NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月13日4:20

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
349951	5.0	MEDIUM	microsoft	outlook outlook_web_access	Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail a…	NVD-CWE-Other	CVE-2005-1052	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349952	4.3	MEDIUM	moderngigabyte	modernbill	Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ModernBill 4.3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) c_code or (2) aid paramet…	NVD-CWE-Other	CVE-2005-1053	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349953	7.5	HIGH	moderngigabyte	modernbill	PHP remote file inclusion vulnerability in news.php in ModernBill 4.3.0 and earlier allows remote attackers to execute arbitrary PHP code by modifying the DIR parameter to reference a URL on a remote…	NVD-CWE-Other	CVE-2005-1054	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349954	7.5	HIGH	towerblog	towerblog	TowerBlog 0.6 and earlier stores the login data file under the web root, which allows remote attackers to obtain the MD5 checksums of the username and password via a direct request to the _dat/login …	NVD-CWE-Other	CVE-2005-1055	2017-07-11 10:32	2005-04-10	表示	GitHub Exploit DB Packet Storm

349955	5.0	MEDIUM	hp	openview_network_node_manager	Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 through 6.4, and 7.01 through 7.50, allows remote attackers to cause a denial of service.	NVD-CWE-Other	CVE-2005-1056	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349956	2.1	LOW	linksys	wet11	Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html.	NVD-CWE-Other	CVE-2005-1059	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349957	5.0	MEDIUM	novell	netware	Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in Novell Netware 6.x allows remote attackers to cause a denial of service (ABEND by Page Fault Processor Exception) via certain packets.	NVD-CWE-Other	CVE-2005-1060	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349958	4.3	MEDIUM	-	-	Cross-site scripting (XSS) vulnerability in sCssBoard 1.11 and earlier allows remote attackers to execute arbitrary Javascript via [url] tags.	NVD-CWE-Other	CVE-2005-1068	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349959	10.0	HIGH	-	-	Unknown vulnerability in sCssBoard 1.11 and earlier has unknown impact, related to "an exploit on the Profile page."	NVD-CWE-Other	CVE-2005-1069	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349960	7.5	HIGH	invision_power_services	invision_board	SQL injection vulnerability in index.php in Invision Power Board 1.3.1 Final and earlier allows remote attackers to execute arbitrary SQL commands via the st parameter.	NVD-CWE-Other	CVE-2005-1070	2017-07-11 10:32	2005-04-11	表示	GitHub Exploit DB Packet Storm

349961	5.0	MEDIUM	radscripts	radbids	Directory traversal vulnerability in index.php for RadScripts RadBids Gold 2 allows remote attackers to read arbitrary files via the read parameter.	NVD-CWE-Other	CVE-2005-1073	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349962	7.5	HIGH	radscripts	radbids	SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 allows remote attackers to execute arbitrary SQL commands via the mode parameter.	NVD-CWE-Other	CVE-2005-1074	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349963	4.3	MEDIUM	radscripts	radbids	Multiple cross-site scripting (XSS) vulnerabilities in RadScripts RadBids Gold 2 allow remote attackers to inject arbitrary web script or HTML via (1) the farea parameter to faq.php or the (2) cat, (…	NVD-CWE-Other	CVE-2005-1075	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349964	4.3	MEDIUM	azerbaijan_development_group	azdgdating	Cross-site scripting (XSS) vulnerability in view.php in AzDGDatingPlatinum 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.	NVD-CWE-Other	CVE-2005-1081	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349965	6.4	MEDIUM	an	an-httpd	Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to execute arbitrary code via an HTTP request with a long User-Agent header.	NVD-CWE-Other	CVE-2005-1086	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349966	6.4	MEDIUM	an	an-httpd	CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command,…	NVD-CWE-Other	CVE-2005-1087	2017-07-11 10:32	2005-04-7	表示	GitHub Exploit DB Packet Storm

349967	7.2	HIGH	dameware_development	mini_remote_control nt_utilities	Unknown vulnerability in DameWare NT Utilities 4.8 and earlier, and Mini Remote Control 4.8 and earlier, allows local users to gain additional rights.	NVD-CWE-Other	CVE-2005-1088	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349968	6.4	MEDIUM	maxthon	maxthon	Directory traversal vulnerability in the readFile and writeFile API for Maxthon 1.2.0 and 1.2.1 allows remote attackers to read or write arbitrary files.	NVD-CWE-Other	CVE-2005-1090	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349969	7.5	HIGH	popup_plus_plugin	popup_plus_plugin_for_miranda_im	Buffer overflow in the PopUp Plus 2.0.3.8 plugin for Miranda IM, with "Use SmileyAdd Setting" enabled, allows remote attackers to execute arbitrary code.	NVD-CWE-Other	CVE-2005-1093	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349970	4.6	MEDIUM	-	-	FTP Now 2.6.14 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges.	NVD-CWE-Other	CVE-2005-1094	2017-07-11 10:32	2005-04-8	表示	GitHub Exploit DB Packet Storm

349971	4.3	MEDIUM	ocean12_technologies	membership_manager_pro	Cross-site scripting (XSS) vulnerability in main.asp for Ocean12 Membership Manager Pro 1.x allows remote attackers to inject arbitrary web script or HTML via the page parameter.	NVD-CWE-Other	CVE-2005-1095	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349972	7.5	HIGH	ocean12_technologies	membership_manager_pro	SQL injection vulnerability in main.asp for Ocean12 Membership Manager Pro 1.x allows remote attackers to execute arbitrary SQL commands via the UserID parameter.	NVD-CWE-Other	CVE-2005-1096	2017-07-11 10:32	2005-04-6	表示	GitHub Exploit DB Packet Storm

349973	2.1	LOW	runtime_software	getdataback_for_ntfs	GetDataBack for NTFS 2.31 stores the username and license key in plaintext in the Name value in the License registry key, which may allow local users to obtain sensitive information.	NVD-CWE-Other	CVE-2005-1098	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349974	10.0	HIGH	salim_gasmi	gld	Multiple buffer overflows in the HandleChild function in server.c in Greylisting daemon (GLD) 1.3 and 1.4, when GLD is listening on a network interface, allow remote attackers to execute arbitrary co…	NVD-CWE-Other	CVE-2005-1099	2017-07-11 10:32	2005-04-12	表示	GitHub Exploit DB Packet Storm

349975	7.5	HIGH	salim_gasmi	gld	Format string vulnerability in the ErrorLog function in cnf.c in Greylisting daemon (GLD) 1.3 and 1.4 allows remote attackers to execute arbitrary code via format string specifiers in data that is pa…	NVD-CWE-Other	CVE-2005-1100	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349976	7.5	HIGH	ibm	lotus_domino_server	Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via large amounts of data …	NVD-CWE-Other	CVE-2005-1101	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349977	5.0	MEDIUM	junkbuster	internet_junkbuster	The ij_untrusted_url function in JunkBuster 2.0.2-r2, with single-threaded mode enabled, allows remote attackers to overwrite the referrer field via a crafted HTTP request.	NVD-CWE-Other	CVE-2005-1108	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349978	7.5	HIGH	junkbuster	internet_junkbuster	The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via heap corruption.	NVD-CWE-Other	CVE-2005-1109	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349979	7.5	HIGH	sumus	sumus	Stack-based buffer overflow in the RespondeHTTPPendiente function in the HTTP server for SUMUS 0.2.2 allows remote attackers to execute arbitrary code via a large packet sent to TCP port 81.	NVD-CWE-Other	CVE-2005-1110	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349980	5.0	MEDIUM	ibm	websphere_application_server	IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request …	NVD-CWE-Other	CVE-2005-1112	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349981	4.3	MEDIUM	phpbb_group	phpbb_plus	Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 and earlier allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) groupcp.php, (2) index.p…	NVD-CWE-Other	CVE-2005-1113	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349982	7.5	HIGH	phpbb_group smartor	phpbb photo_album	Multiple SQL injection vulnerabilities in album_search.php in Photo Album 2.0.53 for phpBB allow remote attackers to execute arbitrary SQL commands via the (1) mode or (2) search parameters.	NVD-CWE-Other	CVE-2005-1114	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349983	4.3	MEDIUM	rsa	authentication_agent_for_web	Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the RSA Authentication Agent for Web 5.2 allows remote attackers to inject arbitrary web script or HTML via the postdata parameter.	NVD-CWE-Other	CVE-2005-1118	2017-07-11 10:32	2005-04-14	表示	GitHub Exploit DB Packet Storm

349984	4.3	MEDIUM	ilohamail	ilohamail	Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail 0.8.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the e-mail (1) body, (2) filename, or (3) MIME ty…	NVD-CWE-Other	CVE-2005-1120	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349985	5.0	MEDIUM	igor_khasilev gentoo	oops_proxy_server linux	Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in the passwd_mysql and passwd_pgsql modules, may allow attacke…	NVD-CWE-Other	CVE-2005-1121	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349986	2.1	LOW	freebsd	freebsd	The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 and 5.x through 5.4 does not properly clear a buffer before using it, which allows local users to obtain portions of sensitive kern…	CWE-399 リソース管理の問題	CVE-2005-1126	2017-07-11 10:32	2005-04-15	表示	GitHub Exploit DB Packet Storm

349987	5.0	MEDIUM	postgrey	postgrey	Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote a…	NVD-CWE-Other	CVE-2005-1127	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349988	2.1	LOW	-	-	eGroupWare 1.0.6 and earlier, when an e-mail is composed with an attachment but not sent, will send that attachment in the next e-mail, which may cause sensitive information to be sent to the wrong r…	NVD-CWE-Other	CVE-2005-1129	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349989	4.3	MEDIUM	desert_dog_software	pinnacle_cart	Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart allows remote attackers to inject arbitrary web script or HTML via the pg parameter.	NVD-CWE-Other	CVE-2005-1130	2017-07-11 10:32	2005-04-12	表示	GitHub Exploit DB Packet Storm

349990	5.0	MEDIUM	lg_electronics	lg_mobile_phone	LG U8120 mobile phone allows remote attackers to cause a denial of service (device crash) via a malformed MIDI file.	NVD-CWE-Other	CVE-2005-1132	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349991	7.5	HIGH	s9y	serendipity	SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) url_id or (2) entry_id parameters.	NVD-CWE-Other	CVE-2005-1134	2017-07-11 10:32	2005-04-13	表示	GitHub Exploit DB Packet Storm

349992	5.0	MEDIUM	-	-	calendar.pl in CalendarScript 3.20 allows remote attackers to obtain sensitive information via invalid (1) calendar or (2) template parameters, which leaks the full pathname and debug information.	NVD-CWE-Other	CVE-2005-1147	2017-07-11 10:32	2005-04-12	表示	GitHub Exploit DB Packet Storm

349993	5.0	MEDIUM	calendarscript	calendarscript	calendar.pl in CalendarScript 3.21 allows remote attackers to obtain sensitive information via invalid (1) year or (2) month parameters, which leaks the full pathname and debug information.	NVD-CWE-Other	CVE-2005-1148	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349994	5.0	MEDIUM	yager_development	yager_game	Yager 5.24 and earlier allows remote attackers to cause a denial of service (application hang) via a packet with a game header that provides less data than indicated by the length.	NVD-CWE-Other	CVE-2005-1164	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349995	5.0	MEDIUM	-	-	Yager 5.24 and earlier allows remote attackers to cause a denial of service (application crash) via certain malformed data.	NVD-CWE-Other	CVE-2005-1165	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349996	4.3	MEDIUM	datenbank_module	datenbank_module	Cross-site scripting (XSS) vulnerability in mod.php in the datenbank module for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter.	NVD-CWE-Other	CVE-2005-1171	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349997	1.2	LOW	ibm	aix	Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while I/O is still occurring for that file, may write data to a different file, which could leak sensitive information.	NVD-CWE-Other	CVE-2005-1176	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349998	10.0	HIGH	usermin webmin	usermin webmin	Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact.	NVD-CWE-Other	CVE-2005-1177	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

349999	7.5	HIGH	oracle	forms	SQL injection vulnerability in Oracle Forms 10g allows remote attackers to execute arbitrary SQL commands via the Query/Where feature.	NVD-CWE-Other	CVE-2005-1178	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350000	5.0	MEDIUM	xerox	workcentre workcentre_165 workcentre_175 workcentre_2128 workcentre_2636 workcentre_32_color workcentre_35 workcentre_3545 workcentre_40_color workcentre_45 workcentre_5…	Unknown vulnerability in Xerox MicroServer Web Server for various WorkCentre products including M35/M45/M55 2.028.11.000 through 2.97.20.032 and 4.84.16.000 through 4.97.20.032, Pro 35/45/55 3.028.11…	NVD-CWE-Other	CVE-2005-1179	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm