NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月23日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
355151	5.8	MEDIUM	ffmpeg	ffmpeg	oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted…	CWE-189 数値処理の問題	CVE-2009-4632	2011-10-26 11:44	2010-02-10	表示	GitHub Exploit DB Packet Storm

355152	10.0	HIGH	ffmpeg	ffmpeg	vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via…	CWE-189 数値処理の問題	CVE-2009-4633	2011-10-26 11:44	2010-02-10	表示	GitHub Exploit DB Packet Storm

355153	10.0	HIGH	ffmpeg	ffmpeg	Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec…	CWE-189 数値処理の問題	CVE-2009-4634	2011-10-26 11:44	2010-02-10	表示	GitHub Exploit DB Packet Storm

355154	9.3	HIGH	ffmpeg	ffmpeg	FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to us…	CWE-94 コード・インジェクション	CVE-2009-4635	2011-10-26 11:44	2010-02-10	表示	GitHub Exploit DB Packet Storm

355155	4.3	MEDIUM	ffmpeg	ffmpeg	FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop.	CWE-94 コード・インジェクション	CVE-2009-4636	2011-10-26 11:44	2010-02-10	表示	GitHub Exploit DB Packet Storm

355156	4.3	MEDIUM	ffmpeg	ffmpeg	The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) via a crafted AVI file that triggers a divide-by-zero error.	CWE-189 数値処理の問題	CVE-2009-4639	2011-10-26 11:44	2010-02-10	表示	GitHub Exploit DB Packet Storm

355157	4.3	MEDIUM	ffmpeg	ffmpeg	Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read.	CWE-189 数値処理の問題	CVE-2009-4640	2011-10-26 11:44	2010-02-10	表示	GitHub Exploit DB Packet Storm

355158	1.9	LOW	gnu	gnump3d	GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file.	CWE-59 リンク解釈の問題	CVE-2005-3349	2011-10-18 13:00	2005-11-19	表示	GitHub Exploit DB Packet Storm

355159	6.4	MEDIUM	gnu	gnump3d	Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values".	CWE-22 パス・トラバーサル	CVE-2005-3355	2011-10-18 13:00	2005-11-19	表示	GitHub Exploit DB Packet Storm

355160	5.0	MEDIUM	ibm	db2_universal_database	IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 allows remote attackers to cause a denial of service (application crash) by sending "incorrect information ... regarding the package name/creator…	CWE-399 リソース管理の問題	CVE-2006-3068	2011-10-17 13:00	2006-06-19	表示	GitHub Exploit DB Packet Storm

355161	2.1	LOW	linux-ha	heartbeat	heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly du…	CWE-264 認可・権限・アクセス制御	CVE-2006-3815	2011-10-17 13:00	2006-07-25	表示	GitHub Exploit DB Packet Storm

355162	7.5	HIGH	rim	blackberry_attachment_service blackberry_enterprise_server	Heap-based buffer overflow in Research in Motion (RIM) BlackBerry Attachment Service allows remote attackers to cause a denial of service (hang) via an e-mail attachment with a crafted TIFF file.	CWE-119 バッファエラー	CVE-2005-2341	2011-10-17 13:00	2005-12-31	表示	GitHub Exploit DB Packet Storm

355163	4.0	MEDIUM	microsoft canon	ie network_camera_server_vb101	Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPres…	CWE-200 情報漏えい	CVE-2006-2900	2011-10-11 13:00	2006-06-8	表示	GitHub Exploit DB Packet Storm

355164	5.0	MEDIUM	sun	j2se java_web_start	The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web Start 1.0 through 1.2 and J2SE 1.4.2 through 5.0 Update 5, allows remote attackers to exploit vulnerabilities by specifying a JRE ver…	CWE-264 認可・権限・アクセス制御	CVE-2006-4302	2011-10-11 13:00	2006-08-23	表示	GitHub Exploit DB Packet Storm

355165	5.0	MEDIUM	joomla	joomla	Joomla! before 1.0.11 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to…	CWE-20 不適切な入力確認	CVE-2006-4466	2011-10-11 13:00	2006-09-1	表示	GitHub Exploit DB Packet Storm

355166	4.3	MEDIUM	spymac	spymac_web_os	Multiple cross-site scripting (XSS) vulnerabilities in Spymac Web OS 4.0 allow remote attackers to inject arbitrary web script or HTML via (a) the blogs module, including the (1) curr parameter in in…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2005-3511	2011-09-13 13:00	2005-11-6	表示	GitHub Exploit DB Packet Storm

355167	3.5	LOW	horde	horde_application_framework	Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demons…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2005-4190	2011-09-13 13:00	2005-12-13	表示	GitHub Exploit DB Packet Storm

355168	4.3	MEDIUM	iatek	projectapp	Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp, (2) searc…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2005-4485	2011-09-13 13:00	2005-12-22	表示	GitHub Exploit DB Packet Storm

355169	4.3	MEDIUM	sitekit_solutions	sitekit_cms	Multiple cross-site scripting (XSS) vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) textonly, (3) locID, and…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2005-4491	2011-09-13 13:00	2005-12-22	表示	GitHub Exploit DB Packet Storm

355170	6.8	MEDIUM	iisworks	aspknowledgebase	Multiple cross-site scripting (XSS) vulnerabilities in ASP-Programmers.com ASPKnowledgebase allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrat…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2005-4658	2011-09-13 13:00	2005-12-31	表示	GitHub Exploit DB Packet Storm

355171	7.5	HIGH	oneplug_solutions	oneplug_cms	Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to execute arbitrary SQL commands via the (1) Press_Release_ID parameter in press/details.asp, (2) Servi…	CWE-89 SQLインジェクション	CVE-2006-0115	2011-09-8 13:00	2006-01-9	表示	GitHub Exploit DB Packet Storm

355172	6.8	MEDIUM	runcms	runcms	Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with register_globals and allow_url_fopen enabled, allow remote attackers to execute arbitrary code via the bbPath[path] pa…	CWE-94 コード・インジェクション	CVE-2006-0659	2011-09-8 13:00	2006-02-13	表示	GitHub Exploit DB Packet Storm

355173	6.8	MEDIUM	runcms	runcms	Successful exploitation requires that both "register_globals" and "allow_url_fopen" are enabled.	CWE-94 コード・インジェクション	CVE-2006-0659	2011-09-8 13:00	2006-02-13	表示	GitHub Exploit DB Packet Storm

355174	7.5	HIGH	joomla	joomla	Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors.	CWE-89 SQLインジェクション	CVE-2006-1049	2011-09-8 13:00	2006-03-7	表示	GitHub Exploit DB Packet Storm

355175	7.5	HIGH	papoo	papoo	Multiple SQL injection vulnerabilities in Papoo 2.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) menuid parameter to (a) index.php and (b) guestbook.php, and the…	CWE-89 SQLインジェクション	CVE-2005-4478	2011-09-8 13:00	2005-12-22	表示	GitHub Exploit DB Packet Storm

355176	10.0	HIGH	wordpress	wordpress	Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-20…	NVD-CWE-noinfo	CVE-2006-4028	2011-09-1 13:00	2006-08-10	表示	GitHub Exploit DB Packet Storm

355177	7.5	HIGH	oaboard	oaboard	PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_stat parameter, a different vulnerability than CVE-2006-00…	CWE-94 コード・インジェクション	CVE-2006-0094	2011-08-23 13:00	2006-01-5	表示	GitHub Exploit DB Packet Storm

355178	7.5	HIGH	desklance	desklance	PHP remote file inclusion vulnerability in support/index.php in DeskLance 2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the main parameter.	CWE-94 コード・インジェクション	CVE-2005-3835	2011-08-10 13:00	2005-11-27	表示	GitHub Exploit DB Packet Storm

355179	7.5	HIGH	x-scripts	x-poll	SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2.30, allows remote attackers to execute arbitrary SQL commands via the poll parameter. NOTE: the provenance of this information …	CWE-89 SQLインジェクション	CVE-2006-3960	2011-08-5 13:00	2006-08-2	表示	GitHub Exploit DB Packet Storm

355180	7.5	HIGH	newsboard	unclassified_newsboard	SQL injection vulnerability in search.inc.php in Unclassified NewsBoard before 1.5.3 Patch 4 allows remote attackers to execute arbitrary SQL commands via the (1) DateFrom or (2) DateUntil parameter …	CWE-89 SQLインジェクション	CVE-2005-3686	2011-08-5 13:00	2005-11-19	表示	GitHub Exploit DB Packet Storm

355181	7.5	HIGH	phpcomasy	phpcomasy	SQL injection vulnerability in index.php in phpComasy 0.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: an examination of the 0.7.5 source code …	CWE-89 SQLインジェクション	CVE-2005-3744	2011-08-5 13:00	2005-11-22	表示	GitHub Exploit DB Packet Storm

355182	7.5	HIGH	tru-zone	nukeet	SQL injection vulnerability in the Search module in Tru-Zone Nuke ET 3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the query parameter.	CWE-89 SQLインジェクション	CVE-2005-3748	2011-08-5 13:00	2005-11-22	表示	GitHub Exploit DB Packet Storm

355183	7.5	HIGH	omnistar_interactive	omnistar_live	SQL injection vulnerability in kb.php in Omnistar Live 5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) category_id parameter. NOTE: due to a typo, an…	CWE-89 SQLインジェクション	CVE-2005-3840	2011-08-5 13:00	2005-11-27	表示	GitHub Exploit DB Packet Storm

355184	7.5	HIGH	altantisfaq	altantis_knowledge_base_software	SQL injection vulnerability in search.php in AtlantisFAQ Knowledge Base Software 2.03 and earlier allows remote attackers to execute arbitrary SQL commands via the searchStr parameter.	CWE-89 SQLインジェクション	CVE-2005-3881	2011-08-5 13:00	2005-11-29	表示	GitHub Exploit DB Packet Storm

355185	7.5	HIGH	cfmagic	magic_list_pro	SQL injection vulnerability in view_archive.cfm in CFMagic Magic List Pro 2.5 allows remote attackers to execute arbitrary SQL commands via the ListID parameter.	CWE-89 SQLインジェクション	CVE-2005-4073	2011-08-5 13:00	2005-12-8	表示	GitHub Exploit DB Packet Storm

355186	5.1	MEDIUM	mimms xine	mimms xine-lib	Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arb…	CWE-119 バッファエラー	CVE-2006-2200	2011-08-2 13:00	2006-06-28	表示	GitHub Exploit DB Packet Storm

355187	5.1	MEDIUM	jed_wing	chm_lib	Stack-based buffer overflow in the _chm_find_in_PMGL function in chm_lib.c for chmlib before 0.36, as used in products such as KchmViewer, allows user-assisted attackers to execute arbitrary code via…	CWE-119 バッファエラー	CVE-2005-2930	2011-08-2 13:00	2005-10-29	表示	GitHub Exploit DB Packet Storm

355188	9.3	HIGH	freebsd nrl	freebsd opie	Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to c…	CWE-189 数値処理の問題	CVE-2010-1938	2011-07-29 11:37	2010-05-29	表示	GitHub Exploit DB Packet Storm

355189	4.3	MEDIUM	clamav	clamav	The cabd_find function in cabd.c of the libmspack library (mspack) for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted CAB fil…	CWE-399 リソース管理の問題	CVE-2005-3501	2011-07-14 13:00	2005-11-5	表示	GitHub Exploit DB Packet Storm

355190	5.0	MEDIUM	isc	dhcpd	The supersede_lease function in memory.c in ISC DHCP (dhcpd) server 2.0pl5 allows remote attackers to cause a denial of service (application crash) via a DHCPDISCOVER packet with a 32 byte client-ide…	CWE-399 リソース管理の問題	CVE-2006-3122	2011-06-13 13:00	2006-08-10	表示	GitHub Exploit DB Packet Storm

355191	5.0	MEDIUM	nlnetlabs	unbound	Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.	CWE-399 リソース管理の問題	CVE-2010-0969	2011-06-2 13:00	2010-03-17	表示	GitHub Exploit DB Packet Storm

355192	7.8	HIGH	trend_micro	serverprotect_earthagent	Trend Micro ServerProtect EarthAgent for Windows Management Console 5.58 and possibly earlier versions, when running with Trend Micro Control Manager 2.5 and 3.0, and Damage Cleanup Server 1.1, allow…	CWE-399 リソース管理の問題	CVE-2005-1928	2011-05-20 13:00	2005-12-15	表示	GitHub Exploit DB Packet Storm

355193	7.5	HIGH	eric_fichot	downfile	DownFile 1.3 allows remote attackers to gain administrator privileges via a direct request to (1) update.php, (2) del.php, and (3) add_form.php.	CWE-264 認可・権限・アクセス制御	CVE-2005-2819	2011-05-19 13:00	2005-09-8	表示	GitHub Exploit DB Packet Storm

355194	7.2	HIGH	realnetworks	realone_player realplayer	Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might…	CWE-264 認可・権限・アクセス制御	CVE-2005-2936	2011-05-19 13:00	2005-11-18	表示	GitHub Exploit DB Packet Storm

355195	4.3	MEDIUM	horde	horde	Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages".	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2005-3570	2011-05-19 13:00	2005-11-16	表示	GitHub Exploit DB Packet Storm

355196	7.5	HIGH	sun	java_communications_services_delegated_administrator	Unspecified vulnerability in System Communications Services 6 Delegated Administrator 2005Q1 in Sun Java System Messaging Server 2005Q1 allows remote attackers to obtain the Top-Level Administrator (…	NVD-CWE-noinfo	CVE-2005-4045	2011-05-19 13:00	2005-12-7	表示	GitHub Exploit DB Packet Storm

355197	7.5	HIGH	suse	opensuse suse_linux	SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.	CWE-264 認可・権限・アクセス制御	CVE-2010-0230	2011-04-28 13:00	2010-01-23	表示	GitHub Exploit DB Packet Storm

355198	2.1	LOW	tor	tor	Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory mirror, does not prevent logging of the client IP address upon detection of erroneous client behavior, which might make it easier for…	CWE-200 情報漏えい	CVE-2010-0384	2011-04-27 13:00	2010-01-26	表示	GitHub Exploit DB Packet Storm

355199	6.8	MEDIUM	fetchmail	fetchmail	The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service (applic…	CWE-119 バッファエラー	CVE-2010-0562	2011-04-27 13:00	2010-02-9	表示	GitHub Exploit DB Packet Storm

355200	5.1	MEDIUM	apple	mac_os_x mac_os_x_server	Unspecified vulnerability in the "compression state handling" in Bom for Apple Mac OS X 10.3.9 and 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly …	NVD-CWE-noinfo	CVE-2006-3497	2011-04-7 13:00	2006-08-3	表示	GitHub Exploit DB Packet Storm