NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月10日5:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
352851	4.6	MEDIUM	double_precision_incorporated	courier_mta	Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.	NVD-CWE-Other	CVE-2002-1311	2016-10-18 11:25	2002-11-29	表示	GitHub Exploit DB Packet Storm

352852	6.8	MEDIUM	iplanet	iplanet_web_server	Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the…	NVD-CWE-Other	CVE-2002-1315	2016-10-18 11:25	2002-11-29	表示	GitHub Exploit DB Packet Storm

352853	6.8	MEDIUM	iplanet	iplanet_web_server	importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows rem…	NVD-CWE-Other	CVE-2002-1316	2016-10-18 11:25	2002-11-29	表示	GitHub Exploit DB Packet Storm

352854	5.0	MEDIUM	university_of_washington	pine	Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a From header that contains a large number of quotation marks (").	NVD-CWE-Other	CVE-2002-1320	2016-10-18 11:25	2002-12-11	表示	GitHub Exploit DB Packet Storm

352855	7.5	HIGH	phpwebsite	phpwebsite	modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, allows remote attackers to execute arbitrary PHP source code via an inc_prefix parameter that points to the malicious code.	NVD-CWE-Other	CVE-2002-1135	2016-10-18 11:24	2002-10-4	表示	GitHub Exploit DB Packet Storm

352856	7.1	HIGH	hp	procurve_switch_4000m	The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, w…	NVD-CWE-Other	CVE-2002-1147	2016-10-18 11:24	2002-10-11	表示	GitHub Exploit DB Packet Storm

352857	7.1	HIGH	hp	procurve_switch_4000m	Successful exploitation requires that stacking features and remote administration are enabled.	NVD-CWE-Other	CVE-2002-1147	2016-10-18 11:24	2002-10-11	表示	GitHub Exploit DB Packet Storm

352858	5.0	MEDIUM	invision_power_services	invision_board	The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and…	NVD-CWE-Other	CVE-2002-1149	2016-10-18 11:24	2002-10-11	表示	GitHub Exploit DB Packet Storm

352859	4.6	MEDIUM	microsoft	netmeeting	The Remote Desktop Sharing (RDS) Screen Saver Protection capability for Microsoft NetMeeting 3.01 through SP2 (4.4.3396) allows attackers with physical access to hijack remote sessions by entering ce…	NVD-CWE-Other	CVE-2002-1150	2016-10-18 11:24	2002-10-11	表示	GitHub Exploit DB Packet Storm

352860	7.5	HIGH	kde	konqueror kde	The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execut…	NVD-CWE-Other	CVE-2002-1151	2016-10-18 11:24	2002-10-11	表示	GitHub Exploit DB Packet Storm

352861	7.5	HIGH	kde	kde	Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote…	NVD-CWE-Other	CVE-2002-1152	2016-10-18 11:24	2002-10-11	表示	GitHub Exploit DB Packet Storm

352862	5.0	MEDIUM	ibm	websphere_application_server	IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host".	NVD-CWE-Other	CVE-2002-1153	2016-10-18 11:24	2002-10-11	表示	GitHub Exploit DB Packet Storm

352863	7.2	HIGH	redhat	linux	The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth f…	NVD-CWE-Other	CVE-2002-1160	2016-10-18 11:24	2003-02-19	表示	GitHub Exploit DB Packet Storm

352864	4.6	MEDIUM	sendmail netbsd	sendmail netbsd	Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by i…	NVD-CWE-Other	CVE-2002-1165	2016-10-18 11:24	2002-10-11	表示	GitHub Exploit DB Packet Storm

352865	7.5	HIGH	john_franks	wn_server	Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows remote attackers to execute arbitrary code via a long GET request.	NVD-CWE-Other	CVE-2002-1166	2016-10-18 11:24	2002-10-11	表示	GitHub Exploit DB Packet Storm

352866	7.5	HIGH	fetchmail	fetchmail	Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readh…	CWE-119 バッファエラー	CVE-2002-1174	2016-10-18 11:24	2002-10-11	表示	GitHub Exploit DB Packet Storm

352867	5.0	MEDIUM	fetchmail	fetchmail	The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a…	CWE-20 不適切な入力確認	CVE-2002-1175	2016-10-18 11:24	2002-10-11	表示	GitHub Exploit DB Packet Storm

352868	7.5	HIGH	nullsoft	winamp	Buffer overflow in Winamp 2.81 allows remote attackers to execute arbitrary code via a long Artist ID3v2 tag in an MP3 file.	NVD-CWE-Other	CVE-2002-1176	2016-10-18 11:24	2002-12-26	表示	GitHub Exploit DB Packet Storm

352869	7.5	HIGH	nullsoft	winamp	Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the Media Library window, allows remote attackers to execute arbitrary code via an MP3 file containing a long (1) Artist or (2) Albu…	NVD-CWE-Other	CVE-2002-1177	2016-10-18 11:24	2002-12-26	表示	GitHub Exploit DB Packet Storm

352870	5.0	MEDIUM	jetty	jetty_http_server	Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\ (dot-dot backslash) sequences in an HTTP request t…	NVD-CWE-Other	CVE-2002-1178	2016-10-18 11:24	2002-10-11	表示	GitHub Exploit DB Packet Storm

352871	5.0	MEDIUM	sabre	desktop_reservation_software	The Sabserv client component in Sabre Desktop Reservation Software 4.2 through 4.4 allows remote attackers to cause a denial of service via malformed input to TCP port 1001.	NVD-CWE-Other	CVE-2002-1191	2016-10-18 11:24	2002-10-28	表示	GitHub Exploit DB Packet Storm

352872	4.3	MEDIUM	gabriele_bartolini	ht_check	Cross-site scripting vulnerability (XSS) in the PHP interface for ht://Check 1.1 allows remote web servers to insert arbitrary HTML, including script, via a web page.	NVD-CWE-Other	CVE-2002-1195	2016-10-18 11:24	2002-10-28	表示	GitHub Exploit DB Packet Storm

352873	7.5	HIGH	mozilla	bugzilla	editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values f…	NVD-CWE-Other	CVE-2002-1196	2016-10-18 11:24	2002-10-28	表示	GitHub Exploit DB Packet Storm

352874	7.5	HIGH	mozilla	bugzilla	bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail.	NVD-CWE-Other	CVE-2002-1197	2016-10-18 11:24	2002-10-28	表示	GitHub Exploit DB Packet Storm

352875	7.5	HIGH	mozilla	bugzilla	Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote attackers to execute arbitrary SQL via a SQL injection attack.	NVD-CWE-Other	CVE-2002-1198	2016-10-18 11:24	2002-10-28	表示	GitHub Exploit DB Packet Storm

352876	5.0	MEDIUM	ibm	aix	IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a flood of malformed TCP packets without any flags set, which prevents AIX from releasing t…	NVD-CWE-Other	CVE-2002-1201	2016-10-18 11:24	2002-10-28	表示	GitHub Exploit DB Packet Storm

352877	5.0	MEDIUM	ibm	secureway_firewall	IBM SecureWay Firewall before 4.2.2 performs extra processing before determining that a packet is invalid and dropping it, which allows remote attackers to cause a denial of service (resource exhaust…	CWE-399 リソース管理の問題	CVE-2002-1203	2016-10-18 11:24	2002-10-28	表示	GitHub Exploit DB Packet Storm

352878	7.5	HIGH	jason_orcutt	prometheus	Prometheus 6.0 and earlier allows remote attackers to execute arbitrary PHP code via a modified PROMETHEUS_LIBRARY_BASE that points to code stored on a remote server, which is then used in (1) index.…	NVD-CWE-Other	CVE-2002-1211	2016-10-18 11:24	2002-11-12	表示	GitHub Exploit DB Packet Storm

352879	5.0	MEDIUM	gnu	tar	GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security che…	NVD-CWE-Other	CVE-2002-1216	2016-10-18 11:24	2002-10-28	表示	GitHub Exploit DB Packet Storm

352880	10.0	HIGH	kth	heimdal	Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmind and (2) kdc servers, may allow remote attackers to gain root access.	NVD-CWE-Other	CVE-2002-1225	2016-10-18 11:24	2002-10-28	表示	GitHub Exploit DB Packet Storm

352881	10.0	HIGH	kth	heimdal	Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, possibly in the (1) kadmind and (2) kdc servers, may allow remote or local attackers to gain root or other access, but not via buffe…	NVD-CWE-Other	CVE-2002-1226	2016-10-18 11:24	2002-10-28	表示	GitHub Exploit DB Packet Storm

352882	7.5	HIGH	avaya	cajun_p550 cajun_p550r cajun_p580 cajun_p880 cajun_p882	Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier contain undocumented accounts (1) manuf and (2) diag with default passwords, which allows remote attackers to gain privileges.	NVD-CWE-Other	CVE-2002-1229	2016-10-18 11:24	2002-10-28	表示	GitHub Exploit DB Packet Storm

352883	7.5	HIGH	cisco	pix_firewall	The encryption algorithms for enable and passwd commands on Cisco PIX Firewall can be executed quickly due to a limited number of rounds, which make it easier for an attacker to decrypt the passwords…	NVD-CWE-Other	CVE-2002-0954	2016-10-18 11:23	2002-10-4	表示	GitHub Exploit DB Packet Storm

352884	7.5	HIGH	analogx	simpleserver_www	Buffer overflow in AnalogX SimpleServer:WWW 1.16 and earlier allows remote attackers to cause a denial of service (crash) and execute code via a long HTTP request method name.	NVD-CWE-Other	CVE-2002-0968	2016-10-18 11:23	2002-10-4	表示	GitHub Exploit DB Packet Storm

352885	4.6	MEDIUM	att tightvnc tridia	winvnc_server tightvnc tridiavnc	Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the "Add new clients" di…	NVD-CWE-Other	CVE-2002-0971	2016-10-18 11:23	2002-09-24	表示	GitHub Exploit DB Packet Storm

352886	4.6	MEDIUM	postgresql	postgresql	Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial of service and possibly execute arbitrary code via long arguments to the functions (1) lpad or (2) rpad.	NVD-CWE-Other	CVE-2002-0972	2016-10-18 11:23	2002-09-24	表示	GitHub Exploit DB Packet Storm

352887	4.6	MEDIUM	freebsd	freebsd	Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getso…	NVD-CWE-Other	CVE-2002-0973	2016-10-18 11:23	2002-09-24	表示	GitHub Exploit DB Packet Storm

352888	7.5	HIGH	microsoft	directx_files_viewer_control	Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter.	NVD-CWE-Other	CVE-2002-0975	2016-10-18 11:23	2002-09-24	表示	GitHub Exploit DB Packet Storm

352889	7.5	HIGH	microsoft	virtual_machine	The Java logging feature for the Java Virtual Machine in Internet Explorer writes output from functions such as System.out.println to a known pathname, which can be used to execute arbitrary code.	NVD-CWE-Other	CVE-2002-0979	2016-10-18 11:23	2002-09-24	表示	GitHub Exploit DB Packet Storm

352890	7.5	HIGH	microsoft	sql_server	Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.	NVD-CWE-Other	CVE-2002-0982	2016-10-18 11:23	2002-09-24	表示	GitHub Exploit DB Packet Storm

352891	7.5	HIGH	rob_flynn	gaim	The URL handler in the manual browser option for Gaim before 0.59.1 allows remote attackers to execute arbitrary script via shell metacharacters in a link.	NVD-CWE-Other	CVE-2002-0989	2016-10-18 11:23	2002-09-24	表示	GitHub Exploit DB Packet Storm

352892	5.0	MEDIUM	symantec	enterprise_firewall raptor_firewall velociraptor gateway_security	The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of…	NVD-CWE-Other	CVE-2002-0990	2016-10-18 11:23	2002-10-28	表示	GitHub Exploit DB Packet Storm

352893	5.0	MEDIUM	adobe	adobe_content_server	The library feature for Adobe Content Server 3.0 does not verify if a customer has already checked out an eBook, which allows remote attackers to cause a denial of service (resource exhaustion) by ch…	NVD-CWE-Other	CVE-2002-1018	2016-10-18 11:23	2002-10-4	表示	GitHub Exploit DB Packet Storm

352894	5.0	MEDIUM	adobe	adobe_content_server	The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook for an arbitrary length of time via a modified loanMin parameter to download.asp.	NVD-CWE-Other	CVE-2002-1019	2016-10-18 11:23	2002-10-4	表示	GitHub Exploit DB Packet Storm

352895	5.0	MEDIUM	adobe	adobe_content_server	The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook even when the maximum number of loans is exceeded by accessing the "Add to bookbag" feature when the se…	NVD-CWE-Other	CVE-2002-1020	2016-10-18 11:23	2002-10-4	表示	GitHub Exploit DB Packet Storm

352896	5.0	MEDIUM	michael_dean	double_choco_latte	Cross-site scripting vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to inject arbitrary HTML, including script, into web pages via the (1) Ticket# Find, (2) Priorit…	NVD-CWE-Other	CVE-2002-1037	2016-10-18 11:23	2002-10-4	表示	GitHub Exploit DB Packet Storm

352897	5.0	MEDIUM	michael_dean	double_choco_latte	Double Choco Latte (DCL) before 20020706 does not properly verify if a file was uploaded, which allows remote attackers to conduct certain operations on arbitrary files via the (1) Projects: Upload F…	NVD-CWE-Other	CVE-2002-1038	2016-10-18 11:23	2002-10-4	表示	GitHub Exploit DB Packet Storm

352898	5.0	MEDIUM	michael_dean	double_choco_latte	Directory traversal vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to read arbitrary files via .. (dot dot) sequences when downloading files from the Projects: Atta…	NVD-CWE-Other	CVE-2002-1039	2016-10-18 11:23	2002-10-4	表示	GitHub Exploit DB Packet Storm

352899	4.6	MEDIUM	ehud_gavron	tracesroute	Format string vulnerability in TrACESroute 6.0 GOLD (aka NANOG traceroute) allows local users to execute arbitrary code via the -T (terminator) command line argument.	NVD-CWE-Other	CVE-2002-1051	2016-10-18 11:23	2002-10-4	表示	GitHub Exploit DB Packet Storm

352900	5.0	MEDIUM	w3c	jigsaw	Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the "con" device, or (2) obtain the physical path of the ser…	NVD-CWE-Other	CVE-2002-1052	2016-10-18 11:23	2002-10-4	表示	GitHub Exploit DB Packet Storm