NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年5月17日20:35

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
250601	7.2	HIGH	xfree86_project	xfree86	SGI IRIX buffer overflow in xterm and Xaw allows root access.	NVD-CWE-Other	CVE-1999-0126	2008-09-9 21:33	1998-05-3	表示	GitHub Exploit DB Packet Storm

250602	7.2	HIGH	caldera eric_allman bsdi freebsd hp ibm redhat	network_desktop sendmail bsd_os freebsd hp-ux aix linux	Local users can start Sendmail in daemon mode and gain root privileges.	NVD-CWE-Other	CVE-1999-0130	2008-09-9 21:33	1996-11-16	表示	GitHub Exploit DB Packet Storm

250603	7.2	HIGH	eric_allman bsdi digital freebsd hp ibm redhat sco	sendmail bsd_os osf_1 freebsd hp-ux aix linux internet_faststart openserver	Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.	NVD-CWE-Other	CVE-1999-0131	2008-09-9 21:33	1996-09-11	表示	GitHub Exploit DB Packet Storm

250604	7.2	HIGH	sun	sunos	vold in Solaris 2.x allows local users to gain root access.	NVD-CWE-Other	CVE-1999-0134	2008-09-9 21:33	1996-08-6	表示	GitHub Exploit DB Packet Storm

250605	3.7	LOW	netscape	navigator	Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet.	NVD-CWE-Other	CVE-1999-0141	2008-09-9 21:33	1996-03-29	表示	GitHub Exploit DB Packet Storm

250606	7.5	HIGH	sgi	irix	The handler CGI program in IRIX allows arbitrary command execution.	NVD-CWE-Other	CVE-1999-0148	2008-09-9 21:33	1997-09-1	表示	GitHub Exploit DB Packet Storm

250607	5.0	MEDIUM	microsoft sco	windows_2000 windows_95 windows_nt openserver	Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke.	NVD-CWE-Other	CVE-1999-0153	2008-09-9 21:33	1997-07-1	表示	GitHub Exploit DB Packet Storm

250608	7.5	HIGH	cisco	ios	Some classic Cisco IOS devices have a vulnerability in the PPP CHAP authentication to establish unauthorized PPP connections.	NVD-CWE-Other	CVE-1999-0160	2008-09-9 21:33	1997-10-1	表示	GitHub Exploit DB Packet Storm

250609	7.5	HIGH	cisco	ios	In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended IP access control list could bypass filtering.	NVD-CWE-Other	CVE-1999-0161	2008-09-9 21:33	1995-07-31	表示	GitHub Exploit DB Packet Storm

250610	6.2	MEDIUM	sun	sunos	A race condition in the Solaris ps command allows an attacker to overwrite critical files.	NVD-CWE-Other	CVE-1999-0164	2008-09-9 21:33	1995-08-29	表示	GitHub Exploit DB Packet Storm

250611	10.0	HIGH	samba	samba	Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password.	NVD-CWE-Other	CVE-1999-0182	2008-09-9 21:33	1997-09-30	表示	GitHub Exploit DB Packet Storm

250612	10.0	HIGH	sun	solaris	In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters.	NVD-CWE-Other	CVE-1999-0186	2008-09-9 21:33	1998-10-1	表示	GitHub Exploit DB Packet Storm

250613	6.4	MEDIUM	microsoft	internet_information_server	IIS newdsn.exe CGI script allows remote users to overwrite files.	NVD-CWE-Other	CVE-1999-0191	2008-09-9 21:33	1997-09-1	表示	GitHub Exploit DB Packet Storm

250614	5.0	MEDIUM	webgais_development_team	webgais	websendmail in Webgais 1.0 allows a remote user to access arbitrary files and execute arbitrary code via the receiver parameter ($VAR_receiver variable).	NVD-CWE-Other	CVE-1999-0196	2008-09-9 21:33	1997-07-8	表示	GitHub Exploit DB Packet Storm

250615	7.5	HIGH	google	google_apps	The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a r…	NVD-CWE-noinfo CWE-287 不適切な認証	CVE-2008-3891	2008-09-6 06:44	2008-09-3	表示	GitHub Exploit DB Packet Storm

250616	2.1	LOW	suspend2	software_suspend_2	Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local u…	CWE-200 情報漏えい	CVE-2008-3901	2008-09-6 06:44	2008-09-3	表示	GitHub Exploit DB Packet Storm

250617	7.5	HIGH	speedbit	download_accelerator_plus	SpeedBit Download Accelerator Plus (DAP) before 8.6.3.9 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse upd…	CWE-94 コード・インジェクション	CVE-2008-3433	2008-09-6 06:43	2008-08-1	表示	GitHub Exploit DB Packet Storm

250618	7.5	HIGH	linkedin	browser_toolbar	LinkedIn Browser Toolbar 3.0.3.1100 and earlier does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as …	CWE-94 コード・インジェクション	CVE-2008-3435	2008-09-6 06:43	2008-08-1	表示	GitHub Exploit DB Packet Storm

250619	7.5	HIGH	notepad\+\+	notepad\+\+	The GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse up…	CWE-94 コード・インジェクション	CVE-2008-3436	2008-09-6 06:43	2008-08-1	表示	GitHub Exploit DB Packet Storm

250620	7.5	HIGH	openoffice	openoffice.org	OpenOffice.org (OOo) before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated b…	CWE-94 コード・インジェクション	CVE-2008-3437	2008-09-6 06:43	2008-08-1	表示	GitHub Exploit DB Packet Storm

250621	7.5	HIGH	speedbit	speedbit_video_accelerator	SpeedBit Video Acceleration before 2.2.1.8 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demon…	CWE-94 コード・インジェクション	CVE-2008-3439	2008-09-6 06:43	2008-08-1	表示	GitHub Exploit DB Packet Storm

250622	7.5	HIGH	winzip	winzip	WinZip before 11.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and…	CWE-94 コード・インジェクション	CVE-2008-3442	2008-09-6 06:43	2008-08-1	表示	GitHub Exploit DB Packet Storm

250623	7.5	HIGH	egi_zaberl	e.z._poll	Multiple SQL injection vulnerabilities in admin/login.asp in E. Z. Poll 2 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters. NOTE: the provena…	CWE-89 SQLインジェクション	CVE-2008-3590	2008-09-6 06:43	2008-08-12	表示	GitHub Exploit DB Packet Storm

250624	5.0	MEDIUM	acronis	true_image_echo_server	Acronis True Image Echo Server 9.x build 8072 on Linux does not properly encrypt backups to an FTP server, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this…	CWE-310 暗号の問題	CVE-2008-3671	2008-09-6 06:43	2008-08-14	表示	GitHub Exploit DB Packet Storm

250625	7.5	HIGH	yourfreeworld	stylish_text_ads_script	SQL injection vulnerability in trl.php in YourFreeWorld Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter.	CWE-89 SQLインジェクション	CVE-2008-3754	2008-09-6 06:43	2008-08-22	表示	GitHub Exploit DB Packet Storm

250626	4.3	MEDIUM	wordpress	wordpress	Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN development versions only, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-3233	2008-09-6 06:42	2008-07-19	表示	GitHub Exploit DB Packet Storm

250627	10.0	HIGH	jamroom	jamroom	Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have unknown impact and attack vectors.	NVD-CWE-noinfo CWE-264 認可・権限・アクセス制御	CVE-2008-3376	2008-09-6 06:42	2008-07-31	表示	GitHub Exploit DB Packet Storm

250628	4.3	MEDIUM	opendocman	opendocman	Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-2788	2008-09-6 06:41	2008-06-20	表示	GitHub Exploit DB Packet Storm

250629	6.8	MEDIUM	exerocms	exero_cms	Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to (1) custompa…	CWE-22 パス・トラバーサル	CVE-2008-2840	2008-09-6 06:41	2008-06-25	表示	GitHub Exploit DB Packet Storm

250630	6.8	MEDIUM	webchamado	webchamado	SQL injection vulnerability in index.php in WebChamado 1.1 allows remote attackers to execute arbitrary SQL commands via the eml parameter. NOTE: the provenance of this information is unknown; the d…	CWE-89 SQLインジェクション	CVE-2008-2858	2008-09-6 06:41	2008-06-25	表示	GitHub Exploit DB Packet Storm

250631	4.3	MEDIUM	flicks_software	authentix	Cross-site scripting (XSS) vulnerability in editUser.asp in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-1174	2008-09-6 06:37	2008-03-6	表示	GitHub Exploit DB Packet Storm

250632	4.3	MEDIUM	flicks_software	authentix	Cross-site scripting (XSS) vulnerability in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter to aspAdmin/deleteUser.asp, a different vec…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-1175	2008-09-6 06:37	2008-03-6	表示	GitHub Exploit DB Packet Storm

250633	9.3	HIGH	microsoft	access jet	Unspecified vulnerability in Microsoft Access allows remote user-assisted attackers to execute arbitrary code via a crafted .MDB file, possibly related to Jet Engine (msjet40.dll). NOTE: this is pro…	NVD-CWE-noinfo	CVE-2008-1200	2008-09-6 06:37	2008-03-7	表示	GitHub Exploit DB Packet Storm

250634	7.5	HIGH	lagarde	storefront	SQL injection vulnerability in SearchResults.aspx in LaGarde StoreFront 6 before SP8 allows remote attackers to execute arbitrary SQL commands via the CategoryId parameter. NOTE: the provenance of t…	CWE-89 SQLインジェクション	CVE-2008-1341	2008-09-6 06:37	2008-03-18	表示	GitHub Exploit DB Packet Storm

250635	4.3	MEDIUM	polymita_technologies	bpm_suite collageportal	Multiple cross-site scripting (XSS) vulnerabilities in the search feature in Polymita BPM-Suite and CollagePortal allow remote attackers to inject arbitrary web script or HTML via the (1) _q and (2) …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-1342	2008-09-6 06:37	2008-03-18	表示	GitHub Exploit DB Packet Storm

250636	4.3	MEDIUM	manageengine	supportcenter_plus	Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, a r…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-1432	2008-09-6 06:37	2008-03-21	表示	GitHub Exploit DB Packet Storm

250637	3.6	LOW	paul_pelzl	wyrd	wyrd 1.4.3b allows local users to overwrite arbitrary files via a symlink attack on the wyrd-tmp.[USERID] temporary file.	CWE-59 リンク解釈の問題	CVE-2008-0806	2008-09-6 06:36	2008-02-19	表示	GitHub Exploit DB Packet Storm

250638	4.3	MEDIUM	ikiwiki	ikiwiki	Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-0808	2008-09-6 06:36	2008-02-19	表示	GitHub Exploit DB Packet Storm

250639	4.3	MEDIUM	ikiwiki	ikiwiki	Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-0809	2008-09-6 06:36	2008-02-19	表示	GitHub Exploit DB Packet Storm

250640	10.0	HIGH	caroline	caroline	Unspecified vulnerability in the php2phps function in Claroline before 1.8.9 has unknown impact and attack vectors.	NVD-CWE-noinfo	CVE-2008-0824	2008-09-6 06:36	2008-02-20	表示	GitHub Exploit DB Packet Storm

250641	7.5	HIGH	joomla mambo	com_profile	SQL injection vulnerability in index.php in the com_profile component for Joomla! allows remote attackers to execute arbitrary SQL commands via the oid parameter.	CWE-89 SQLインジェクション	CVE-2008-0846	2008-09-6 06:36	2008-02-21	表示	GitHub Exploit DB Packet Storm

250642	4.3	MEDIUM	schoolwires	academic_portal	Cross-site scripting (XSS) vulnerability in browse.asp in Schoolwires Academic Portal allows remote attackers to inject arbitrary web script or HTML via the c parameter. NOTE: the provenance of this…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-0909	2008-09-6 06:36	2008-02-23	表示	GitHub Exploit DB Packet Storm

250643	4.3	MEDIUM	invision_power_services	invision_power_board	Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via crafted BBCodes in an unspecified context.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-0913	2008-09-6 06:36	2008-02-23	表示	GitHub Exploit DB Packet Storm

250644	4.3	MEDIUM	tor_world	com_vote i-navigator interactive_bbs mobile_frontier quotes_of_the_day simple_bbs simple_vote tor_board tor_news tor_search	Cross-site scripting (XSS) vulnerability in Tor World Tor Search 1.1 and earlier, I-Navigator 4.0, Mobile Frontier 2.1 and earlier, Diary.cgi (aka Quotes of the Day) 1.5 and earlier, Tor News 1.21 an…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-0917	2008-09-6 06:36	2008-02-23	表示	GitHub Exploit DB Packet Storm

250645	7.2	HIGH	freshmeat	xwine	w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file. NOTE: some of these details are obtain…	CWE-59 リンク解釈の問題	CVE-2008-0930	2008-09-6 06:36	2008-03-4	表示	GitHub Exploit DB Packet Storm

250646	6.3	MEDIUM	xwine	xwine	w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modify…	CWE-264 認可・権限・アクセス制御	CVE-2008-0931	2008-09-6 06:36	2008-03-4	表示	GitHub Exploit DB Packet Storm

250647	7.5	HIGH	xoops	prayer_list_module	SQL injection vulnerability in index.php in the Prayer List (prayerlist) 1.04 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.	CWE-89 SQLインジェクション	CVE-2008-0936	2008-09-6 06:36	2008-02-26	表示	GitHub Exploit DB Packet Storm

250648	6.8	MEDIUM	tinyevent xoops	tinyevent tiny_event_module	SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a differ…	CWE-89 SQLインジェクション	CVE-2008-0937	2008-09-6 06:36	2008-02-26	表示	GitHub Exploit DB Packet Storm

250649	4.3	MEDIUM	webgui	webgui	Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.4.24 allows remote attackers to inject arbitrary web script or HTML when creating a username, a different vulnerability than CV…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-0940	2008-09-6 06:36	2008-02-26	表示	GitHub Exploit DB Packet Storm

250650	4.3	MEDIUM	matts_whois	matts_whois	Cross-site scripting (XSS) vulnerability in mwhois.php in Matt Wilson Matt's Whois (MWhois) allows remote attackers to inject arbitrary web script or HTML via the domain parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-1041	2008-09-6 06:36	2008-02-28	表示	GitHub Exploit DB Packet Storm