NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2026年5月16日4:00

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
351601 7.5 HIGH
mysimplenews mysimplenews Static code injection vulnerability in users.php in MySimpleNews allows remote attackers to inject arbitrary PHP code and HTML via the (1) LOGIN, (2) DATA, and (3) MESS parameters, which are inserted… CWE-94
コード・インジェクション 		CVE-2002-2319 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
351602 7.8 HIGH
mysimplenews mysimplenews MySimpleNews 1.0 allows remote attackers to delete arbitrary email messages via a direct request to vider.php3. CWE-264
認可・権限・アクセス制御 		CVE-2002-2320 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
351603 4.3 MEDIUM
phplinkat phplinkat Cross-site scripting (XSS) vulnerability in (1) showcat.php and (2) addyoursite.php in phpLinkat 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the catid parameter. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2002-2321 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
351604 5.0 MEDIUM
ultimate_php_board ultimate_php_board Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords. CWE-20
不適切な入力確認 		CVE-2002-2322 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
351605 7.2 HIGH
microsoft windows_xp The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) p… CWE-264
認可・権限・アクセス制御 		CVE-2002-2324 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
351606 7.8 HIGH
university_of_washington pine The c-client library in Internet Message Access Protocol (IMAP) dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service (client crash) via a MIM… CWE-20
不適切な入力確認 		CVE-2002-2325 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
351607 5.0 MEDIUM
apple mac_os_x The default configuration of Mail.app in Mac OS X 10.0 through 10.0.4 and 10.1 through 10.1.5 sends iDisk authentication credentials in cleartext when connecting to Mac.com, which could allow remote … CWE-310
暗号の問題 		CVE-2002-2326 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
351608 7.8 HIGH
mirabilis icq ICQ client 2001b, 2002a and 2002b allows remote attackers to cause a denial of service (CPU consumption or crash) via a message with a large number of emoticons. CWE-20
不適切な入力確認 		CVE-2002-2329 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
351609 5.8 MEDIUM
cascadesoft w3mail W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in the attachments directory does not properly restrict the types of files that can be uploaded as attachments, which allows remote… CWE-16
環境設定 		CVE-2002-2331 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
351610 5.0 MEDIUM
opera_software opera_web_browser Buffer overflow in Opera 6.01 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes. CWE-119
バッファエラー 		CVE-2002-2332 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
351611 5.0 MEDIUM
kde kde Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes. CWE-119
バッファエラー 		CVE-2002-2333 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
351612 3.6 LOW
joseph_allen joe Joe text editor 2.8 through 2.9.7 does not remove the group and user setuid bits for backup files, which could allow local users to execute arbitrary setuid and setgid root programs when root edits s… CWE-264
認可・権限・アクセス制御 		CVE-2002-2334 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
351613 5.0 MEDIUM
john_drake killer_protection Killer Protection 1.0 stores the vars.inc include file under the web root with insufficient access control, which allows remote attackers to obtain user names and passwords and log in using protectio… CWE-16
環境設定 		CVE-2002-2335 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
351614 4.3 MEDIUM
symantec norton_personal_firewall Norton Personal Firewall 2002 4.0, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets. CWE-16
環境設定 		CVE-2002-2336 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
351615 5.0 MEDIUM
kaspersky_lab kaspersky_anti-hacker Kaspersky Anti-Hacker 1.0, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets. NVD-CWE-Other
CVE-2002-2337 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
351616 5.0 MEDIUM
mozilla
netscape 		mozilla
communicator
navigator 		The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) … CWE-20
不適切な入力確認 		CVE-2002-2338 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
351617 4.3 MEDIUM
script_shed ssgbook Cross-site scripting (XSS) vulnerability in configure.asp in Script-Shed GuestBook 1.0 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in (1) image, (2) img, (3) … CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2002-2339 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
351618 4.3 MEDIUM
sonicwall soho3 Cross-site scripting (XSS) vulnerability in content blocking in SonicWALL SOHO3 6.3.0.0 allows remote attackers to inject arbitrary web script or HTML via a blocked URL. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2002-2341 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
351619 4.3 MEDIUM
nocc nocc Cross-site scripting (XSS) vulnerability in NOCC 0.9 through 0.9.5 allows remote attackers to inject arbitrary web script or HTML via email messages. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2002-2343 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
351620 5.0 MEDIUM
ensim webppliance Ensim WEBppliance 3.0 and 3.1 allows remote attackers to read mail intended for other users by defining an alias that is the target's email address. CWE-264
認可・権限・アクセス制御 		CVE-2002-2344 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
351621 7.5 HIGH
oracle application_server Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access. CWE-255
証明書・パスワード管理 		CVE-2002-2345 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
351622 5.0 MEDIUM
phpbb phpbb phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses. CWE-200
情報漏えい 		CVE-2002-2346 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
351623 4.3 MEDIUM
oracle application_server Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2002-2347 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
351624 4.3 MEDIUM
authoria authoria Cross-site scripting (XSS) vulnerability in athcgi.exe in Authoria HR allows remote attackers to inject arbitrary web script or HTML via the command parameter. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2002-2348 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
351625 5.0 MEDIUM
phpbb phpbbmod phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information. CWE-200
情報漏えい 		CVE-2002-2349 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
351626 4.3 MEDIUM
phpoutsourcing zorum Cross-site scripting (XSS) vulnerability in z_user_show.php in dbtreelistproperty_method.php in Zorum 2.4 allows remote attackers to inject arbitrary web script or HTML via the class parameter. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2002-2350 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
351627 6.4 MEDIUM
qualcomm eudora Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." (dot). CWE-22
パス・トラバーサル 		CVE-2002-2351 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
351628 7.5 HIGH
aol instant_messenger AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to the Trusted Sites Zone in Internet Explorer without user approval, which could allow code from free.aol.com to bypass intended access restric… NVD-CWE-Other
CVE-2002-1591 2008-09-6 05:31 2002-04-8 表示 GitHub Exploit DB Packet Storm
351629 10.0 HIGH
ibm aix Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and 5.1 allows remote attackers to execute arbitrary code. NVD-CWE-Other
CVE-2002-1621 2008-09-6 05:31 2002-04-22 表示 GitHub Exploit DB Packet Storm
351630 7.5 HIGH
oracle application_server SQL injection vulnerability in the query.xsql sample page in Oracle 9i Application Server (9iAS) allows remote attackers to execute arbitrary code via the sql parameter. NVD-CWE-Other
CVE-2002-1631 2008-09-6 05:31 2002-12-31 表示 GitHub Exploit DB Packet Storm
351631 10.0 HIGH
oracle application_server_web_cache Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server (9iAS) allow remote attackers to execute arbitrary code via unknown vectors. NVD-CWE-Other
CVE-2002-1641 2008-09-6 05:31 2002-05-27 表示 GitHub Exploit DB Packet Storm
351632 10.0 HIGH
ibm aix Buffer overflow in lscfg of unknown versions of AIX has unknown impact. NVD-CWE-Other
CVE-2002-1686 2008-09-6 05:31 2002-12-31 表示 GitHub Exploit DB Packet Storm
351633 2.1 LOW
ibm aix Buffer overflow in the diagnostics library in AIX allows local users to "cause data and instructions to be overwritten" via a long DIAGNOSTICS environment variable. NVD-CWE-Other
CVE-2002-1687 2008-09-6 05:31 2002-12-31 表示 GitHub Exploit DB Packet Storm
351634 10.0 HIGH
ibm aix Unknown vulnerability in the login program on AIX before 4.0 could allow remote users to specify 100 or more environment variables when logging on, which exceeds the length of a certain string, possi… NVD-CWE-Other
CVE-2002-1689 2008-09-6 05:31 2002-12-31 表示 GitHub Exploit DB Packet Storm
351635 10.0 HIGH
ibm aix Unknown vulnerability in AIX before 4.0 with unknown attack vectors and unknown impact, aka "security issue," as fixed by APAR IY28225. NVD-CWE-Other
CVE-2002-1690 2008-09-6 05:31 2002-12-31 表示 GitHub Exploit DB Packet Storm
351636 5.0 MEDIUM
phprojekt phprojekt Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences. NVD-CWE-Other
CVE-2002-1761 2008-09-6 05:31 2002-12-31 表示 GitHub Exploit DB Packet Storm
351637 7.5 HIGH
symantec norton_personal_firewall The "block fragmented IP Packets" option in Symantec Norton Personal Firewall 2002 (NPW) does not properly protect against certain attacks on Windows vulnerabilities such as jolt2 (CVE-2000-0305). NVD-CWE-Other
CVE-2002-1779 2008-09-6 05:31 2002-12-31 表示 GitHub Exploit DB Packet Storm
351638 5.0 MEDIUM
hp tru64 Unknown vulnerability in inetd in HP Tru64 Unix 4.0f through 5.1a allows remote attackers to cause a denial of service via unknown attack vectors. NVD-CWE-Other
CVE-2002-1784 2008-09-6 05:31 2002-12-31 表示 GitHub Exploit DB Packet Storm
351639 1.9 LOW
zeus_technologies zeus_web_server Cross-site scripting (XSS) vulnerability in Zeus Administration Server in Zeus Web Server 4.0 through 4.1r2 allows remote authenticated users to inject arbitrary web script or HTML via the section pa… NVD-CWE-Other
CVE-2002-1785 2008-09-6 05:31 2002-12-31 表示 GitHub Exploit DB Packet Storm
351640 2.1 LOW
sgi irix SGI IRIX 6.5 through 6.5.14 applies a umask of 022 to root core dumps, which allows local users to read the core dumps and possibly obtain sensitive information. NVD-CWE-Other
CVE-2002-1786 2008-09-6 05:31 2002-12-31 表示 GitHub Exploit DB Packet Storm
351641 4.6 MEDIUM
sgi irix Buffer overflow in uux in eoe.sw.uucp package of SGI IRIX 6.5 through 6.5.17 allows local users to execute arbitrary code via unknown attack vectors. NVD-CWE-Other
CVE-2002-1787 2008-09-6 05:31 2002-12-31 表示 GitHub Exploit DB Packet Storm
351642 7.5 HIGH
kim_storm nn Format string vulnerability in the nn_exitmsg function in nn 6.6.0 through 6.6.3 allows remote NNTP servers to execute arbitrary code via format strings in server responses. NVD-CWE-Other
CVE-2002-1788 2008-09-6 05:31 2002-12-31 表示 GitHub Exploit DB Packet Storm
351643 7.2 HIGH
newsx newsx Format string vulnerability in newsx NNTP client before 1.4.8 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a call to the syslog function. NVD-CWE-Other
CVE-2002-1789 2008-09-6 05:31 2002-12-31 表示 GitHub Exploit DB Packet Storm
351644 2.1 LOW
sgi irix SGI IRIX 6.5 through 6.5.17 creates temporary desktop files with world-writable permissions, which allows local users to overwrite or corrupt those files. NVD-CWE-Other
CVE-2002-1791 2008-09-6 05:31 2002-12-31 表示 GitHub Exploit DB Packet Storm
351645 5.0 MEDIUM
hp virtualvault
vvos 		HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers t… NVD-CWE-Other
CVE-2002-1793 2008-09-6 05:31 2002-12-31 表示 GitHub Exploit DB Packet Storm
351646 4.3 MEDIUM
microsoft tsac_activex_control Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to inject arbitrary web script or HTML via unknow… NVD-CWE-Other
CVE-2002-1795 2008-09-6 05:31 2002-12-31 表示 GitHub Exploit DB Packet Storm
351647 4.6 MEDIUM
hp chaivm ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100 and 8150 does not properly enforce access control restrictions, which could allow local users to add, delete, or modify any services hos… NVD-CWE-Other
CVE-2002-1797 2008-09-6 05:31 2002-12-31 表示 GitHub Exploit DB Packet Storm
351648 4.3 MEDIUM
phprank phprank Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote attackers to inject arbitrary web script or HTML via the (1) email parameter to add.php or (2) banurl parameter. NVD-CWE-Other
CVE-2002-1799 2008-09-6 05:31 2002-12-31 表示 GitHub Exploit DB Packet Storm
351649 5.0 MEDIUM
bizdesign imagefolio ImageFolio 2.23 through 2.27 allows remote attackers to obtain sensitive information via a nonexistent image category, which leaks the web root in the resulting error message. NVD-CWE-Other
CVE-2002-1801 2008-09-6 05:31 2002-12-31 表示 GitHub Exploit DB Packet Storm
351650 4.3 MEDIUM
xoops xoops Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag when submitting news. NVD-CWE-Other
CVE-2002-1802 2008-09-6 05:31 2002-12-31 表示 GitHub Exploit DB Packet Storm