NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年5月17日20:35

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
249301	7.5	HIGH	mybb	mybb	SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.4.1 allows remote attackers to execute arbitrary SQL commands via a certain editor field.	CWE-89 SQLインジェクション	CVE-2008-3965	2008-11-15 16:19	2008-09-11	表示	GitHub Exploit DB Packet Storm

249302	7.5	HIGH	mybb	mybb	Patch information - http://community.mybboard.net/showthread.php?tid=36022	CWE-89 SQLインジェクション	CVE-2008-3965	2008-11-15 16:19	2008-09-11	表示	GitHub Exploit DB Packet Storm

249303	4.3	MEDIUM	mybb	mybb	Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-3966	2008-11-15 16:19	2008-09-11	表示	GitHub Exploit DB Packet Storm

249304	4.3	MEDIUM	mybb	mybb	Patch information - http://community.mybboard.net/showthread.php?tid=36022	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-3966	2008-11-15 16:19	2008-09-11	表示	GitHub Exploit DB Packet Storm

249305	7.5	HIGH	mybb	mybb	moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors.	CWE-264 認可・権限・アクセス制御	CVE-2008-3967	2008-11-15 16:19	2008-09-11	表示	GitHub Exploit DB Packet Storm

249306	7.5	HIGH	mybb	mybb	Patch information - http://community.mybboard.net/showthread.php?tid=36022	CWE-264 認可・権限・アクセス制御	CVE-2008-3967	2008-11-15 16:19	2008-09-11	表示	GitHub Exploit DB Packet Storm

249307	7.5	HIGH	phpcredo	phcdownload	SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to execute arbitrary SQL commands via the string parameter.	CWE-89 SQLインジェクション	CVE-2007-6670	2008-11-15 16:06	2008-01-8	表示	GitHub Exploit DB Packet Storm

249308	10.0	HIGH	menalto	gallery_publish_xp_module	Unspecified vulnerability in the Publish XP module Menalto Gallery before 2.2.4 allows attackers to create albums and upload files via unknown vectors.	NVD-CWE-noinfo CWE-264 認可・権限・アクセス制御	CVE-2007-6685	2008-11-15 16:06	2008-01-17	表示	GitHub Exploit DB Packet Storm

249309	10.0	HIGH	menalto	gallery	The URL rewrite module in Menalto Gallery before 2.2.4 allows attackers to include and execute arbitrary local files via unknown vectors related to the admin controller.	NVD-CWE-noinfo	CVE-2007-6686	2008-11-15 16:06	2008-01-17	表示	GitHub Exploit DB Packet Storm

249310	4.3	MEDIUM	menalto	gallery	Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery before 2.2.4 allow remote attackers to inject arbitrary web script or HTML via crafted filenames to the (1) Core or (2) add-item…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-6687	2008-11-15 16:06	2008-01-17	表示	GitHub Exploit DB Packet Storm

249311	7.5	HIGH	menalto	gallery	Menalto Gallery before 2.2.4 does not properly check for malicious file extensions during file uploads, which allows attackers to execute arbitrary code via the (1) Core application or (2) MIME modul…	CWE-20 不適切な入力確認	CVE-2007-6689	2008-11-15 16:06	2008-01-17	表示	GitHub Exploit DB Packet Storm

249312	10.0	HIGH	menalto	gallery	The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors.	NVD-CWE-noinfo CWE-264 認可・権限・アクセス制御	CVE-2007-6690	2008-11-15 16:06	2008-01-17	表示	GitHub Exploit DB Packet Storm

249313	10.0	HIGH	menalto	gallery	Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to (1) "hotlink protection" in the URL rewrite module, (2) a WebDAV view in the WebDAV module, (3) a …	NVD-CWE-noinfo	CVE-2007-6691	2008-11-15 16:06	2008-01-17	表示	GitHub Exploit DB Packet Storm

249314	6.4	MEDIUM	menalto	gallery	Open redirect vulnerability in Menalto Gallery before 2.2.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) Core and (2) print modul…	CWE-59 リンク解釈の問題	CVE-2007-6692	2008-11-15 16:06	2008-01-17	表示	GitHub Exploit DB Packet Storm

249315	10.0	HIGH	menalto	gallery_webcam_module	Unspecified vulnerability in the WebCam module in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to a "proxied request."	NVD-CWE-noinfo	CVE-2007-6693	2008-11-15 16:06	2008-01-17	表示	GitHub Exploit DB Packet Storm

249316	2.1	LOW	webcalendar	webcalendar	Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-6696	2008-11-15 16:06	2008-02-2	表示	GitHub Exploit DB Packet Storm

249317	4.3	MEDIUM	aol	ygp_piceditor_activex_control	Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control in YGPPicEdit.dll in AOL You've Got Pictures (YGP) Picture Editor allow remote attackers to cause a denial of service (browser c…	CWE-119 バッファエラー	CVE-2007-6699	2008-11-15 16:06	2008-02-5	表示	GitHub Exploit DB Packet Storm

249318	3.3	LOW	ibm	websphere_mq	The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon conne…	CWE-264 認可・権限・アクセス制御	CVE-2007-6705	2008-11-15 16:06	2008-03-9	表示	GitHub Exploit DB Packet Storm

249319	4.3	MEDIUM	mozilla	firefox	Mozilla Firefox allows remote attackers to cause a denial of service (crash) via crafted image, as demonstrated by the zzuf lol-firefox.gif test case.	NVD-CWE-noinfo	CVE-2007-6715	2008-11-15 16:06	2008-04-18	表示	GitHub Exploit DB Packet Storm

249320	4.3	MEDIUM	mantis	mantis	Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-6611	2008-11-15 16:05	2008-01-4	表示	GitHub Exploit DB Packet Storm

249321	4.3	MEDIUM	atlassian	jira	Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 allows remote attackers to inject arbitrary web script or HTML, which is not properly handled when gen…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-6617	2008-11-15 16:05	2008-01-4	表示	GitHub Exploit DB Packet Storm

249322	5.0	MEDIUM	atlassian	jira	JIRA Enterprise Edition before 3.12.1 allows remote attackers to delete another user's shared filter via a modified filter ID.	NVD-CWE-Other	CVE-2007-6618	2008-11-15 16:05	2008-01-4	表示	GitHub Exploit DB Packet Storm

249323	7.5	HIGH	atlassian	jira	The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language.	CWE-264 認可・権限・アクセス制御	CVE-2007-6619	2008-11-15 16:05	2008-01-4	表示	GitHub Exploit DB Packet Storm

249324	4.3	MEDIUM	joomla	joomla	Cross-site scripting (XSS) vulnerability in the com_poll component in Joomla! before 1.5 RC4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-6643	2008-11-15 16:05	2008-01-4	表示	GitHub Exploit DB Packet Storm

249325	6.5	MEDIUM	joomla	joomla	Joomla! before 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the administrator group, in violation of the intended security model.	CWE-264 認可・権限・アクセス制御	CVE-2007-6644	2008-11-15 16:05	2008-01-4	表示	GitHub Exploit DB Packet Storm

249326	7.5	HIGH	joomla	joomla	Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote authenticated users to gain privileges via unspecified vectors, aka "registered user privilege escalation vulnerability."	CWE-264 認可・権限・アクセス制御	CVE-2007-6645	2008-11-15 16:05	2008-01-4	表示	GitHub Exploit DB Packet Storm

249327	5.0	MEDIUM	fusion_news	fusion_news	Cross-site request forgery (CSRF) vulnerability in Fusion News 3.9.0 allows remote attackers to perform unauthorized actions via unspecified vectors.	CWE-352 同一生成元ポリシー違反	CVE-2007-6300	2008-11-15 16:04	2007-12-11	表示	GitHub Exploit DB Packet Storm

249328	4.3	MEDIUM	httplogger	httplogger	Cross-site scripting (XSS) vulnerability in HttpLogger 0.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-6308	2008-11-15 16:04	2007-12-12	表示	GitHub Exploit DB Packet Storm

249329	4.3	MEDIUM	drupal	feature_module	Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks.	CWE-352 同一生成元ポリシー違反	CVE-2007-6320	2008-11-15 16:04	2007-12-12	表示	GitHub Exploit DB Packet Storm

249330	5.8	MEDIUM	microsoft	access	Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of …	CWE-119 バッファエラー	CVE-2007-6357	2008-11-15 16:04	2007-12-15	表示	GitHub Exploit DB Packet Storm

249331	2.1	LOW	ibm	tivoli_netcool_security_manager	IBM Tivoli Netcool Security Manager 1.3.0 before Interim Fix 1, when using Active Directory (AD) LDAP authentication, allows remote attackers to obtain login access via unspecified vectors without en…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-6363	2008-11-15 16:04	2007-12-15	表示	GitHub Exploit DB Packet Storm

249332	7.5	HIGH	francisco_burzi	php-nuke	Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filename parameter, a …	CWE-22 パス・トラバーサル	CVE-2007-6376	2008-11-15 16:04	2007-12-15	表示	GitHub Exploit DB Packet Storm

249333	2.1	LOW	debian	debian_linux	The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process a…	CWE-200 情報漏えい	CVE-2007-6418	2008-11-15 16:04	2007-12-18	表示	GitHub Exploit DB Packet Storm

249334	4.3	MEDIUM	flyspray	flyspray	Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via (1) the query string in an index a…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-6461	2008-11-15 16:04	2007-12-20	表示	GitHub Exploit DB Packet Storm

249335	4.3	MEDIUM	php_real_estate_script	classifieds	Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in PHP Real Estate Classifieds allow remote attackers to inject arbitrary web script or HTML via unspecified "text areas/boxes."	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-6463	2008-11-15 16:04	2007-12-20	表示	GitHub Exploit DB Packet Storm

249336	10.0	HIGH	testlink	testlink	TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors.	CWE-287 不適切な認証	CVE-2007-6006	2008-11-15 16:03	2007-11-16	表示	GitHub Exploit DB Packet Storm

249337	9.3	HIGH	acdsee	photo_editor photo_manager pro_photo_manager	Multiple buffer overflows in ACD products allow user-assisted remote attackers to execute arbitrary code via a long section string in a (1) XBM or (2) XPM file to (a) ID_X.apl or (b) IDE_ACDStd.apl. …	CWE-119 バッファエラー	CVE-2007-6009	2008-11-15 16:03	2007-11-16	表示	GitHub Exploit DB Packet Storm

249338	7.8	HIGH	pioneers	pioneers	Unspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors that trigger an assert error. NOTE: this …	CWE-20 不適切な入力確認	CVE-2007-6010	2008-11-15 16:03	2007-11-16	表示	GitHub Exploit DB Packet Storm

249339	7.8	HIGH	van_dyke_technologies	vshell	Unspecified vulnerability in VanDyke VShell 3.0.1 allows remote attackers to cause a denial of service via unspecified vectors. NOTE: this information is based upon a vague advisory by a vulnerabili…	NVD-CWE-noinfo	CVE-2007-6031	2008-11-15 16:03	2007-11-20	表示	GitHub Exploit DB Packet Storm

249340	10.0	HIGH	ingate	ingate_firewall ingate_siparator	Buffer overflow in libsrtp in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.	CWE-119 バッファエラー	CVE-2007-6092	2008-11-15 16:03	2007-11-22	表示	GitHub Exploit DB Packet Storm

249341	7.1	HIGH	ingate	ingate_firewall ingate_siparator	The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (kernel crash) via an RTCP index that is "much more than expect…	CWE-20 不適切な入力確認	CVE-2007-6093	2008-11-15 16:03	2007-11-22	表示	GitHub Exploit DB Packet Storm

249342	4.3	MEDIUM	ingate	ingate_firewall ingate_siparator	The IPsec module in the VPN component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (module crash) via an IPsec Phase 2 proposal that…	CWE-20 不適切な入力確認	CVE-2007-6094	2008-11-15 16:03	2007-11-22	表示	GitHub Exploit DB Packet Storm

249343	4.0	MEDIUM	ingate	ingate_firewall ingate_siparator	The SIP component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0, when Remote NAT Traversal is employed, does not properly perform user registration and message distribution, which might …	CWE-200 情報漏えい	CVE-2007-6095	2008-11-15 16:03	2007-11-22	表示	GitHub Exploit DB Packet Storm

249344	5.0	MEDIUM	ingate	ingate_firewall ingate_siparator	Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext storage for passwords of "administrators with less privileges," which might allow attackers to read these passwords via unknown v…	CWE-255 証明書・パスワード管理	CVE-2007-6096	2008-11-15 16:03	2007-11-22	表示	GitHub Exploit DB Packet Storm

249345	10.0	HIGH	ingate	ingate_firewall ingate_siparator	Unspecified vulnerability in the ICMP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and remote attack vectors, related to ICMP packets that are "incorre…	NVD-CWE-noinfo	CVE-2007-6097	2008-11-15 16:03	2007-11-22	表示	GitHub Exploit DB Packet Storm

249346	7.5	HIGH	ingate	ingate_firewall ingate_siparator	Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log truncated (1) ICMP, (2) UDP, and (3) TCP packets, which has unknown impact and remote attack vectors; and do not log (4) serial-cons…	NVD-CWE-Other	CVE-2007-6098	2008-11-15 16:03	2007-11-22	表示	GitHub Exploit DB Packet Storm

249347	3.6	LOW	claws_mail	claws_mail_tools	sylprint.pl in claws mail tools (claws-mail-tools) allows local users to overwrite arbitrary files via a symlink attack on the sylprint.[USER].[PID] temporary file.	CWE-59 リンク解釈の問題	CVE-2007-6208	2008-11-15 16:03	2007-12-4	表示	GitHub Exploit DB Packet Storm

249348	5.0	MEDIUM	ossigeno	cms	Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 pre1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) level parameter to (a) install_module.php and (b)…	CWE-20 不適切な入力確認	CVE-2007-6218	2008-11-15 16:03	2007-12-5	表示	GitHub Exploit DB Packet Storm

249349	7.5	HIGH	work_system_e-commerce	work_system_e-commerce	Unspecified vulnerability in WORK system e-commerce before 4.0.2 has unknown impact and attack vectors related to "Ajax pages."	NVD-CWE-noinfo	CVE-2007-5801	2008-11-15 16:02	2007-11-3	表示	GitHub Exploit DB Packet Storm

249350	6.8	MEDIUM	ssreader	ultra_star_reader	Buffer overflow in the register function in Ultra Star Reader ActiveX control in SSReader allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild. NOTE: t…	CWE-119 バッファエラー	CVE-2007-5807	2008-11-15 16:02	2007-11-6	表示	GitHub Exploit DB Packet Storm