NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2026年7月18日4:22

No CVSS レベル
攻撃区分
ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
363501 4.6 MEDIUM
sco unixware Some packaging commands in SCO UnixWare 7.1.0 have insecure privileges, which allows local users to add or remove software packages. NVD-CWE-Other
CVE-2000-0351 2011-03-8 11:03 2001-03-12 表示 GitHub Exploit DB Packet Storm
363502 6.2 MEDIUM
sun solstice_adminsuite Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write permissions on source files for NIS maps, which could allow local users to gain privileges by modifying /etc/passwd. NVD-CWE-Other
CVE-1999-1425 2011-03-8 11:02 1997-11-10 表示 GitHub Exploit DB Packet Storm
363503 6.2 MEDIUM
freebsd
netbsd
openbsd
freebsd
netbsd
openbsd
The BSD make program allows local users to modify files via a symlink attack when the -j option is being used. NVD-CWE-Other
CVE-2000-0092 2011-03-8 11:02 2000-01-19 表示 GitHub Exploit DB Packet Storm
363504 7.2 HIGH
freebsd freebsd Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges. NVD-CWE-Other
CVE-2000-0235 2011-03-8 11:02 2000-03-27 表示 GitHub Exploit DB Packet Storm
363505 4.6 MEDIUM
digital unix Vulnerability in Advanced File System Utility (advfs) in Digital UNIX 4.0 through 4.0d allows local users to gain privileges. NVD-CWE-Other
CVE-1999-1044 2011-03-8 11:01 1998-05-7 表示 GitHub Exploit DB Packet Storm
363506 7.2 HIGH
sco open_desktop
open_desktop_lite
openserver_enterprise_system
openserver_network_system
unix
Vulnerability in prwarn in SCO UNIX 4.2 and earlier allows local users to gain root access. NVD-CWE-Other
CVE-1999-1303 2011-03-8 11:01 1994-11-30 表示 GitHub Exploit DB Packet Storm
363507 7.2 HIGH
sco open_desktop
open_desktop_lite
openserver_enterprise_system
openserver_network_system
unix
Vulnerability in login in SCO UNIX 4.2 and earlier allows local users to gain root access. NVD-CWE-Other
CVE-1999-1304 2011-03-8 11:01 1994-11-30 表示 GitHub Exploit DB Packet Storm
363508 7.2 HIGH
sco open_desktop
open_desktop_lite
openserver_enterprise_system
openserver_network_system
unix
Vulnerability in "at" program in SCO UNIX 4.2 and earlier allows local users to gain root access. NVD-CWE-Other
CVE-1999-1305 2011-03-8 11:01 1994-11-30 表示 GitHub Exploit DB Packet Storm
363509 4.6 MEDIUM
hp hp-ux Certain programs in HP-UX 10.20 do not properly handle large user IDs (UID) or group IDs (GID) over 60000, which could allow local users to gain privileges. NVD-CWE-Other
CVE-1999-1308 2011-03-8 11:01 1997-07-31 表示 GitHub Exploit DB Packet Storm
363510 4.6 MEDIUM
hp hp-ux Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows local users to bypass authentication and gain privileges. NVD-CWE-Other
CVE-1999-1311 2011-03-8 11:01 1997-01-7 表示 GitHub Exploit DB Packet Storm
363511 4.3 MEDIUM
phpbb_group phpbb Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single q… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2006-0063 2011-03-7 14:00 2006-01-6 表示 GitHub Exploit DB Packet Storm
363512 10.0 HIGH
hp psc_1210_all-in-one Unspecified vulnerability in HP PSC 1210 All-in-One Drivers before 1.0.06 has unknown impact and attack vectors. NVD-CWE-noinfo
CVE-2006-0672 2011-03-7 14:00 2006-02-14 表示 GitHub Exploit DB Packet Storm
363513 6.4 MEDIUM
mambo mambo Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_tem… CWE-22
パス・トラバーサル
CVE-2006-0871 2011-03-7 14:00 2006-02-24 表示 GitHub Exploit DB Packet Storm
363514 7.5 HIGH
apple mac_os_x
mac_os_x_server
Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted… CWE-119
バッファエラー
CVE-2006-1982 2011-03-7 14:00 2006-04-22 表示 GitHub Exploit DB Packet Storm
363515 7.8 HIGH
sun java_enterprise_system
java_system_directory_server
Memory leak in Network Security Services (NSS) 3.11, as used in Sun Java Enterprise System 2003Q4 through 2005Q1 and Java System Directory Server 5.2, allows remote attackers to cause a denial of ser… CWE-399
リソース管理の問題
CVE-2006-3127 2011-03-7 14:00 2006-06-22 表示 GitHub Exploit DB Packet Storm
363516 5.0 MEDIUM
ibm websphere_application_server IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to "JSP source code exposure" (PK23475), whic… CWE-200
情報漏えい
CVE-2006-4223 2011-03-7 14:00 2006-08-19 表示 GitHub Exploit DB Packet Storm
363517 7.5 HIGH
trend_micro serverprotect Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cle… CWE-119
バッファエラー
CVE-2005-1929 2011-03-7 14:00 2005-12-15 表示 GitHub Exploit DB Packet Storm
363518 4.3 MEDIUM
php_handicapper php_handicapper Cross-site scripting (XSS) vulnerability in PHP Handicapper allows remote attackers to inject arbitrary web script or HTML via the msg parameter to msg.php. NOTE: some sources identify a second vect… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2005-3496 2011-03-7 14:00 2005-11-4 表示 GitHub Exploit DB Packet Storm
363519 5.0 MEDIUM
apple airport_express
airport_extreme
The network interface for Apple AirPort Express 6.x before Firmware Update 6.3, and AirPort Extreme 5.x before Firmware Update 5.7, allows remote attackers to cause a denial of service (unresponsive … CWE-399
リソース管理の問題
CVE-2005-3714 2011-03-7 14:00 2005-12-31 表示 GitHub Exploit DB Packet Storm
363520 4.6 MEDIUM
sunncomm mediamax_drm SunnComm MediaMax DRM 5.0.21.0, as used by Sony BMG, assigns insecure Everyone/Full Control permissions to the "SunnComm Shared" directory, which allows local users to gain privileges by modifying pr… CWE-264
認可・権限・アクセス制御
CVE-2005-4069 2011-03-7 14:00 2005-12-8 表示 GitHub Exploit DB Packet Storm
363521 10.0 HIGH
mybulletinboard mybulletinboard Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0 have unknown impact and attack vectors, a different set of vulnerabilities than those identified by CVE-2005-4199. NVD-CWE-noinfo
CVE-2005-4200 2011-03-7 14:00 2005-12-13 表示 GitHub Exploit DB Packet Storm
363522 7.5 HIGH
phpwebgallery phpwebgallery Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) since, (2) sort_by, and (3) items_number parameters to c… CWE-89
SQLインジェクション
CVE-2005-4228 2011-03-7 14:00 2005-12-14 表示 GitHub Exploit DB Packet Storm
363523 7.5 HIGH
envolution envolution SQL injection vulnerability in the News module in Envolution allows remote attackers to execute arbitrary SQL commands via the (1) startrow and (2) catid parameter. CWE-89
SQLインジェクション
CVE-2005-4263 2011-03-7 14:00 2005-12-15 表示 GitHub Exploit DB Packet Storm
363524 7.5 HIGH
qualcomm worldmail Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote attackers to execute arbitrary code via a long IMAP command that ends with a "}" character, as demonstrated using long (1) LIST, (2… CWE-119
バッファエラー
CVE-2005-4267 2011-03-7 14:00 2005-12-21 表示 GitHub Exploit DB Packet Storm
363525 7.5 HIGH
nicplex plexcart_x3 SQL injection vulnerability in the search function in Plexum PLEXCART X3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly involving the (1) s_itemname and (… CWE-89
SQLインジェクション
CVE-2005-4315 2011-03-7 14:00 2005-12-17 表示 GitHub Exploit DB Packet Storm
363526 4.3 MEDIUM
apple safari
webkit
WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an in… CWE-399
リソース管理の問題
CVE-2010-1729 2011-02-17 15:55 2010-05-6 表示 GitHub Exploit DB Packet Storm
363527 4.3 MEDIUM
apple safari
webkit
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and before 4.1 on Mac OS X 10.4, does not properly handle clipboard (1) drag and (2) paste operations for URLs, which allows user-assi… CWE-200
情報漏えい
CVE-2010-1388 2011-02-17 15:54 2010-06-12 表示 GitHub Exploit DB Packet Storm
363528 10.0 HIGH
fetchmail fetchmail Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as … CWE-264
認可・権限・アクセス制御
CVE-2001-1009 2011-02-16 14:00 2001-08-31 表示 GitHub Exploit DB Packet Storm
363529 2.1 LOW
fetchmail fetchmail fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files. CWE-59
リンク解釈の問題
CVE-2001-1378 2011-02-16 14:00 2001-09-6 表示 GitHub Exploit DB Packet Storm
363530 5.0 MEDIUM
fetchmail fetchmail fetchmail email client before 5.9.10 does not properly limit the maximum number of messages available, which allows a remote IMAP server to overwrite memory via a message count that exceeds the bound… CWE-20
不適切な入力確認
CVE-2002-0146 2011-02-16 05:45 2002-06-25 表示 GitHub Exploit DB Packet Storm
363531 6.8 MEDIUM
php php Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary… CWE-134
書式文字列の問題
CVE-2010-2094 2011-01-26 15:48 2010-05-28 表示 GitHub Exploit DB Packet Storm
363532 5.0 MEDIUM
typsoft typsoft_ftp_server Typsoft FTP Server 1.11, with "Sub Directory Include" enabled, allows remote attackers to cause a denial of service (crash) by sending multiple RETR commands. NOTE: it was later reported that 1.10 i… CWE-399
リソース管理の問題
CVE-2005-3294 2011-01-26 14:00 2005-10-24 表示 GitHub Exploit DB Packet Storm
363533 4.0 MEDIUM
wordpress wordpress WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter. CWE-264
認可・権限・アクセス制御
CVE-2010-0682 2011-01-19 15:55 2010-02-24 表示 GitHub Exploit DB Packet Storm
363534 6.8 MEDIUM
phpf1 max\'s_image_uploader Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, a… NVD-CWE-Other
CVE-2010-0390 2011-01-12 14:00 2010-01-27 表示 GitHub Exploit DB Packet Storm
363535 6.8 MEDIUM
phpf1 max\'s_image_uploader Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type' NVD-CWE-Other
CVE-2010-0390 2011-01-12 14:00 2010-01-27 表示 GitHub Exploit DB Packet Storm
363536 7.5 HIGH
embarcadero interbase_smp_2009 Multiple stack-based buffer overflows in Embarcadero Technologies InterBase SMP 2009 9.0.3.437 allow remote attackers to execute arbitrary code via unknown vectors involving crafted packets. NOTE: t… CWE-119
バッファエラー
CVE-2010-0391 2011-01-12 14:00 2010-01-27 表示 GitHub Exploit DB Packet Storm
363537 9.0 HIGH
cisco unified_meetingplace Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.2, and possibly 5 does not properly validate SQL commands, which allows remote attackers to create, modify, or delete data in … CWE-89
SQLインジェクション
CVE-2010-0139 2011-01-7 14:00 2010-01-29 表示 GitHub Exploit DB Packet Storm
363538 6.4 MEDIUM
cisco unified_meetingplace MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote attackers to discover usernames, passwords, and unspecified other data from the user database via a modified auth… CWE-255
証明書・パスワード管理
CVE-2010-0141 2011-01-7 14:00 2010-01-29 表示 GitHub Exploit DB Packet Storm
363539 5.0 MEDIUM
xerox workcentre_6400_net_controller
workcentre_6400_system_software
Unspecified vulnerability in the Network Controller in Xerox WorkCentre 6400 System Software 060.070.109.11407 through 060.070.109.29510, and Net Controller 060.079.11410 through 060.079.29310, allow… CWE-200
情報漏えい
CVE-2010-0549 2011-01-6 14:00 2010-02-5 表示 GitHub Exploit DB Packet Storm
363540 10.0 HIGH
realnetworks helix_mobile_server
helix_server
helix_server_mobile
Integer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers … CWE-189
数値処理の問題
CVE-2010-1319 2010-12-29 14:00 2010-04-21 表示 GitHub Exploit DB Packet Storm
363541 4.3 MEDIUM
gianluca_baldo phpauction Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2005-2254 2010-12-21 14:00 2005-07-13 表示 GitHub Exploit DB Packet Storm
363542 5.0 MEDIUM
bsdi
freebsd
openbsd
bsd_os
freebsd
openbsd
ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets. CWE-20
不適切な入力確認
CVE-1999-0001 2010-12-16 14:00 1999-12-30 表示 GitHub Exploit DB Packet Storm
363543 6.8 MEDIUM
1024cms 1024_cms SQL injection vulnerability in rss.php in 1024 CMS 2.1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a vp action. CWE-89
SQLインジェクション
CVE-2010-1093 2010-12-14 23:34 2010-03-25 表示 GitHub Exploit DB Packet Storm
363544 4.3 MEDIUM
jan_schutze truc Cross-site scripting (XSS) vulnerability in login_reset_password_page.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 and earlier allows remote attackers to inject arbitrary web script or HTML… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-1095 2010-12-14 14:00 2010-03-25 表示 GitHub Exploit DB Packet Storm
363545 6.8 MEDIUM
dedecms dedecms include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the _SESSION[d… CWE-287
不適切な認証
CVE-2010-1097 2010-12-14 14:00 2010-03-25 表示 GitHub Exploit DB Packet Storm
363546 6.4 MEDIUM
php php The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpr… CWE-310
暗号の問題
CVE-2010-1128 2010-12-10 15:39 2010-03-27 表示 GitHub Exploit DB Packet Storm
363547 5.0 MEDIUM
php php The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause … NVD-CWE-Other
CVE-2010-0397 2010-12-10 15:37 2010-03-17 表示 GitHub Exploit DB Packet Storm
363548 5.0 MEDIUM
php php Per: http://cwe.mitre.org/data/slices/2000.html Improper Check for Unusual or Exceptional Conditions CWE-754 NVD-CWE-Other
CVE-2010-0397 2010-12-10 15:37 2010-03-17 表示 GitHub Exploit DB Packet Storm
363549 4.9 MEDIUM
apple mac_os_x The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users t… NVD-CWE-Other
CVE-2010-0105 2010-12-10 14:00 2010-04-28 表示 GitHub Exploit DB Packet Storm
363550 5.0 MEDIUM
php php Use-after-free vulnerability in the request shutdown functionality in PHP 5.2 before 5.2.13 and 5.3 before 5.3.2 allows context-dependent attackers to cause a denial of service (crash) via a stream c… CWE-399
リソース管理の問題
CVE-2010-2093 2010-12-7 15:48 2010-05-28 表示 GitHub Exploit DB Packet Storm