NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月13日4:20

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
350001	5.0	MEDIUM	francisco_burzi	php-nuke	HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the forward…	NVD-CWE-Other	CVE-2005-1180	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350002	5.0	MEDIUM	ibm	os_400	Unknown vulnerability in Incoming Remote Command (iSeries Access for Windows Remote Command service) in IBM OS/400 R510, R520, and R530 allows attackers to cause a denial of service (IRC shutdown) vi…	NVD-CWE-Other	CVE-2005-1182	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350003	4.3	MEDIUM	mvnforum	mvnforum	Cross-site scripting (XSS) vulnerability in mvnForum 1.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the Search parameter.	NVD-CWE-Other	CVE-2005-1183	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350004	4.6	MEDIUM	musicmatch	jukebox	Unquoted Windows search path vulnerability in Musicmatch Jukebox 10.00.2047 and earlier allows local users to gain privileges via a malicious C:\program.exe file, which is run by MMFWLaunch.exe when …	NVD-CWE-Other	CVE-2005-1185	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350005	6.8	MEDIUM	musicmatch	jukebox	Musicmatch Jukebox 10.00.2047 and earlier adds the musicmatch.com domain to the Trusted Sites zone in Internet Explorer, which allows systems in the domain to conduct unauthorized activities, as demo…	NVD-CWE-Other	CVE-2005-1186	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350006	4.3	MEDIUM	comersus_open_technologies	comersus_cart	Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in Comersus 3.90 to 4.51 allows remote attackers to inject arbitrary web script or HTML via the curPage parameter.	NVD-CWE-Other	CVE-2005-1188	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350007	4.3	MEDIUM	webcamxp	webcamxp_pro	Cross-site scripting (XSS) vulnerability in WebcamXP PRO v2.16.468 and earlier allows remote attackers to inject arbitrary web script or HTML via the chat name, as demonstrated by using an IFRAME to …	NVD-CWE-Other	CVE-2005-1189	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350008	4.3	MEDIUM	webcamxp	webcamxp_pro	The vulnerability has reportedly been fixed in the beta version 2.16.478.	NVD-CWE-Other	CVE-2005-1189	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350009	5.0	MEDIUM	webcamxp	webcamxp_pro	WebcamXP PRO v2.16.468 and earlier allows remote attackers to cause a denial of service via a long chat name, which takes up too much display space and prevents the chat frame from being properly ren…	NVD-CWE-Other	CVE-2005-1190	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350010	7.5	HIGH	phpbb_group	phpbb	The bbencode_second_pass and make_clickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary scri…	NVD-CWE-Other	CVE-2005-1193	2017-07-11 10:32	2005-05-16	表示	GitHub Exploit DB Packet Storm

350011	7.5	HIGH	mplayer xine	mplayer xine-lib	Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPla…	NVD-CWE-Other	CVE-2005-1195	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350012	7.5	HIGH	azbb	az_bulletin_board	PHP remote file inclusion vulnerability in main_index.php in AZ Bulletin Board (AZbb) 1.0.07a through 1.0.07c allows remote attackers to execute arbitrary PHP code by modifying the (1) dir_src or (2)…	NVD-CWE-Other	CVE-2005-1200	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350013	6.4	MEDIUM	-	-	Multiple directory traversal vulnerabilities in AZ Bulletin board (AZbb) before 1.0.08 allow (1) remote authenticated users with administrative privileges to delete arbitrary files via a .. (dot dot)…	NVD-CWE-Other	CVE-2005-1201	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350014	7.5	HIGH	knusperleicht	shoutbox_script	Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain sensitive information via a direct request to db/settings.dat, which displays usernames and password hashes.	NVD-CWE-Other	CVE-2005-1220	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350015	7.5	HIGH	netref	netref	cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to execute arbitrary PHP code by setting the ad_direct parameter to reference cat_for_gen.php, then including the code in the m_for_raci…	NVD-CWE-Other	CVE-2005-1222	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350016	7.5	HIGH	ocean12_technologies	calendar_manager_pro	Multiple SQL injection vulnerabilities in Ocean12 Calendar manager 1.01 allow remote attackers to execute arbitrary SQL commands via the Admin_id field.	NVD-CWE-Other	CVE-2005-1223	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350017	7.5	HIGH	coppermine	coppermine_photo_gallery	SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the favs parameter to (1) init.inc.php or (2) zipdownload.php.	NVD-CWE-Other	CVE-2005-1225	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350018	7.5	HIGH	coppermine	coppermine_photo_gallery	Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information.	NVD-CWE-Other	CVE-2005-1226	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350019	5.1	MEDIUM	phprojekt	phprojekt	Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the chatroom text submission form.	NVD-CWE-Other	CVE-2005-1227	2017-07-11 10:32	2005-04-20	表示	GitHub Exploit DB Packet Storm

350020	4.6	MEDIUM	gnu	cpio	Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file.	NVD-CWE-Other	CVE-2005-1229	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350021	4.3	MEDIUM	php_labs	profile	Cross-site scripting (XSS) vulnerability in index.php in PHP Labs proFile allows remote attackers to inject arbitrary web script or HTML via the (1) dir or (2) file parameters.	NVD-CWE-Other	CVE-2005-1233	2017-07-11 10:32	2005-04-20	表示	GitHub Exploit DB Packet Storm

350022	7.5	HIGH	ibm	iseries_as_400	By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases,…	NVD-CWE-Other	CVE-2005-1238	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350023	5.0	MEDIUM	raz-lee	security\+\+\+	Directory traversal vulnerability in the third party tool from Raz-Lee, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.l…	NVD-CWE-Other	CVE-2005-1239	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350024	5.0	MEDIUM	raz-lee	security\+\+\+	Fix is available on http://www.razlee.com/	NVD-CWE-Other	CVE-2005-1239	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350025	7.5	HIGH	castlehill	secure_net	Directory traversal vulnerability in the third party tool from Castlehill, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsy…	NVD-CWE-Other	CVE-2005-1240	2017-07-11 10:32	2005-04-20	表示	GitHub Exploit DB Packet Storm

350026	7.5	HIGH	powertech	powerlock_networksecurity	Directory traversal vulnerability in the third party tool from Powertech, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys…	NVD-CWE-Other	CVE-2005-1241	2017-07-11 10:32	2005-04-20	表示	GitHub Exploit DB Packet Storm

350027	5.0	MEDIUM	bsafe	global_security	Directory traversal vulnerability in the third party tool from Bsafe, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib…	NVD-CWE-Other	CVE-2005-1242	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350028	5.0	MEDIUM	safestone_technologies	axcessit	Directory traversal vulnerability in the third party tool from SafeStone, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys…	NVD-CWE-Other	CVE-2005-1243	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350029	4.3	MEDIUM	mediawiki	mediawiki	Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, when using HTML Tidy ($wgUseTidy), allows remote attackers to inject arbitrary web script or HTML via unknown vectors.	NVD-CWE-Other	CVE-2005-1245	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350030	2.1	LOW	gentoo	rootkit_hunter	The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter before 1.2.3-r1 create temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symli…	NVD-CWE-Other	CVE-2005-1270	2017-07-11 10:32	2005-04-26	表示	GitHub Exploit DB Packet Storm

350031	4.3	MEDIUM	argosoft	argosoft_mail_server	Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the src parameter in an IMG tag, (2) User…	NVD-CWE-Other	CVE-2005-1282	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350032	7.5	HIGH	argosoft	argosoft_mail_server	Multiple directory traversal vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote authenticated users to (1) read arbitrary files via the UIDL parameter to the msg script or (2) copy or m…	NVD-CWE-Other	CVE-2005-1283	2017-07-11 10:32	2005-04-22	表示	GitHub Exploit DB Packet Storm

350033	7.5	HIGH	argosoft	argosoft_mail_server	The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote attackers to create arbitrary accounts, even if "Allow Creation of Accounts From the Web Interface" is disabled, via a direct HTTP …	NVD-CWE-Other	CVE-2005-1284	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350034	7.5	HIGH	cartwiz	asp_cart	Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) addToCart.asp or (2) productDetails.asp, the (3)…	NVD-CWE-Other	CVE-2005-1291	2017-07-11 10:32	2005-04-23	表示	GitHub Exploit DB Packet Storm

350035	4.3	MEDIUM	elemental_software	cartwiz	Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP Cart allow remote attackers to inject arbitrary web script or HTML via the idProduct parameter to (1) tellAFriend.asp or (2) addToWi…	NVD-CWE-Other	CVE-2005-1292	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350036	7.2	HIGH	adobe apple	version_cue mac_os_x	The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to exe…	NVD-CWE-Other	CVE-2005-1307	2017-07-11 10:32	2005-05-17	表示	GitHub Exploit DB Packet Storm

350037	7.5	HIGH	intersoft	netterm	Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote attackers to execute arbitrary code via a long USER command.	NVD-CWE-Other	CVE-2005-1323	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350038	4.3	MEDIUM	matthieu_aubry	phpmyvisites	Multiple cross-site scripting (XSS) vulnerabilities in index.php for phpMyVisites allow remote attackers to inject arbitrary web script or HTML via the (1) part, (2) per, or (3) site parameters.	NVD-CWE-Other	CVE-2005-1324	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350039	7.5	HIGH	perl	convert_uulib	Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation.	NVD-CWE-Other	CVE-2005-1349	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350040	7.5	HIGH	graycms	graycms	PHP remote file inclusion vulnerability in error.php in GrayCMS 1.1 allows remote attackers to execute arbitrary PHP code by modifying the path_prefix parameter to reference a URL on a remote web ser…	NVD-CWE-Other	CVE-2005-1360	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350041	7.5	HIGH	metalinks	metacart_e-shop	Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) intProdID parameter in product.asp or (2) strCatalog_NAME parameter …	NVD-CWE-Other	CVE-2005-1361	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350042	7.5	HIGH	metalinks	metabid_auctions	Multiple SQL injection vulnerabilities in MetaBid Auctions allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password fields in logIn.asp, or (3) intAuctionID param…	NVD-CWE-Other	CVE-2005-1364	2017-07-11 10:32	2005-05-2	表示	GitHub Exploit DB Packet Storm

350043	7.5	HIGH	hp	openview_radia_management_portal	Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView Radia Management Portal (RMP) 1.x and 2.x allows remote attackers to execute arbitrary commands via unknown vectors.	NVD-CWE-Other	CVE-2005-1370	2017-07-11 10:32	2005-05-3	表示	GitHub Exploit DB Packet Storm

350044	7.2	HIGH	bulletproof	bulletproof_ftp_server	BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not properly drop privileges before opening files through the Help menu, which allows local users to gain privileges.	NVD-CWE-Other	CVE-2005-1371	2017-07-11 10:32	2005-05-3	表示	GitHub Exploit DB Packet Storm

350045	4.6	MEDIUM	bakbone	netvault	nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop privileges before opening files, which allows local users to gain privileges via the Help menu.	NVD-CWE-Other	CVE-2005-1372	2017-07-11 10:32	2005-05-3	表示	GitHub Exploit DB Packet Storm

350046	7.5	HIGH	dream4	koobi_cms	Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi CMS 4.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) q or (2) p parameters.	NVD-CWE-Other	CVE-2005-1373	2017-07-11 10:32	2005-05-3	表示	GitHub Exploit DB Packet Storm

350047	6.8	MEDIUM	claroline	claroline	Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via (1) exer…	NVD-CWE-Other	CVE-2005-1374	2017-07-11 10:32	2005-05-3	表示	GitHub Exploit DB Packet Storm

350048	7.5	HIGH	claroline	claroline	Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) …	NVD-CWE-Other	CVE-2005-1375	2017-07-11 10:32	2005-05-3	表示	GitHub Exploit DB Packet Storm

350049	7.5	HIGH	claroline	claroline	Multiple directory traversal vulnerabilities in (1) document.php or (2) insertMyDoc.php in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote project administrators to…	NVD-CWE-Other	CVE-2005-1376	2017-07-11 10:32	2005-05-3	表示	GitHub Exploit DB Packet Storm

350050	7.5	HIGH	claroline	claroline	Multiple PHP remote file inclusion vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary PHP code via unknown vectors.	NVD-CWE-Other	CVE-2005-1377	2017-07-11 10:32	2005-05-3	表示	GitHub Exploit DB Packet Storm