NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年10月7日12:10

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
243251	1.5	LOW	oracle	fusion_middleware	Per Advisory: <a href="http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html">Outside In Technology is a suite of software development kits (SDKs). It does not have any particular…	NVD-CWE-noinfo	CVE-2015-4809	2016-12-8 03:14	2015-10-22	表示	GitHub Exploit DB Packet Storm

243252	1.5	LOW	oracle	fusion_middleware	Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In…	NVD-CWE-noinfo	CVE-2015-4811	2016-12-8 03:14	2015-10-22	表示	GitHub Exploit DB Packet Storm

243253	1.5	LOW	oracle	fusion_middleware	Per Advisory: <a href="http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html">Outside In Technology is a suite of software development kits (SDKs). It does not have any particular…	NVD-CWE-noinfo	CVE-2015-4811	2016-12-8 03:14	2015-10-22	表示	GitHub Exploit DB Packet Storm

243254	4.3	MEDIUM	oracle	fusion_middleware	Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.7, 11.1.2.2, and 11.1.2.3 allows remote attackers to affect integrity via vectors related to OIM …	NVD-CWE-noinfo	CVE-2015-4832	2016-12-8 03:14	2015-10-22	表示	GitHub Exploit DB Packet Storm

243255	4.0	MEDIUM	oracle	fusion_middleware	Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.4.0, 12.1.2.0.0, and 12.1.3.0.0 allows remote authenticated users to affect confidentiality via vectors…	NVD-CWE-noinfo	CVE-2015-4838	2016-12-8 03:14	2015-10-22	表示	GitHub Exploit DB Packet Storm

243256	4.3	MEDIUM	oracle	fusion_middleware	Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 allows remote attackers to affect integrity via unknown vectors related to Content Server, a…	NVD-CWE-noinfo	CVE-2015-4867	2016-12-8 03:14	2015-10-22	表示	GitHub Exploit DB Packet Storm

243257	4.3	MEDIUM	oracle	fusion_middleware	Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 allows remote attackers to affect integrity via unknown vectors related to Content Server, a…	NVD-CWE-noinfo	CVE-2015-4880	2016-12-8 03:14	2015-10-22	表示	GitHub Exploit DB Packet Storm

243258	4.3	MEDIUM	oracle	enterprise_manager_grid_control	Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 allows remote attackers to affect confidentiality via vectors related to…	NVD-CWE-noinfo	CVE-2015-4885	2016-12-8 03:14	2016-01-21	表示	GitHub Exploit DB Packet Storm

243259	5.3	MEDIUM	fortinet	fortigate-1000c fortigate-100d fortigate-110c fortigate-1240b fortigate-200b fortigate-20c fortigate-300c fortigate-3040b fortigate-310b fortigate-311b fortigate-3140b	The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier …	CWE-295 不正な証明書検証	CVE-2012-4948	2016-12-8 03:14	2012-11-14	表示	GitHub Exploit DB Packet Storm

243260	7.5	HIGH	mozilla	firefox firefox_esr	Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service (memory corruption and a…	CWE-119 バッファエラー	CVE-2015-4513	2016-12-8 03:13	2015-11-5	表示	GitHub Exploit DB Packet Storm

243261	7.5	HIGH	mozilla	firefox firefox_esr	Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe…	CWE-119 バッファエラー	CVE-2015-4514	2016-12-8 03:13	2015-11-5	表示	GitHub Exploit DB Packet Storm

243262	4.3	MEDIUM	mozilla	firefox	Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attackers to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM re…	CWE-200 情報漏えい	CVE-2015-4515	2016-12-8 03:13	2015-11-5	表示	GitHub Exploit DB Packet Storm

243263	4.3	MEDIUM	mozilla	firefox	The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes it easier for remote attackers to bypass the Content Security Policy (CSP) protection mechanism an…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2015-4518	2016-12-8 03:13	2015-11-5	表示	GitHub Exploit DB Packet Storm

243264	6.8	MEDIUM	alcatel-lucent	cellpipe_7130_rg_5ae.m2013_hol_firmware	Cross-site request forgery (CSRF) vulnerability in Alcatel-Lucent CellPipe 7130 RG 5Ae.M2013 HOL with firmware 1.0.0.20h.HOL allows remote attackers to hijack the authentication of administrators for…	CWE-352 同一生成元ポリシー違反	CVE-2015-4586	2016-12-8 03:13	2015-06-23	表示	GitHub Exploit DB Packet Storm

243265	4.3	MEDIUM	alcatel-lucent	cellpipe_7130_router_firmware	Cross-site scripting (XSS) vulnerability in the Alcatel-Lucent CellPipe 7130 router with firmware 1.0.0.20h.HOL allows remote attackers to inject arbitrary web script or HTML via the "Custom applicat…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2015-4587	2016-12-8 03:13	2015-06-19	表示	GitHub Exploit DB Packet Storm

243266	7.5	HIGH	job_fair_project	job_fair	Unrestricted file upload vulnerability in the Job Fair (jobfair) extension before 1.0.1 for TYPO3, when using Apache with mod_mime, allows remote attackers to execute arbitrary code by uploading a fi…	NVD-CWE-Other	CVE-2015-4606	2016-12-8 03:13	2015-06-17	表示	GitHub Exploit DB Packet Storm

243267	7.5	HIGH	job_fair_project	job_fair	<a href="http://cwe.mitre.org/data/definitions/434.html">CWE-434: Unrestricted Upload of File with Dangerous Type</a>	NVD-CWE-Other	CVE-2015-4606	2016-12-8 03:13	2015-06-17	表示	GitHub Exploit DB Packet Storm

243268	7.5	HIGH	frontend_user_upload_project	frontend_user_upload	Unrestricted file upload vulnerability in the Frontend User Upload (feupload) extension 0.5.0 and earlier for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an execu…	NVD-CWE-Other	CVE-2015-4607	2016-12-8 03:13	2015-06-17	表示	GitHub Exploit DB Packet Storm

243269	7.5	HIGH	frontend_user_upload_project	frontend_user_upload	<a href="http://cwe.mitre.org/data/definitions/434.html">CWE-434: Unrestricted Upload of File with Dangerous Type</a>	NVD-CWE-Other	CVE-2015-4607	2016-12-8 03:13	2015-06-17	表示	GitHub Exploit DB Packet Storm

243270	3.5	LOW	be_user_log_project	be_user_log	Cross-site scripting (XSS) vulnerability in the BE User Log (beko_beuserlog) extension 1.1.1 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspeci…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2015-4608	2016-12-8 03:13	2015-06-17	表示	GitHub Exploit DB Packet Storm

243271	6.5	MEDIUM	wt_directory_project	wt_directory	SQL injection vulnerability in the wt_directory extension before 1.4.2 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.	CWE-89 SQLインジェクション	CVE-2015-4609	2016-12-8 03:13	2015-06-17	表示	GitHub Exploit DB Packet Storm

243272	6.5	MEDIUM	store_locator_project	store_locator	SQL injection vulnerability in the Store Locator (locator) extension before 3.3.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.	CWE-89 SQLインジェクション	CVE-2015-4610	2016-12-8 03:13	2015-06-17	表示	GitHub Exploit DB Packet Storm

243273	6.5	MEDIUM	smoelenboek_project	smoelenboek	SQL injection vulnerability in the Smoelenboek (ncgov_smoelenboek) extension before 1.0.9 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.	CWE-89 SQLインジェクション	CVE-2015-4611	2016-12-8 03:13	2015-06-17	表示	GitHub Exploit DB Packet Storm

243274	6.5	MEDIUM	faq-frequenty_asked_questions_project	faq-frequently_asked_questions	SQL injection vulnerability in the "FAQ - Frequently Asked Questions" (js_faq) extension before 1.2.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vec…	CWE-89 SQLインジェクション	CVE-2015-4612	2016-12-8 03:13	2015-06-17	表示	GitHub Exploit DB Packet Storm

243275	6.5	MEDIUM	developer_log_project	developer_log	SQL injection vulnerability in the backend module in the Developer Log (devlog) extension before 2.11.4 for TYPO3 allows remote editors to execute arbitrary SQL commands via unspecified vectors.	CWE-89 SQLインジェクション	CVE-2015-4613	2016-12-8 03:13	2015-06-17	表示	GitHub Exploit DB Packet Storm

243276	6.5	MEDIUM	limesurvey	limesurvey	SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands vi…	CWE-89 SQLインジェクション	CVE-2015-4628	2016-12-8 03:13	2015-06-18	表示	GitHub Exploit DB Packet Storm

243277	2.9	LOW	swiftkey	swiftkey_sdk	The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attack…	CWE-254 セキュリティ機能	CVE-2015-4640	2016-12-8 03:13	2015-06-19	表示	GitHub Exploit DB Packet Storm

243278	6.4	MEDIUM	swiftkey	swiftkey_sdk	Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and cons…	CWE-22 パス・トラバーサル	CVE-2015-4641	2016-12-8 03:13	2015-06-19	表示	GitHub Exploit DB Packet Storm

243279	6.8	MEDIUM	panasonic	security_api_activex_sdk	Multiple stack-based buffer overflows in Ipropsapi in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allow remote attackers to execute arbitrary code via a long string in the (1) FilePass…	CWE-119 バッファエラー	CVE-2015-4647	2016-12-8 03:13	2015-07-6	表示	GitHub Exploit DB Packet Storm

243280	7.5	HIGH	panasonic	security_api_activex_sdk	Stack-based buffer overflow in the Ipropsapi.ipropsapiCtrl.1 ActiveX control in ipropsapivideo in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allows remote attackers to execute arbitra…	CWE-20 不適切な入力確認	CVE-2015-4648	2016-12-8 03:13	2015-07-6	表示	GitHub Exploit DB Packet Storm

243281	7.5	HIGH	joomla	joomla\!	SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.	CWE-89 SQLインジェクション	CVE-2015-4654	2016-12-8 03:13	2015-06-19	表示	GitHub Exploit DB Packet Storm

243282	6.8	MEDIUM	labsmedia	clickheat	Cross-site request forgery (CSRF) vulnerability in ClickHeat 1.14 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator passwor…	CWE-352 同一生成元ポリシー違反	CVE-2015-4659	2016-12-8 03:13	2015-06-19	表示	GitHub Exploit DB Packet Storm

243283	6.1	MEDIUM ネットワーク	opencart	opencart	Cross-site scripting (XSS) vulnerability in OpenCart before 2.1.0.2 allows remote attackers to inject arbitrary web script or HTML via the zone_id parameter to index.php.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2015-4671	2016-12-8 03:13	2016-01-13	表示	GitHub Exploit DB Packet Storm

243284	7.5	HIGH	tinysrp_project	tinysrp	Buffer overflow in the Tiny SRP library (aka TinySRP) allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted size value for the username field.	CWE-119 バッファエラー	CVE-2015-4675	2016-12-8 03:13	2015-06-19	表示	GitHub Exploit DB Packet Storm

243285	6.5	MEDIUM	aftab	tickfa	SQL injection vulnerability in ticket.php in TickFa 1.x allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a read action.	CWE-89 SQLインジェクション	CVE-2015-4676	2016-12-8 03:13	2015-06-19	表示	GitHub Exploit DB Packet Storm

243286	6.8	MEDIUM	fiverrscript	fiverrscript	Cross-site request forgery (CSRF) vulnerability in FiverrScript (aka Fiverr Script) 7.2 allows remote attackers to hijack the authentication of administrators for requests that create a new admin via…	CWE-352 同一生成元ポリシー違反	CVE-2015-4677	2016-12-8 03:13	2015-06-19	表示	GitHub Exploit DB Packet Storm

243287	7.5	HIGH	persian_car_cms_project	persian_car_cms	SQL injection vulnerability in Persian Car CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to the default URI.	CWE-89 SQLインジェクション	CVE-2015-4678	2016-12-8 03:13	2015-06-19	表示	GitHub Exploit DB Packet Storm

243288	4.3	MEDIUM	airties	rt-210_firmware	Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Airties RT-210 allow remote attackers to inject arbitrary web script or HTML via the (1) ddns_domainame or (2) ddns_account…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2015-4679	2016-12-8 03:13	2015-06-19	表示	GitHub Exploit DB Packet Storm

243289	6.5	MEDIUM	apphp	hotel_site	SQL injection vulnerability in ApPHP Hotel Site 3.x.x allows remote editors to execute arbitrary SQL commands via the pid parameter to index.php.	CWE-89 SQLインジェクション	CVE-2015-4713	2016-12-8 03:13	2015-06-23	表示	GitHub Exploit DB Packet Storm

243290	4.3	MEDIUM	dream-multimedia-tv	dreambox_dm500-s_firmware	Cross-site scripting (XSS) vulnerability in the DreamBox DM500-S allows remote attackers to inject arbitrary web script or HTML via the mode parameter to /body.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2015-4714	2016-12-8 03:13	2015-06-23	表示	GitHub Exploit DB Packet Storm

243291	10.0	HIGH	owncloud microsoft	owncloud windows	Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or exe…	CWE-22 パス・トラバーサル	CVE-2015-4716	2016-12-8 03:13	2015-10-22	表示	GitHub Exploit DB Packet Storm

243292	7.5	HIGH	restlet	restlet	The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arb…	CWE-91 CWE-16 ブラインド XPath インジェクション環境設定	CVE-2013-4221	2016-12-8 03:13	2013-10-10	表示	GitHub Exploit DB Packet Storm

243293	7.2	HIGH	cisco	virtualization_experience_client_6000_series_firmware	The diagnostics subsystem in the administrative web interface on Cisco Virtualization Experience (aka VXC) Client 6215 devices with firmware 11.2(27.4) allows local users to gain privileges for OS co…	CWE-78 OSコマンド・インジェクション	CVE-2015-4186	2016-12-8 03:12	2015-06-17	表示	GitHub Exploit DB Packet Storm

243294	5.0	MEDIUM	cisco	prime_collaboration	SQL injection vulnerability in the Manager interface in Cisco Prime Collaboration 10.5(1) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug IDs CSCuu29910, CSCuu299…	CWE-89 SQLインジェクション	CVE-2015-4188	2016-12-8 03:12	2015-06-17	表示	GitHub Exploit DB Packet Storm

243295	6.8	MEDIUM	cisco	data_center_analytics_framework	Cross-site request forgery (CSRF) vulnerability in Cisco Data Center Analytics Framework (DCAF) 1.4 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun26807.	CWE-352 同一生成元ポリシー違反	CVE-2015-4189	2016-12-8 03:12	2015-06-23	表示	GitHub Exploit DB Packet Storm

243296	4.3	MEDIUM	cisco	prime_service_catalog	Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1_vortex on Cloud Portal appliances allows man-in-the-middle attackers to modify data via unspecified vectors, aka Bug ID CSCuh19683.	NVD-CWE-Other	CVE-2015-4190	2016-12-8 03:12	2015-06-17	表示	GitHub Exploit DB Packet Storm

243297	4.3	MEDIUM	cisco	prime_service_catalog	<a href="https://cwe.mitre.org/data/definitions/701.html">Weaknesses Introduced During Design</a>	NVD-CWE-Other	CVE-2015-4190	2016-12-8 03:12	2015-06-17	表示	GitHub Exploit DB Packet Storm

243298	4.3	MEDIUM	cisco	unified_communications_manager	Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2015-4206	2016-12-8 03:12	2015-12-15	表示	GitHub Exploit DB Packet Storm

243299	5.0	MEDIUM	se_html5_album_audio_player_project	se_html5_album_audio_player	Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitra…	CWE-22 パス・トラバーサル	CVE-2015-4414	2016-12-8 03:12	2015-06-18	表示	GitHub Exploit DB Packet Storm

243300	5.0	MEDIUM	open-emr	openemr	interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts,…	CWE-287 不適切な認証	CVE-2015-4453	2016-12-8 03:12	2015-07-5	表示	GitHub Exploit DB Packet Storm