NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2024年4月30日10:36

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
249351 5.1 MEDIUM
safenet softremote_vpn_client SafeNet VPN client allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly involving buffer overflo… NVD-CWE-Other
CVE-2002-2225 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249352 6.4 MEDIUM
mailscanner mailscanner MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers to bypass protection via attachments with a filename with (1) extra leading spaces, (2) extra trailing spaces, or (3) alternate c… CWE-20
不適切な入力確認 		CVE-2002-2228 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249353 5.0 MEDIUM
sapio_design_ltd webreflex Directory traversal vulnerability in Sapio Design Ltd. WebReflex 1.53 allows remote attackers to read arbitrary files via a .. in an HTTP request. CWE-22
パス・トラバーサル 		CVE-2002-2229 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249354 8.5 HIGH
mollensoft_software enceladus_server_suite Buffer overflow in Enceladus Server Suite 3.9 allows remote attackers to execute arbitrary code via a long CD (CWD) command. CWE-119
バッファエラー 		CVE-2002-2232 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249355 4.3 MEDIUM
netscreen screenos NetScreen ScreenOS before 4.0.1 allows remote attackers to bypass the Malicious-URL blocking feature by splitting the URL into fragmented IP requests. CWE-16
環境設定 		CVE-2002-2234 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249356 5.0 MEDIUM
jelsoft vbulletin member2.php in vBulletin 2.2.9 and earlier does not properly restrict the $perpage variable to be an integer, which causes an error message to be reflected back to the user without quoting, which fac… CWE-189
数値処理の問題 		CVE-2002-2235 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249357 10.0 HIGH
apt-www-proxy apt-www-proxy Format string vulnerability in the awp_log function in apt-www-proxy 0.1 allows remote attackers to execute arbitrary code. CWE-20
不適切な入力確認 		CVE-2002-2236 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249358 5.0 MEDIUM
netbsd ftpd ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a digit in response to a STAT command for a filename that contains a carriage return followed by a digit, which can cause firewalls an… CWE-189
数値処理の問題 		CVE-2002-2245 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249359 10.0 HIGH
hp secure_web_server_for_tru64 Unspecified vulnerability in Internet Group Management Protocol (IGMP) of HP Tru64 4.0F through 5.1A allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: this might… NVD-CWE-noinfo
CVE-2002-2264 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249360 10.0 HIGH
hp secure_web_server_for_tru64 More Information: http://www.securityfocus.com/bid/6175/info NVD-CWE-noinfo
CVE-2002-2264 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249361 5.0 MEDIUM
pyramid benhur_software_update The default configuration of BenHur Firewall release 3 update 066 fix 2 allows remote attackers to access arbitrary services by connecting from source port 20. NVD-CWE-Other
CVE-2002-2307 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249362 5.0 MEDIUM
netscape communicator Netscape Communicator 6.2.1 allows remote attackers to cause a denial of service in client browsers via a webpage containing a recursive META refresh tag where the content tag is blank and the URL ta… NVD-CWE-Other
CVE-2002-2308 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249363 7.8 HIGH
php php php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments. CWE-399
リソース管理の問題 		CVE-2002-2309 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249364 5.0 MEDIUM
kryptronic clickcartpro ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and pa… CWE-255
証明書・パスワード管理 		CVE-2002-2310 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249365 5.8 MEDIUM
opera_software opera Opera 6.0.1 allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a web… NVD-CWE-Other
CVE-2002-2312 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249366 8.8 HIGH
qualcomm eudora Eudora email client 5.1.1, with "use Microsoft viewer" enabled, allows remote attackers to execute arbitrary programs via an HTML email message containing a META refresh tag that references an embedd… NVD-CWE-Other
CVE-2002-2313 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249367 5.0 MEDIUM
mozilla mozilla Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail. CWE-20
不適切な入力確認 		CVE-2002-2314 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249368 7.8 HIGH
cisco ios Cisco IOS 11.2.x and 12.0.x does not limit the size of its redirect table, which allows remote attackers to cause a denial of service (memory consumption) via spoofed ICMP redirect packets to the rou… NVD-CWE-Other
CVE-2002-2315 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249369 5.0 MEDIUM
cisco catos Cisco Catalyst 4000 series switches running CatOS 5.5.5, 6.3.5, and 7.1.2 do not always learn MAC addresses from a single initial packet, which causes unicast traffic to be broadcast across the switc… NVD-CWE-Other
CVE-2002-2316 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249370 7.8 HIGH
symantec velociraptor Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociRaptor 1.0 allows remote attackers to cause a denial of service (memory consumption) via an unknown method. NVD-CWE-noinfo
CWE-200
情報漏えい 		CVE-2002-2317 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249371 4.3 MEDIUM
blueface falcon_web_server Cross-site scripting (XSS) vulnerability in Falcon web server 2.0.0.1009 through 2.0.0.1021 allows remote attackers to inject arbitrary web script or HTML via the URI, which is inserted into 301 erro… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2002-2318 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249372 7.5 HIGH
mysimplenews mysimplenews Static code injection vulnerability in users.php in MySimpleNews allows remote attackers to inject arbitrary PHP code and HTML via the (1) LOGIN, (2) DATA, and (3) MESS parameters, which are inserted… CWE-94
コード・インジェクション 		CVE-2002-2319 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249373 7.8 HIGH
mysimplenews mysimplenews MySimpleNews 1.0 allows remote attackers to delete arbitrary email messages via a direct request to vider.php3. CWE-264
認可・権限・アクセス制御 		CVE-2002-2320 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249374 4.3 MEDIUM
phplinkat phplinkat Cross-site scripting (XSS) vulnerability in (1) showcat.php and (2) addyoursite.php in phpLinkat 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the catid parameter. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2002-2321 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249375 5.0 MEDIUM
ultimate_php_board ultimate_php_board Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords. CWE-20
不適切な入力確認 		CVE-2002-2322 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249376 7.2 HIGH
microsoft windows_xp The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) p… CWE-264
認可・権限・アクセス制御 		CVE-2002-2324 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249377 7.8 HIGH
university_of_washington pine The c-client library in Internet Message Access Protocol (IMAP) dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service (client crash) via a MIM… CWE-20
不適切な入力確認 		CVE-2002-2325 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249378 5.0 MEDIUM
apple mac_os_x The default configuration of Mail.app in Mac OS X 10.0 through 10.0.4 and 10.1 through 10.1.5 sends iDisk authentication credentials in cleartext when connecting to Mac.com, which could allow remote … CWE-310
暗号の問題 		CVE-2002-2326 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249379 7.8 HIGH
mirabilis icq ICQ client 2001b, 2002a and 2002b allows remote attackers to cause a denial of service (CPU consumption or crash) via a message with a large number of emoticons. CWE-20
不適切な入力確認 		CVE-2002-2329 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249380 5.8 MEDIUM
cascadesoft w3mail W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in the attachments directory does not properly restrict the types of files that can be uploaded as attachments, which allows remote… CWE-16
環境設定 		CVE-2002-2331 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249381 5.0 MEDIUM
opera_software opera_web_browser Buffer overflow in Opera 6.01 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes. CWE-119
バッファエラー 		CVE-2002-2332 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249382 5.0 MEDIUM
kde kde Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes. CWE-119
バッファエラー 		CVE-2002-2333 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249383 3.6 LOW
joseph_allen joe Joe text editor 2.8 through 2.9.7 does not remove the group and user setuid bits for backup files, which could allow local users to execute arbitrary setuid and setgid root programs when root edits s… CWE-264
認可・権限・アクセス制御 		CVE-2002-2334 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249384 5.0 MEDIUM
john_drake killer_protection Killer Protection 1.0 stores the vars.inc include file under the web root with insufficient access control, which allows remote attackers to obtain user names and passwords and log in using protectio… CWE-16
環境設定 		CVE-2002-2335 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249385 4.3 MEDIUM
symantec norton_personal_firewall Norton Personal Firewall 2002 4.0, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets. CWE-16
環境設定 		CVE-2002-2336 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249386 5.0 MEDIUM
kaspersky_lab kaspersky_anti-hacker Kaspersky Anti-Hacker 1.0, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets. NVD-CWE-Other
CVE-2002-2337 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249387 5.0 MEDIUM
mozilla
netscape 		mozilla
communicator
navigator 		The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) … CWE-20
不適切な入力確認 		CVE-2002-2338 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249388 4.3 MEDIUM
script_shed ssgbook Cross-site scripting (XSS) vulnerability in configure.asp in Script-Shed GuestBook 1.0 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in (1) image, (2) img, (3) … CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2002-2339 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249389 4.3 MEDIUM
sonicwall soho3 Cross-site scripting (XSS) vulnerability in content blocking in SonicWALL SOHO3 6.3.0.0 allows remote attackers to inject arbitrary web script or HTML via a blocked URL. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2002-2341 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249390 4.3 MEDIUM
nocc nocc Cross-site scripting (XSS) vulnerability in NOCC 0.9 through 0.9.5 allows remote attackers to inject arbitrary web script or HTML via email messages. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2002-2343 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249391 5.0 MEDIUM
ensim webppliance Ensim WEBppliance 3.0 and 3.1 allows remote attackers to read mail intended for other users by defining an alias that is the target's email address. CWE-264
認可・権限・アクセス制御 		CVE-2002-2344 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249392 7.5 HIGH
oracle application_server Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access. CWE-255
証明書・パスワード管理 		CVE-2002-2345 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249393 5.0 MEDIUM
phpbb phpbb phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses. CWE-200
情報漏えい 		CVE-2002-2346 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249394 4.3 MEDIUM
oracle application_server Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2002-2347 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249395 4.3 MEDIUM
authoria authoria Cross-site scripting (XSS) vulnerability in athcgi.exe in Authoria HR allows remote attackers to inject arbitrary web script or HTML via the command parameter. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2002-2348 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249396 5.0 MEDIUM
phpbb phpbbmod phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information. CWE-200
情報漏えい 		CVE-2002-2349 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249397 4.3 MEDIUM
phpoutsourcing zorum Cross-site scripting (XSS) vulnerability in z_user_show.php in dbtreelistproperty_method.php in Zorum 2.4 allows remote attackers to inject arbitrary web script or HTML via the class parameter. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2002-2350 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249398 6.4 MEDIUM
qualcomm eudora Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." (dot). CWE-22
パス・トラバーサル 		CVE-2002-2351 2008-09-6 05:32 2002-12-31 表示 GitHub Exploit DB Packet Storm
249399 7.5 HIGH
aol instant_messenger AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to the Trusted Sites Zone in Internet Explorer without user approval, which could allow code from free.aol.com to bypass intended access restric… NVD-CWE-Other
CVE-2002-1591 2008-09-6 05:31 2002-04-8 表示 GitHub Exploit DB Packet Storm
249400 10.0 HIGH
ibm aix Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and 5.1 allows remote attackers to execute arbitrary code. NVD-CWE-Other
CVE-2002-1621 2008-09-6 05:31 2002-04-22 表示 GitHub Exploit DB Packet Storm