NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月10日5:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
352951	7.5	HIGH	surfcontrol	superscout_web_filter web_filter	UserManager.js in the Web Reports Server for SurfControl SuperScout WebFilter uses weak encryption for administrator functions, which allows remote attackers to decrypt the administrative password us…	NVD-CWE-Other	CVE-2002-0706	2016-10-18 11:21	2002-10-10	表示	GitHub Exploit DB Packet Storm

352952	5.0	MEDIUM	surfcontrol	superscout_web_filter web_filter	The Web Reports Server for SurfControl SuperScout WebFilter allows remote attackers to cause a denial of service (CPU consumption) via large GET requests, possibly due to a buffer overflow.	NVD-CWE-Other	CVE-2002-0707	2016-10-18 11:21	2002-10-10	表示	GitHub Exploit DB Packet Storm

352953	5.0	MEDIUM	surfcontrol	superscout_web_filter web_filter	Directory traversal vulnerability in the Web Reports Server for SurfControl SuperScout WebFilter allows remote attackers to read arbitrary files via an HTTP request containing ... (triple dot) sequen…	NVD-CWE-Other	CVE-2002-0708	2016-10-18 11:21	2002-10-10	表示	GitHub Exploit DB Packet Storm

352954	7.5	HIGH	surfcontrol	superscout_web_filter web_filter	SQL injection vulnerabilities in the Web Reports Server for SurfControl SuperScout WebFilter allow remote attackers to execute arbitrary SQL queries via the RunReport option to SimpleBar.dll, and pos…	NVD-CWE-Other	CVE-2002-0709	2016-10-18 11:21	2002-10-10	表示	GitHub Exploit DB Packet Storm

352955	6.4	MEDIUM	rod_clark	sendform.cgi	Directory traversal vulnerability in sendform.cgi 1.44 and earlier allows remote attackers to read arbitrary files by specifying the desired files in the BlurbFilePath parameter.	NVD-CWE-Other	CVE-2002-0710	2016-10-18 11:21	2002-08-12	表示	GitHub Exploit DB Packet Storm

352956	5.0	MEDIUM	hp	trucluster_server	Unknown vulnerability in Cluster Interconnect for HP TruCluster Server 5.0A, 5.1, and 5.1A may allow local and remote attackers to cause a denial of service.	NVD-CWE-Other	CVE-2002-0711	2016-10-18 11:21	2002-11-12	表示	GitHub Exploit DB Packet Storm

352957	7.5	HIGH	squid	squid	Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyus…	NVD-CWE-Other	CVE-2002-0713	2016-10-18 11:21	2002-07-26	表示	GitHub Exploit DB Packet Storm

352958	7.5	HIGH	squid	squid	FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server…	NVD-CWE-Other	CVE-2002-0714	2016-10-18 11:21	2002-07-26	表示	GitHub Exploit DB Packet Storm

352959	5.0	MEDIUM	squid	squid	Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password.	NVD-CWE-Other	CVE-2002-0715	2016-10-18 11:21	2002-07-26	表示	GitHub Exploit DB Packet Storm

352960	7.2	HIGH	sco	openserver	Format string vulnerability in crontab for SCO OpenServer 5.0.5 and 5.0.6 allows local users to gain privileges via format string specifiers in the file name argument.	NVD-CWE-Other	CVE-2002-0716	2016-10-18 11:21	2002-07-26	表示	GitHub Exploit DB Packet Storm

352961	7.5	HIGH	php	php	PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP POST request with certain arguments in a multipart/form-data form, which gener…	NVD-CWE-Other	CVE-2002-0717	2016-10-18 11:21	2002-07-26	表示	GitHub Exploit DB Packet Storm

352962	5.0	MEDIUM	microsoft	sql_server	Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.	NVD-CWE-Other	CVE-2002-0729	2016-10-18 11:21	2002-08-12	表示	GitHub Exploit DB Packet Storm

352963	7.5	HIGH	c-note padl_software	squid_auth_ldap nss_ldap pam_ldap	Format string vulnerability in the logging() function in C-Note Squid LDAP authentication module (squid_auth_LDAP) 2.0.2 and earlier allows remote attackers to cause a denial of service and possibly …	NVD-CWE-Other	CVE-2002-0735	2016-10-18 11:21	2002-08-12	表示	GitHub Exploit DB Packet Storm

352964	7.5	HIGH	postgresql	postgresql	The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the que…	NVD-CWE-Other	CVE-2002-0802	2016-10-18 11:21	2002-08-12	表示	GitHub Exploit DB Packet Storm

352965	5.0	MEDIUM	lotus	domino	htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, su…	NVD-CWE-Other	CVE-2002-0407	2016-10-18 11:20	2002-07-26	表示	GitHub Exploit DB Packet Storm

352966	5.0	MEDIUM	lotus	domino	htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates a…	NVD-CWE-Other	CVE-2002-0408	2016-10-18 11:20	2002-07-26	表示	GitHub Exploit DB Packet Storm

352967	5.0	MEDIUM	microsoft	.net_framework	orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote attackers to view the orders of other users by modifying the …	NVD-CWE-Other	CVE-2002-0409	2016-10-18 11:20	2002-07-26	表示	GitHub Exploit DB Packet Storm

352968	7.5	HIGH	luca_deri	ntop	Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, vi…	NVD-CWE-Other	CVE-2002-0412	2016-10-18 11:20	2002-08-12	表示	GitHub Exploit DB Packet Storm

352969	3.6	LOW	linux	linux_kernel	The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface (lcall).	NVD-CWE-Other	CVE-2002-0429	2016-10-18 11:20	2002-08-12	表示	GitHub Exploit DB Packet Storm

352970	5.0	MEDIUM	qualcomm	eudora	Eudora 5.1 and earlier versions stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and …	NVD-CWE-Other	CVE-2002-0456	2016-10-18 11:20	2002-08-12	表示	GitHub Exploit DB Packet Storm

352971	4.6	MEDIUM	ecartis listar	ecartis listar	Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot 20020427 and earlier allow local users to gain privileges via (1) a long command line argument, which is not properly handled in core.c…	NVD-CWE-Other	CVE-2002-0468	2016-10-18 11:20	2002-08-12	表示	GitHub Exploit DB Packet Storm

352972	7.5	HIGH	macromedia	flash_player	Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote attackers to execute arbitrary programs via a .SWF file containing the "exec" FSCommand.	NVD-CWE-Other	CVE-2002-0477	2016-10-18 11:20	2002-08-12	表示	GitHub Exploit DB Packet Storm

352973	5.0	MEDIUM	foundrynet	edgeiron	The default configuration of Foundry Networks EdgeIron 4802F allows remote attackers to modify sensitive information via arbitrary SNMP community strings.	NVD-CWE-Other	CVE-2002-0478	2016-10-18 11:20	2002-08-12	表示	GitHub Exploit DB Packet Storm

352974	10.0	HIGH	iss	realsecure_nokia	ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is configured to allow a user "skank" on a machine "starscream" to become a key manager when the "first time connection" feature is en…	NVD-CWE-Other	CVE-2002-0480	2016-10-18 11:20	2002-08-12	表示	GitHub Exploit DB Packet Storm

352975	5.0	MEDIUM	php	php	move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system.	NVD-CWE-Other	CVE-2002-0484	2016-10-18 11:20	2002-08-12	表示	GitHub Exploit DB Packet Storm

352976	10.0	HIGH	linux_directory_penguin	nslookup	Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the (1) query or (2) type parameters.	NVD-CWE-Other	CVE-2002-0489	2016-10-18 11:20	2002-08-12	表示	GitHub Exploit DB Packet Storm

352977	5.0	MEDIUM	phpbb_group	phpbb	phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags.	NVD-CWE-Other	CVE-2002-0533	2016-10-18 11:20	2002-08-12	表示	GitHub Exploit DB Packet Storm

352978	7.2	HIGH	openbsd	openbsd	mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cro…	NVD-CWE-Other	CVE-2002-0542	2016-10-18 11:20	2002-07-3	表示	GitHub Exploit DB Packet Storm

352979	5.0	MEDIUM	oracle	application_server application_server_web_cache oracle8i oracle9i	PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listpri…	NVD-CWE-Other	CVE-2002-0560	2016-10-18 11:20	2002-07-3	表示	GitHub Exploit DB Packet Storm

352980	7.5	HIGH	oracle	application_server application_server_web_cache oracle8i oracle9i	The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and mod…	NVD-CWE-Other	CVE-2002-0561	2016-10-18 11:20	2002-07-3	表示	GitHub Exploit DB Packet Storm

352981	5.0	MEDIUM	oracle	application_server application_server_web_cache oracle9i	The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information inclu…	NVD-CWE-Other	CVE-2002-0562	2016-10-18 11:20	2002-07-3	表示	GitHub Exploit DB Packet Storm

352982	7.5	HIGH	oracle	application_server application_server_web_cache oracle8i oracle9i	PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate …	NVD-CWE-Other	CVE-2002-0564	2016-10-18 11:20	2002-07-3	表示	GitHub Exploit DB Packet Storm

352983	2.1	LOW	oracle	application_server oracle8i oracle9i	Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConf…	NVD-CWE-Other	CVE-2002-0568	2016-10-18 11:20	2002-07-3	表示	GitHub Exploit DB Packet Storm

352984	7.5	HIGH	oracle	application_server	Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL Servlet (XSQLServlet).	NVD-CWE-Other	CVE-2002-0569	2016-10-18 11:20	2002-07-3	表示	GitHub Exploit DB Packet Storm

352985	7.5	HIGH	openbsd	openssh	Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privile…	NVD-CWE-Other	CVE-2002-0575	2016-10-18 11:20	2002-06-18	表示	GitHub Exploit DB Packet Storm

352986	5.0	MEDIUM	snapgear	snapgear_lite\+_firewall	Snapgear Lite+ firewall 1.5.3 allows remote attackers to cause a denial of service (IPSEC crash) via a zero length packet to UDP port 500.	NVD-CWE-Other	CVE-2002-0603	2016-10-18 11:20	2002-06-18	表示	GitHub Exploit DB Packet Storm

352987	5.0	MEDIUM	snapgear	snapgear_lite\+_firewall	Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote attackers to cause a denial of service (crash) via a large number of packets with malformed IP options.	NVD-CWE-Other	CVE-2002-0604	2016-10-18 11:20	2002-06-18	表示	GitHub Exploit DB Packet Storm

352988	7.5	HIGH	macromedia	flash_player	Buffer overflow in Flash OCX for Macromedia Flash 6 revision 23 (6,0,23,0) allows remote attackers to execute arbitrary code via a long movie parameter.	NVD-CWE-Other	CVE-2002-0605	2016-10-18 11:20	2002-06-18	表示	GitHub Exploit DB Packet Storm

352989	6.2	MEDIUM	mandrakesoft hp redhat	mandrake_single_network_firewall secure_os mandrake_linux mandrake_linux_corporate_server linux	setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow lo…	NVD-CWE-Other	CVE-2002-0638	2016-10-18 11:20	2002-08-12	表示	GitHub Exploit DB Packet Storm

352990	7.5	HIGH	gator	gator	Gator ActiveX component (IEGator.dll) 3.0.6.1 allows remote web sites to install arbitrary software by specifying a Trojan Gator installation file (setup.ex_) in the src parameter.	NVD-CWE-Other	CVE-2002-0317	2016-10-18 11:19	2002-06-25	表示	GitHub Exploit DB Packet Storm

352991	5.0	MEDIUM	freeradius	freeradius	FreeRADIUS RADIUS server allows remote attackers to cause a denial of service (CPU consumption) via a flood of Access-Request packets.	NVD-CWE-Other	CVE-2002-0318	2016-10-18 11:19	2002-06-25	表示	GitHub Exploit DB Packet Storm

352992	7.5	HIGH	powie	pforum	Cross-site scripting vulnerability in edituser.php for pforum 1.14 and earlier allows remote attackers to execute script and steal cookies from other users via Javascript in a username.	NVD-CWE-Other	CVE-2002-0319	2016-10-18 11:19	2002-06-25	表示	GitHub Exploit DB Packet Storm

352993	7.5	HIGH	yahoo	messenger	Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) message or (2) IMvironment field.	NVD-CWE-Other	CVE-2002-0320	2016-10-18 11:19	2002-06-25	表示	GitHub Exploit DB Packet Storm

352994	5.0	MEDIUM	yahoo	messenger	Yahoo! Messenger 5.0 allows remote attackers to spoof other users by modifying the username and using the spoofed username for social engineering or denial of service (flooding) attacks.	NVD-CWE-Other	CVE-2002-0321	2016-10-18 11:19	2002-06-25	表示	GitHub Exploit DB Packet Storm

352995	7.5	HIGH	yahoo	messenger	Yahoo! Messenger 4.0 sends user passwords in cleartext, which could allow remote attackers to gain privileges of other users via sniffing.	NVD-CWE-Other	CVE-2002-0322	2016-10-18 11:19	2002-06-25	表示	GitHub Exploit DB Packet Storm

352996	5.0	MEDIUM	nombas	scriptease_webserver	comment2.jse in ScriptEase:WebServer allows remote attackers to read arbitrary files by specifying the target file as an argument in the URL.	NVD-CWE-Other	CVE-2002-0323	2016-10-18 11:19	2002-06-25	表示	GitHub Exploit DB Packet Storm

352997	7.5	HIGH	noah_gray	graymatter	Greymatter 1.21c and earlier with the Bookmarklet feature enabled allows remote attackers to read a cleartext password and gain administrative privileges by guessing the name of a gmrightclick-*.reg …	NVD-CWE-Other	CVE-2002-0324	2016-10-18 11:19	2002-06-25	表示	GitHub Exploit DB Packet Storm

352998	5.0	MEDIUM	working_resources_inc.	badblue	Directory traversal vulnerability in BadBlue before 1.6.1 allows remote attackers to read arbitrary files via a ... (modified dot dot) in the URL.	NVD-CWE-Other	CVE-2002-0325	2016-10-18 11:19	2002-06-25	表示	GitHub Exploit DB Packet Storm

352999	7.5	HIGH	working_resources_inc.	badblue	Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows remote attackers to execute arbitrary script and possibly additional commands via a URL that contains Javascript.	NVD-CWE-Other	CVE-2002-0326	2016-10-18 11:19	2002-06-25	表示	GitHub Exploit DB Packet Storm

353000	7.2	HIGH	century_software	term	Buffer overflow in Century Software TERM allows local users to gain root privileges via a long tty argument to the callin program.	NVD-CWE-Other	CVE-2002-0327	2016-10-18 11:19	2002-06-25	表示	GitHub Exploit DB Packet Storm