NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2026年6月23日4:00

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
355101 10.0 HIGH
- - Multiple unspecified vulnerabilities in Oracle Database Server 10g up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB02, (2) DB03, and (3) DB05 in Change Data Capture; (… NVD-CWE-Other
CVE-2005-3439 2012-10-23 10:51 2005-11-2 表示 GitHub Exploit DB Packet Storm
355102 10.0 HIGH
oracle database_server Unspecified vulnerability in Database Scheduler in Oracle Database Server 10g up to 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln# DB08. NVD-CWE-Other
CVE-2005-3440 2012-10-23 10:51 2005-11-2 表示 GitHub Exploit DB Packet Storm
355103 10.0 HIGH
- - Unspecified vulnerability in Intelligent Agent in Oracle Database Server 9i up to 9.0.1.5 has unknown impact and attack vectors, aka Oracle Vuln# DB14. NVD-CWE-Other
CVE-2005-3441 2012-10-23 10:51 2005-11-2 表示 GitHub Exploit DB Packet Storm
355104 10.0 HIGH
- - Multiple unspecified vulnerabilities in Oracle Database Server 8i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB09 in Export, (2) DB11 in Materialized Views, and (3)… NVD-CWE-Other
CVE-2005-3442 2012-10-23 10:51 2005-11-2 表示 GitHub Exploit DB Packet Storm
355105 10.0 HIGH
oracle database_server Unspecified vulnerability in the Spatial component in Oracle Database Server from 9i up to 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln# DB17. NVD-CWE-Other
CVE-2005-3443 2012-10-23 10:51 2005-11-2 表示 GitHub Exploit DB Packet Storm
355106 10.0 HIGH
oracle database_server Multiple unspecified vulnerabilities in the Programmatic Interface in Oracle Database Server from 8i up to 9.2.0.5 have unknown impact and attack vectors, aka Oracle Vuln# DB26. NVD-CWE-Other
CVE-2005-3444 2012-10-23 10:51 2005-11-2 表示 GitHub Exploit DB Packet Storm
355107 10.0 HIGH
oracle application_server
database_server 		Multiple unspecified vulnerabilities in HTTP Server in Oracle Database Server 8i up to 10.1.0.4.2 and Application Server 1.0.2.2 up to 10.1.2.0 have unknown impact and attack vectors, aka Oracle Vuln… NVD-CWE-Other
CVE-2005-3445 2012-10-23 10:51 2005-11-2 表示 GitHub Exploit DB Packet Storm
355108 10.0 HIGH
oracle application_server
database_server 		Unspecified vulnerability in Internet Directory in Oracle Database Server 9i up to 9.2.0.6 and Application Server 9.0.2.3 up to 10.1.2.0 has unknown impact and attack vectors, aka Oracle Vuln# DB32 a… NVD-CWE-Other
CVE-2005-3446 2012-10-23 10:51 2005-11-2 表示 GitHub Exploit DB Packet Storm
355109 10.0 HIGH
- - Unspecified vulnerability in Single Sign-On in Oracle Database Server 10g up to 10.1.0.4.2 and Application Server 9.0.2.3 up to 9.0.4.2 has unknown impact and attack vectors, aka Oracle Vuln# DB33 an… NVD-CWE-Other
CVE-2005-3447 2012-10-23 10:51 2005-11-2 表示 GitHub Exploit DB Packet Storm
355110 10.0 HIGH
oracle application_server Unspecified vulnerability in the OC4J Module in Oracle Application Server 9.0 up to 10.1.2.0.2 has unknown impact and attack vectors, as identified by Oracle Vuln# AS01. NVD-CWE-Other
CVE-2005-3448 2012-10-23 10:51 2005-11-2 表示 GitHub Exploit DB Packet Storm
355111 10.0 HIGH
oracle application_server Multiple unspecified vulnerabilities in Oracle Application Server 9.0 up to 10.1.2.0 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) AS02 in Containers for J2EE, (2) AS07 in… NVD-CWE-Other
CVE-2005-3449 2012-10-23 10:51 2005-11-2 表示 GitHub Exploit DB Packet Storm
355112 10.0 HIGH
oracle application_server Unspecified vulnerability in the HTTP Server in Oracle Application Server 1.0 up to 9.0.2.3 has unknown impact and attack vectors, as identified by Oracle Vuln# AS04. NVD-CWE-Other
CVE-2005-3450 2012-10-23 10:51 2005-11-2 表示 GitHub Exploit DB Packet Storm
355113 10.0 HIGH
oracle application_server Unspecified vulnerability in SQL*ReportWriter in Oracle Application Server 9.0 up to 9.0.2.1 has unknown impact and attack vectors, as identified by Oracle Vuln# AS10. NVD-CWE-Other
CVE-2005-3451 2012-10-23 10:51 2005-11-2 表示 GitHub Exploit DB Packet Storm
355114 10.0 HIGH
oracle application_server Unspecified vulnerability in Web Cache in Oracle Application Server 1.0 up to 9.0.4.2 has unknown impact and attack vectors, as identified by Oracle Vuln# AS13. NVD-CWE-Other
CVE-2005-3452 2012-10-23 10:51 2005-11-2 表示 GitHub Exploit DB Packet Storm
355115 10.0 HIGH
oracle application_server Multiple unspecified vulnerabilities in Web Cache in Oracle Application Server 1.0 up to 10.1.2.0 has unknown impact and attack vectors, as identified by Oracle Vuln# (1) AS12 and (2) AS14. NVD-CWE-Other
CVE-2005-3453 2012-10-23 10:51 2005-11-2 表示 GitHub Exploit DB Packet Storm
355116 10.0 HIGH
oracle collaboration_suite Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10g Release 1 version 10.1.1 and 9i Release 2 9.0.4.2 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) OCS0… NVD-CWE-Other
CVE-2005-3454 2012-10-23 10:51 2005-11-2 表示 GitHub Exploit DB Packet Storm
355117 10.0 HIGH
oracle e-business_suite Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5 up to 11.5.10 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) APPS01 in Application Ins… NVD-CWE-Other
CVE-2005-3455 2012-10-23 10:51 2005-11-2 表示 GitHub Exploit DB Packet Storm
355118 10.0 HIGH
- - Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5 up to 11.5.9 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) APPS04 in Application Obje… NVD-CWE-Other
CVE-2005-3456 2012-10-23 10:51 2005-11-2 表示 GitHub Exploit DB Packet Storm
355119 10.0 HIGH
oracle e-business_suite Unspecified vulnerability in Oracle E-Business Suite and Applications 11.0 up to 11.5.10 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS08 in HRMS. NVD-CWE-Other
CVE-2005-3457 2012-10-23 10:51 2005-11-2 表示 GitHub Exploit DB Packet Storm
355120 10.0 HIGH
- - Unspecified vulnerability in Oracle E-Business Suite and Applications 11.0 up to 11.5.9 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS19 in Workflow Cartridge. NVD-CWE-Other
CVE-2005-3458 2012-10-23 10:51 2005-11-2 表示 GitHub Exploit DB Packet Storm
355121 10.0 HIGH
oracle clinical
e-business_suite 		Unspecified vulnerability in Oracle E-Business Suite and Applications 4.5 up to 4.5.1 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS22 in Oracle Clinical. NVD-CWE-Other
CVE-2005-3459 2012-10-23 10:51 2005-11-2 表示 GitHub Exploit DB Packet Storm
355122 10.0 HIGH
oracle 10g_enterprise_manager_database_control
enterprise_manager_application_server_control 		Unspecified vulnerability in Oracle Agent in Oracle Enterprise Manager 9.0.4.1 up to 10.1.0.4 has unknown impact and attack vectors, as identified by Oracle Vuln# EM01. NVD-CWE-Other
CVE-2005-3460 2012-10-23 10:51 2005-11-2 表示 GitHub Exploit DB Packet Storm
355123 10.0 HIGH
oracle peoplesoft_enterprise Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46.02 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE02. NVD-CWE-Other
CVE-2005-3462 2012-10-23 10:51 2005-11-2 表示 GitHub Exploit DB Packet Storm
355124 10.0 HIGH
oracle peoplesoft_enterprise Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE04. NVD-CWE-Other
CVE-2005-3464 2012-10-23 10:51 2005-11-2 表示 GitHub Exploit DB Packet Storm
355125 10.0 HIGH
jdedwards
oracle 		oneworld_xe
enterpriseone 		Unspecified vulnerability in JDEdwards HTML Server in Oracle EnterpriseOne 8.94 OneWorld XE up to 8.95_B1, 8.94_Q1, and SP23_K1 has unknown impact and attack vectors, as identified by Oracle Vuln# JD… NVD-CWE-Other
CVE-2005-3465 2012-10-23 10:51 2005-11-2 表示 GitHub Exploit DB Packet Storm
355126 10.0 HIGH
oracle peoplesoft_enterprise_customer_relationship_management Unspecified vulnerability in Enterprise CRM Sales in Oracle 8.81 up to 8.9 has unknown impact and attack vectors, as identified by Oracle Vuln# CRM01. NVD-CWE-Other
CVE-2005-3466 2012-10-23 10:51 2005-11-2 表示 GitHub Exploit DB Packet Storm
355127 4.3 MEDIUM
accomplishtechnology phpmydirectory Cross-site scripting (XSS) vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the letter parameter. NOTE: the provenan… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2006-4755 2012-10-22 13:00 2006-09-14 表示 GitHub Exploit DB Packet Storm
355128 7.5 HIGH
accomplishtechnology phpmydirectory SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to execute arbitrary SQL commands via the letter parameter. NOTE: the provenance of this informa… CWE-89
SQLインジェクション 		CVE-2006-4756 2012-10-22 13:00 2006-09-14 表示 GitHub Exploit DB Packet Storm
355129 7.5 HIGH
plogger plogger SQL injection vulnerability in Plogger Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php and (2) page parameter. CWE-89
SQLインジェクション 		CVE-2005-4246 2012-10-22 13:00 2005-12-14 表示 GitHub Exploit DB Packet Storm
355130 4.3 MEDIUM
plogger plogger Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta 2 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2005-4247 2012-10-22 13:00 2005-12-14 表示 GitHub Exploit DB Packet Storm
355131 4.3 MEDIUM
k5n webcalendar Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to inject arbitrary web script or HTML via the (1) tab parameter to u… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-0636 2012-10-13 11:58 2010-02-13 表示 GitHub Exploit DB Packet Storm
355132 6.8 MEDIUM
k5n webcalendar Multiple cross-site request forgery (CSRF) vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to hijack the authentication of administrators for requests th… CWE-352
同一生成元ポリシー違反 		CVE-2010-0637 2012-10-13 11:58 2010-02-13 表示 GitHub Exploit DB Packet Storm
355133 7.5 HIGH
html2ps_project html2ps Unknown vulnerability in html2ps HTML/PostScript converter 1.0, when used within LPRng, allows remote attackers to execute arbitrary code via "unsanitized input." NVD-CWE-noinfo
CVE-2002-1275 2012-10-11 13:00 2002-11-12 表示 GitHub Exploit DB Packet Storm
355134 4.3 MEDIUM
colony colony_cms
colony_e-commerce_cms
colony_enterprise_cms
colony_government_cms 		Cross-site scripting (XSS) vulnerability in Colony CMS 2.75 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2005-4386 2012-08-6 13:00 2005-12-20 表示 GitHub Exploit DB Packet Storm
355135 4.3 MEDIUM
secureideas basic_analysis_and_security_engine Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[1] parame… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-4837 2012-07-3 13:00 2010-05-6 表示 GitHub Exploit DB Packet Storm
355136 7.5 HIGH
secureideas basic_analysis_and_security_engine SQL injection vulnerability in base_ag_common.php in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NO… CWE-89
SQLインジェクション 		CVE-2009-4838 2012-07-3 13:00 2010-05-6 表示 GitHub Exploit DB Packet Storm
355137 4.3 MEDIUM
secureideas basic_analysis_and_security_engine Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE), possibly 1.4.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via unspeci… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-4839 2012-07-3 13:00 2010-05-6 表示 GitHub Exploit DB Packet Storm
355138 7.5 HIGH
acid
secureideas 		analysis_console_for_intrusion_databases
basic_analysis_and_security_engine 		Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2,… CWE-89
SQLインジェクション 		CVE-2005-3325 2012-07-3 13:00 2005-10-27 表示 GitHub Exploit DB Packet Storm
355139 6.4 MEDIUM
php php PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files. CWE-264
認可・権限・アクセス制御 		CVE-2001-1247 2012-06-25 13:00 2001-12-6 表示 GitHub Exploit DB Packet Storm
355140 6.8 MEDIUM
perforce perforce_server Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a .. (dot dot) in the argument to the "p4 add" command. CWE-22
パス・トラバーサル 		CVE-2010-0933 2012-06-15 13:00 2010-03-6 表示 GitHub Exploit DB Packet Storm
355141 7.5 HIGH
3com 3cp4144 3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, allows remote attackers to bypass port access restrictions by connecting to an approved port and quickly connecting to the desired… NVD-CWE-Other
CVE-2002-0888 2012-05-12 10:16 2002-10-4 表示 GitHub Exploit DB Packet Storm
355142 4.3 MEDIUM
apple iphone_os Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element. CWE-20
不適切な入力確認 		CVE-2010-1181 2012-03-30 13:00 2010-03-30 表示 GitHub Exploit DB Packet Storm
355143 4.6 MEDIUM
emc networker EMC NetWorker (formerly Legato NetWorker) before 7.0 stores log files in the /nsr/logs/ directory with world-readable permissions, which allows local users to read sensitive information and possibly … NVD-CWE-Other
CVE-2002-0113 2012-03-30 10:14 2002-03-25 表示 GitHub Exploit DB Packet Storm
355144 4.6 MEDIUM
emc networker EMC NetWorker (formerly Legato NetWorker) before 7.0 stores passwords in plaintext in the daemon.log file, which allows local users to gain privileges by reading the password from the file. NOTE: th… NVD-CWE-Other
CVE-2002-0114 2012-03-30 10:14 2002-03-25 表示 GitHub Exploit DB Packet Storm
355145 4.7 MEDIUM
linux linux_kernel The nfs_lock function in fs/nfs/file.c in the Linux kernel 2.6.9 does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a de… CWE-399
リソース管理の問題 		CVE-2007-6733 2012-03-19 13:00 2010-03-17 表示 GitHub Exploit DB Packet Storm
355146 7.5 HIGH
cacti cacti SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a va… CWE-89
SQLインジェクション 		CVE-2010-2092 2012-02-16 13:04 2010-05-28 表示 GitHub Exploit DB Packet Storm
355147 7.5 HIGH
cacti cacti SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter. CWE-89
SQLインジェクション 		CVE-2010-1431 2012-02-16 13:02 2010-05-5 表示 GitHub Exploit DB Packet Storm
355148 10.0 HIGH
hp power_manager Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter. CWE-119
バッファエラー 		CVE-2009-3999 2012-02-14 12:49 2010-01-21 表示 GitHub Exploit DB Packet Storm
355149 7.5 HIGH
cafuego simple_document_management_system Multiple SQL injection vulnerabilities in Simple Document Management System (SDMS) 2.0-CVS and earlier allow remote attackers to execute arbitrary SQL commands via the (1) folder_id parameter in list… CWE-89
SQLインジェクション 		CVE-2005-3877 2012-02-7 14:00 2005-11-29 表示 GitHub Exploit DB Packet Storm
355150 7.5 HIGH
plume-cms plume_cms Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 and earlier allow remote attackers to execute arbitrary PHP code via the _PX_config[manager_path] parameter to (1) articles.php, … CWE-94
コード・インジェクション 		CVE-2006-4533 2011-11-10 14:00 2006-09-2 表示 GitHub Exploit DB Packet Storm