUM	isc	bind	Buffer overflow in the code for recursion and glue fetching in BIND 8.4.4 and 8.4.5 allows remote attackers to cause a denial of service (crash) via queries that trigger the overflow in the q_usedns …	NVD-CWE-Other	CVE-2005-0033	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349783	4.3	MEDIUM	isc	bind	An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers to cause a denial of service (named server exit) via crafted DNS packe…	NVD-CWE-Other	CVE-2005-0034	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349784	7.5	HIGH	apple	itunes	Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL in (1) .m3u or (2) .pls playlist files.	NVD-CWE-Other	CVE-2005-0043	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349785	5.0	MEDIUM	vdr	vdr	vdr before 1.2.6 does not securely create files, which allows attackers to overwrite arbitrary files.	NVD-CWE-Other	CVE-2005-0071	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349786	2.1	LOW	ejoy_and_hu_yong	zhcon	zhcon before 0.2 does not drop privileges before reading a user configuration file, which allows local users to read arbitrary files.	NVD-CWE-Other	CVE-2005-0072	2017-07-11 10:32	2005-01-24	表示	GitHub Exploit DB Packet Storm

349787	7.2	HIGH	debian	debian_linux	Multiple buffer overflows in the XView library 3.2 may allow local users to execute arbitrary code via setuid applications that use the library.	NVD-CWE-Other	CVE-2005-0076	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349788	4.6	MEDIUM	xtrlock	xtrlock	Buffer overflow in xtrlock 2.0 allows local users to cause a denial of service (application crash) and hijack the desktop session.	NVD-CWE-Other	CVE-2005-0079	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349789	5.0	MEDIUM	mysql	maxdb	MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and other platforms, allows remote attackers to cause a denial of service (application crash) via invalid parameters to the (1) DBMCli_St…	NVD-CWE-Other	CVE-2005-0083	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349790	7.5	HIGH	newspost	newspost	Buffer overflow in the socket_getline function in Newspost 2.1.1 and earlier allows remote malicious NNTP servers to execute arbitrary code via a long string without a newline character.	NVD-CWE-Other	CVE-2005-0101	2017-07-11 10:32	2005-02-1	表示	GitHub Exploit DB Packet Storm

349791	5.0	MEDIUM	apache	mod_auth_radius	Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which le…	NVD-CWE-Other	CVE-2005-0108	2017-07-11 10:32	2005-01-11	表示	GitHub Exploit DB Packet Storm

349792	5.0	MEDIUM	3com	3crwe454g72	The web-based administrative interface for 3Com OfficeConnect Wireless 11g Access Point (AP) 1.00.08, and possibly earlier versions before 1.03.07A, allows remote attackers to bypass authentication a…	NVD-CWE-Other	CVE-2005-0112	2017-07-11 10:32	2005-04-14	表示	GitHub Exploit DB Packet Storm

349793	7.2	HIGH	sgi	irix	inpview in SGI IRIX allows local users to execute arbitrary commands via the SUN_TTSESSION_CMD environment variable, which is executed by inpview without dropping privileges.	NVD-CWE-Other	CVE-2005-0113	2017-07-11 10:32	2005-01-14	表示	GitHub Exploit DB Packet Storm

349794	7.5	HIGH	datarescue	ida	Stack-based buffer overflow in DataRescue Interactive Disassembler (IDA) Pro 4.7 allows attackers to execute arbitrary code via a PE file with an Import Address Table containing a long import library…	NVD-CWE-Other	CVE-2005-0115	2017-07-11 10:32	2005-01-24	表示	GitHub Exploit DB Packet Storm

349795	4.6	MEDIUM	alexander_siegel	golddig	Multiple buffer overflows in golddig 2.0 and earlier allow local users to execute arbitrary code via (1) a long map name command line argument or (2) a long username as recorded in the USER environme…	NVD-CWE-Other	CVE-2005-0121	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349796	7.5	HIGH	apple	mac_os_x mac_os_x_server	ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute arbitrary code via malformed ICC color profiles that modify the heap.	NVD-CWE-Other	CVE-2005-0126	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349797	5.0	MEDIUM	apple	mac_os_x mac_os_x_server	Mail in Mac OS X 10.3.7, when generating a Message-ID header, generates a GUUID that includes information that identifies the Ethernet hardware being used, which allows remote attackers to link mail …	NVD-CWE-Other	CVE-2005-0127	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349798	7.5	HIGH	berlios	konversation	The Quick Buttons feature in Konversation 0.15 allows remote attackers to execute certain IRC commands via a channel name containing "%" variables, which are recursively expanded by the Server::parse…	NVD-CWE-Other	CVE-2005-0129	2017-07-11 10:32	2005-04-14	表示	GitHub Exploit DB Packet Storm

349799	5.0	MEDIUM	berlios	konversation	The Quick Connection dialog in Konversation 0.15 inadvertently uses the user-provided password as the nickname instead of the user-provided nickname when connecting to the IRC server, which could lea…	NVD-CWE-Other	CVE-2005-0131	2017-07-11 10:32	2005-04-14	表示	GitHub Exploit DB Packet Storm

349800	7.5	HIGH	peid	peid	Buffer overflow in PeID allows attackers to execute arbitrary code via a PE file with an Import Address Table containing a long import library name.	NVD-CWE-Other	CVE-2005-0140	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm