NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月24日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
355001	5.0	MEDIUM	php	php	The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an…	CWE-200 情報漏えい	CVE-2010-1862	2016-08-23 11:01	2010-05-8	表示	GitHub Exploit DB Packet Storm

355002	5.0	MEDIUM	php	php	The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an…	CWE-200 情報漏えい	CVE-2010-1864	2016-08-23 11:01	2010-05-8	表示	GitHub Exploit DB Packet Storm

355003	5.0	MEDIUM	php	php	The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (mem…	CWE-200 情報漏えい	CVE-2010-2097	2016-08-23 11:01	2010-05-28	表示	GitHub Exploit DB Packet Storm

355004	5.0	MEDIUM	php	php	The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, and (6) strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attacker…	CWE-200 情報漏えい	CVE-2010-2100	2016-08-23 11:01	2010-05-28	表示	GitHub Exploit DB Packet Storm

355005	5.0	MEDIUM	php	php	The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, and (6) str_pad functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain …	CWE-200 情報漏えい	CVE-2010-2101	2016-08-23 11:01	2010-05-28	表示	GitHub Exploit DB Packet Storm

355006	5.0	MEDIUM	multitheftauto	multitheftauto	MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted command 40 that causes a -1 length to be used and triggers an out-of-boun…	CWE-119 バッファエラー	CVE-2005-3065	2016-05-28 00:46	2005-09-28	表示	GitHub Exploit DB Packet Storm

355007	7.5	HIGH	clam_anti-virus	clamav	The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, whic…	CWE-20 不適切な入力確認	CVE-2005-1795	2016-05-26 03:34	2005-05-27	表示	GitHub Exploit DB Packet Storm

355008	5.0	MEDIUM	cosmicperl	directory_pro	Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl Directory Pro 2.0 allows remote attackers to gain sensitive information via a .. (dot dot) in the SHOW parameter.	CWE-22 パス・トラバーサル	CVE-2001-0780	2016-05-26 02:38	2001-10-18	表示	GitHub Exploit DB Packet Storm

355009	7.5	HIGH	xli xloadimage	xli xloadimage	Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux allows remote attackers to execute arbitrary code via a FACES format image containing a long (1) Firstname or (2) Lastname field.	CWE-119 バッファエラー	CVE-2001-0775	2016-05-20 12:00	2001-10-18	表示	GitHub Exploit DB Packet Storm

355010	10.0	HIGH	oracle	peoplesoft_enterprise	Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46.03 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE03.	NVD-CWE-noinfo	CVE-2005-3463	2016-05-12 03:14	2005-11-2	表示	GitHub Exploit DB Packet Storm

355011	7.2	HIGH	apple perry_kiehtreiber	mac_os_x mac_os_x_server securityd	Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should be restricted to administrators.	CWE-264 認可・権限・アクセス制御	CVE-2005-2741	2016-05-10 01:50	2005-10-26	表示	GitHub Exploit DB Packet Storm

355012	7.5	HIGH	sgi	irix	Unknown vulnerability in rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not sufficiently restrict access rights for read-mostly exports, which allows attackers to conduct unauthorized activit…	CWE-264 認可・権限・アクセス制御	CVE-2005-0139	2016-05-10 01:49	2005-09-22	表示	GitHub Exploit DB Packet Storm

355013	7.5	HIGH	sgi	irix	rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not correctly allow access to anonymous clients that connect from a system whose hostname can not be determined. NOTE: while this issue occurs …	CWE-17 コード	CVE-2005-0138	2016-05-10 00:32	2005-09-22	表示	GitHub Exploit DB Packet Storm

355014	10.0	HIGH	-	-	Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.42 up to 8.45.17 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE01.	NVD-CWE-Other	CVE-2005-3461	2016-04-30 10:59	2005-11-2	表示	GitHub Exploit DB Packet Storm

355015	5.1	MEDIUM	geodesicsolutions	geoauctions_premier geoclassifieds_basic	SQL injection vulnerability in index.php in GeodesicSolutions (1) GeoAuctions Premier 2.0.3 and (2) GeoClassifieds Basic 2.0.3 allows remote attackers to execute arbitrary SQL commands via the b para…	CWE-89 SQLインジェクション	CVE-2006-3823	2015-09-2 01:59	2006-07-25	表示	GitHub Exploit DB Packet Storm

355016	5.1	MEDIUM	geodesicsolutions	geoauctions_premier geoclassifieds_basic	Successful exploitation requires that the 'accumulative feedback' feature is turned on.	CWE-89 SQLインジェクション	CVE-2006-3823	2015-09-2 01:59	2006-07-25	表示	GitHub Exploit DB Packet Storm

355017	5.0	MEDIUM	roundcube	webmail	Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the netwo…	CWE-200 情報漏えい	CVE-2010-0464	2015-08-25 01:43	2010-01-30	表示	GitHub Exploit DB Packet Storm

355018	4.0	MEDIUM	ez	ez_publish	eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request…	CWE-399 リソース管理の問題	CVE-2005-4857	2015-07-29 00:04	2005-12-31	表示	GitHub Exploit DB Packet Storm

355019	5.0	MEDIUM	ez	ez_publish	The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain …	CWE-19 データ処理	CVE-2005-4856	2015-07-29 00:03	2005-12-31	表示	GitHub Exploit DB Packet Storm

355020	5.0	MEDIUM	ez	ez_publish	eZ publish 3.5 through 3.7 before 20050830 does not use a folder's read permissions to restrict notifications, which allows remote authenticated users to obtain sensitive information about changes to…	CWE-264 認可・権限・アクセス制御	CVE-2005-4854	2015-07-28 23:55	2005-12-31	表示	GitHub Exploit DB Packet Storm

355021	9.4	HIGH	ez	ez_publish	The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not restrict edit permissions to a posting's owner, …	CWE-264 認可・権限・アクセス制御	CVE-2005-4853	2015-07-28 23:41	2005-12-31	表示	GitHub Exploit DB Packet Storm

355022	9.4	HIGH	ez	ez_publish	Vendor has fixed this vulnerability in an upgrade starting at 3.5.5: http://ez.no/download/ez_publish	CWE-264 認可・権限・アクセス制御	CVE-2005-4853	2015-07-28 23:41	2005-12-31	表示	GitHub Exploit DB Packet Storm

355023	5.1	MEDIUM	mp3info	mp3info	Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this …	NVD-CWE-Other	CVE-2006-2465	2014-05-31 11:22	2006-05-19	表示	GitHub Exploit DB Packet Storm

355024	7.1	HIGH	emc	avamar	Unspecified vulnerability in EMC Avamar 4.1.x and 5.0 before SP1 allows remote attackers to cause a denial of service (gsan service hang) by sending a crafted message using TCP.	NVD-CWE-noinfo	CVE-2010-1919	2014-05-5 13:43	2010-05-29	表示	GitHub Exploit DB Packet Storm

355025	5.0	MEDIUM	perl	perl	Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular…	CWE-189 数値処理の問題	CVE-2010-1158	2013-10-24 12:22	2010-04-21	表示	GitHub Exploit DB Packet Storm

355026	7.2	HIGH	larry_wall	perl	Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build dir…	NVD-CWE-Other	CVE-2005-4278	2013-10-24 10:56	2005-12-16	表示	GitHub Exploit DB Packet Storm

355027	5.0	MEDIUM	argosoft	argosoft_mail_server	ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to cause a denial of service (CPU consumption) by forwarding the email to the user while autoresponse is enabled, which creates an infin…	NVD-CWE-Other	CVE-2002-1005	2013-10-1 10:22	2002-10-4	表示	GitHub Exploit DB Packet Storm

355028	5.0	MEDIUM	mms.pipp	com_mmsblog	Directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot do…	CWE-22 パス・トラバーサル	CVE-2010-1491	2013-09-13 15:31	2010-04-23	表示	GitHub Exploit DB Packet Storm

355029	4.3	MEDIUM	mediawiki	mediawiki	thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers …	CWE-264 認可・権限・アクセス制御	CVE-2010-1190	2013-09-13 15:30	2010-04-1	表示	GitHub Exploit DB Packet Storm

355030	7.5	HIGH	uiga	business_portal	Multiple SQL injection vulnerabilities in Uiga Business Portal allow remote attackers to execute arbitrary SQL commands via the (1) noentryid parameter to blog/index.php and the (2) p parameter to in…	CWE-89 SQLインジェクション	CVE-2010-1049	2013-09-12 15:08	2010-03-23	表示	GitHub Exploit DB Packet Storm

355031	6.8	MEDIUM	openedit_inc	openedit	Cross-site scripting (XSS) vulnerability in store/search/results.html in OpenEdit 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) oe-action and (2) page par…	NVD-CWE-Other	CVE-2005-4476	2013-09-12 13:48	2005-12-22	表示	GitHub Exploit DB Packet Storm

355032	7.5	HIGH	apple	mac_os_x mac_os_x_server	Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspe…	CWE-22 パス・トラバーサル	CVE-2010-0533	2013-09-11 02:18	2010-03-31	表示	GitHub Exploit DB Packet Storm

355033	5.0	MEDIUM	ternaria	com_vjdeo	Directory traversal vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.…	CWE-22 パス・トラバーサル	CVE-2010-1354	2013-09-9 14:58	2010-04-13	表示	GitHub Exploit DB Packet Storm

355034	4.6	MEDIUM	apple	mac_os_x mac_os_x_server	Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which le…	NVD-CWE-Other	CVE-2006-1220	2013-09-6 13:53	2006-03-14	表示	GitHub Exploit DB Packet Storm

355035	2.1	LOW	netbsd	netbsd	The audio_write function in NetBSD 3.0 allows local users to cause a denial of service (kernel crash) by using the audiosetinfo ioctl to change the sample rate of an audio device.	NVD-CWE-Other	CVE-2006-2205	2013-09-5 13:53	2006-05-5	表示	GitHub Exploit DB Packet Storm

355036	6.2	MEDIUM	ossp	mm	OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.	NVD-CWE-Other	CVE-2002-0658	2013-09-4 13:18	2002-08-12	表示	GitHub Exploit DB Packet Storm

355037	9.3	HIGH	hp	hp-ux	rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory.	NVD-CWE-Other	CVE-1999-0353	2013-09-3 13:01	1999-02-10	表示	GitHub Exploit DB Packet Storm

355038	4.3	MEDIUM	iatek	siteenable	Cross-site scripting (XSS) vulnerability in login.asp in SiteEnable 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the ret_page parameter.	NVD-CWE-Other	CVE-2005-4483	2013-08-30 13:50	2005-12-22	表示	GitHub Exploit DB Packet Storm

355039	7.5	HIGH	sane	sane sane-backend	saned in sane-backends 1.0.7 and earlier does not check the IP address of the connecting host during the SANE_NET_INIT RPC call, which allows remote attackers to use that call even if they are restri…	NVD-CWE-Other	CVE-2003-0773	2013-08-23 13:29	2003-09-22	表示	GitHub Exploit DB Packet Storm

355040	7.5	HIGH	mario_matzulla	cal	SQL injection vulnerability in the Calendar Base (cal) extension before 1.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via iCalendar data.	CWE-89 SQLインジェクション	CVE-2010-2131	2013-08-22 15:23	2010-06-3	表示	GitHub Exploit DB Packet Storm

355041	5.0	MEDIUM	joomlaworks	jw_allvideos	Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../..…	CWE-22 パス・トラバーサル	CVE-2010-0696	2013-08-21 15:18	2010-02-24	表示	GitHub Exploit DB Packet Storm

355042	7.6	HIGH	sgi	irix	System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote attackers to execute commands by providing a trojan horse (1) runtask or (2) runexec descriptor file, which is used to execute a System…	NVD-CWE-Other	CVE-1999-1183	2013-08-21 13:05	1998-04-2	表示	GitHub Exploit DB Packet Storm

355043	5.0	MEDIUM	mcafee	asap_virusscan	Directory traversal vulnerability in McAfee ASaP VirusScan agent 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request.	NVD-CWE-Other	CVE-2001-1144	2013-08-17 13:16	2001-07-11	表示	GitHub Exploit DB Packet Storm

355044	5.0	MEDIUM	sawmill	sawmill	SawMill 5.0.21 CGI program allows remote attackers to read the first line of arbitrary files by listing the file in the rfcf parameter, whose contents SawMill attempts to parse as configuration comma…	CWE-200 情報漏えい	CVE-2000-0588	2013-07-30 13:00	2000-06-26	表示	GitHub Exploit DB Packet Storm

355045	7.5	HIGH	sawmill	sawmill	SawMill 5.0.21 uses weak encryption to store passwords, which allows attackers to easily decrypt the password and modify the SawMill configuration.	CWE-310 暗号の問題	CVE-2000-0589	2013-07-30 13:00	2000-06-26	表示	GitHub Exploit DB Packet Storm

355046	4.6	MEDIUM	ibm	aix	Buffer overflows in muxatmd in AIX 4 allows an attacker to cause a core dump and possibly execute code.	NVD-CWE-Other	CVE-2001-1096	2013-07-25 23:18	2001-10-9	表示	GitHub Exploit DB Packet Storm

355047	4.3	MEDIUM	je_form_creator	je_form_creator	Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory travers…	CWE-22 パス・トラバーサル	CVE-2010-1217	2013-07-23 17:57	2010-03-31	表示	GitHub Exploit DB Packet Storm

355048	7.5	HIGH	mcafee	epolicy_orchestrator	Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request with format strings in the computer…	NVD-CWE-Other	CVE-2003-0616	2013-07-23 14:04	2003-08-27	表示	GitHub Exploit DB Packet Storm

355049	4.6	MEDIUM	hp	mpe_ix	Local users can gain privileges using the debug utility in the MPE/iX operating system.	NVD-CWE-Other	CVE-1999-0447	2013-07-23 13:04	1999-04-1	表示	GitHub Exploit DB Packet Storm

355050	7.2	HIGH	hp	hp-ux	HP-UX vgdisplay program gives root access to local users.	NVD-CWE-Other	CVE-1999-0309	2013-07-21 13:11	1997-02-1	表示	GitHub Exploit DB Packet Storm