NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年10月6日16:10

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
243751	4.4	MEDIUM	foxitsoftware	foxit_reader	Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse p…	NVD-CWE-Other	CVE-2015-2789	2016-12-3 12:06	2015-03-30	表示	GitHub Exploit DB Packet Storm

243752	4.4	MEDIUM	foxitsoftware	foxit_reader	<a href="http://cwe.mitre.org/data/definitions/426.html">CWE-426: Untrusted Search Path</a>	NVD-CWE-Other	CVE-2015-2789	2016-12-3 12:06	2015-03-30	表示	GitHub Exploit DB Packet Storm

243753	4.3	MEDIUM	foxitsoftware	enterprise_reader foxit_reader phantompdf	Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure o…	CWE-20 不適切な入力確認	CVE-2015-2790	2016-12-3 12:06	2015-03-30	表示	GitHub Exploit DB Packet Storm

243754	10.0	HIGH	airties	air_firmware	Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execu…	CWE-119 バッファエラー	CVE-2015-2797	2016-12-3 12:06	2015-06-19	表示	GitHub Exploit DB Packet Storm

243755	7.5	HIGH	hancom	hanword_viewer_2007 hanword_viewer_2010 hwp_2014 hwpviewer_2014	Integer overflow in the HwpApp::CHncSDS_Manager function in Hancom Office HanWord processor, as used in Hwp 2014 VP before 9.1.0.2342, HanWord Viewer 2007 and Viewer 2010 8.5.6.1158, and HwpViewer 20…	CWE-189 数値処理の問題	CVE-2015-2810	2016-12-3 12:06	2015-05-16	表示	GitHub Exploit DB Packet Storm

243756	6.5	MEDIUM	typo3	neos	TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote editors to access, create, and modify content nodes in the workspace of other editors via unspecified vectors.	CWE-264 認可・権限・アクセス制御	CVE-2015-2821	2016-12-3 12:06	2015-04-1	表示	GitHub Exploit DB Packet Storm

243757	7.5	HIGH	simple_ads_manager_project	simple_ads_manager	Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin before 2.5.96 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an…	NVD-CWE-Other	CVE-2015-2825	2016-12-3 12:06	2015-04-22	表示	GitHub Exploit DB Packet Storm

243758	7.5	HIGH	simple_ads_manager_project	simple_ads_manager	<a href="http://cwe.mitre.org/data/definitions/434.html">CWE-434: Unrestricted Upload of File with Dangerous Type</a>	NVD-CWE-Other	CVE-2015-2825	2016-12-3 12:06	2015-04-22	表示	GitHub Exploit DB Packet Storm

243759	7.2	HIGH	das_watchdog_project	das_watchdog	Buffer overflow in das_watchdog 0.9.0 allows local users to execute arbitrary code with root privileges via a large string in the XAUTHORITY environment variable.	CWE-119 バッファエラー	CVE-2015-2831	2016-12-3 12:06	2015-04-15	表示	GitHub Exploit DB Packet Storm

243760	5.0	MEDIUM	citrix	netscaler	Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-s…	CWE-284 不適切なアクセス制御	CVE-2015-2841	2016-12-3 12:06	2015-04-3	表示	GitHub Exploit DB Packet Storm

243761	5.4	MEDIUM ネットワーク	vmware	vrealize_automation	Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2015-2344	2016-12-3 12:05	2016-03-16	表示	GitHub Exploit DB Packet Storm

243762	4.0	MEDIUM	huawei	seq_analyst	XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter.	NVD-CWE-Other	CVE-2015-2346	2016-12-3 12:05	2015-05-19	表示	GitHub Exploit DB Packet Storm

243763	4.0	MEDIUM	huawei	seq_analyst	<a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>	NVD-CWE-Other	CVE-2015-2346	2016-12-3 12:05	2015-05-19	表示	GitHub Exploit DB Packet Storm

243764	7.5	HIGH	mybb	mybb	The cache handler in MyBB (aka MyBulletinBoard) before 1.8.4 does not properly check the encoding of input to the var_export function, which allows attackers to have an unspecified impact via unknown…	NVD-CWE-noinfo	CVE-2015-2352	2016-12-3 12:05	2015-03-19	表示	GitHub Exploit DB Packet Storm

243765	7.5	HIGH	web-dorado	ecommerce_wd	Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_categor…	CWE-89 SQLインジェクション	CVE-2015-2562	2016-12-3 12:05	2015-03-20	表示	GitHub Exploit DB Packet Storm

243766	2.1	LOW	oracle	health_sciences_applications	Unspecified vulnerability in the Oracle Health Sciences Argus Safety component in Oracle Health Sciences Applications 8.0 allows local users to affect confidentiality via vectors related to BIP Insta…	NVD-CWE-noinfo	CVE-2015-2579	2016-12-3 12:05	2015-04-17	表示	GitHub Exploit DB Packet Storm

243767	7.2	HIGH	gns3	gns3	Untrusted search path vulnerability in GNS3 1.2.3 allows local users to gain privileges via a Trojan horse uuid.dll in an unspecified directory.	NVD-CWE-Other	CVE-2015-2667	2016-12-3 12:05	2015-05-19	表示	GitHub Exploit DB Packet Storm

243768	7.2	HIGH	gns3	gns3	<a href="http://cwe.mitre.org/data/definitions/426.html">CWE-426: Untrusted Search Path</a>	NVD-CWE-Other	CVE-2015-2667	2016-12-3 12:05	2015-05-19	表示	GitHub Exploit DB Packet Storm

243769	6.8	MEDIUM	asus	rt-g32_firmware	Cross-site request forgery (CSRF) vulnerability in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allows remote attackers to hijack the authentication of administrators for requests that c…	CWE-352 同一生成元ポリシー違反	CVE-2015-2676	2016-12-3 12:05	2015-03-24	表示	GitHub Exploit DB Packet Storm

243770	4.3	MEDIUM	genixcms	genixcms	Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter in the categories page …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2015-2678	2016-12-3 12:05	2015-03-24	表示	GitHub Exploit DB Packet Storm

243771	7.5	HIGH	genixcms	genixcms	Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter t…	CWE-89 SQLインジェクション	CVE-2015-2679	2016-12-3 12:05	2015-03-24	表示	GitHub Exploit DB Packet Storm

243772	6.8	MEDIUM	metalgenix	genixcms	Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS before 0.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator accou…	CWE-352 同一生成元ポリシー違反	CVE-2015-2680	2016-12-3 12:05	2015-03-24	表示	GitHub Exploit DB Packet Storm

243773	4.3	MEDIUM	asus	rt-g32_firmware	Multiple cross-site scripting (XSS) vulnerabilities in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) next_page, (…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2015-2681	2016-12-3 12:05	2015-03-24	表示	GitHub Exploit DB Packet Storm

243774	4.0	MEDIUM	shibboleth debian	service_provider debian_linux	Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message.	CWE-20 不適切な入力確認	CVE-2015-2684	2016-12-3 12:05	2015-03-31	表示	GitHub Exploit DB Packet Storm

243775	6.8	MEDIUM	cs-cart	cs-cart	Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-updat…	CWE-352 同一生成元ポリシー違反	CVE-2015-2701	2016-12-3 12:05	2015-03-25	表示	GitHub Exploit DB Packet Storm

243776	5.0	MEDIUM	realmd_project	realmd	realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response.	CWE-74 インジェクション	CVE-2015-2704	2016-12-3 12:05	2015-05-19	表示	GitHub Exploit DB Packet Storm

243777	6.8	MEDIUM	debian gaia-gis	debian_linux freexl	FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) or possibly execute arbitrary code via a crafted sector in a workbook.	CWE-20 不適切な入力確認	CVE-2015-2753	2016-12-3 12:05	2015-03-31	表示	GitHub Exploit DB Packet Storm

243778	4.0	MEDIUM	mcafee	data_loss_prevention_endpoint	The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to cause a denial of service (database lock or license corr…	CWE-399 リソース管理の問題	CVE-2015-2757	2016-12-3 12:05	2015-03-27	表示	GitHub Exploit DB Packet Storm

243779	6.5	MEDIUM	mcafee	data_loss_prevention_endpoint	The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to obtain sensitive information, modify the database, or po…	CWE-264 認可・権限・アクセス制御	CVE-2015-2758	2016-12-3 12:05	2015-03-27	表示	GitHub Exploit DB Packet Storm

243780	6.8	MEDIUM	mcafee	data_loss_prevention_endpoint	Multiple cross-site request forgery (CSRF) vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allow remote attackers to hijac…	CWE-352 同一生成元ポリシー違反	CVE-2015-2759	2016-12-3 12:05	2015-03-27	表示	GitHub Exploit DB Packet Storm

243781	2.7	LOW	hp	capture_and_route_software	Unspecified vulnerability in HP Capture and Route Software (HPCR) 1.3 before Patch 7, 1.3 FP1 before Patch 1, and 1.4 before Patch 1 allows remote authenticated users to obtain sensitive information …	NVD-CWE-noinfo	CVE-2015-2115	2016-12-3 12:04	2015-04-28	表示	GitHub Exploit DB Packet Storm

243782	9.0	HIGH	hp	storage_data_protector	Unspecified vulnerability in HP Storage Data Protector 7.x before 7.03 build 107 allows remote authenticated users to execute arbitrary code or cause a denial of service via unknown vectors.	NVD-CWE-noinfo	CVE-2015-2116	2016-12-3 12:04	2015-04-27	表示	GitHub Exploit DB Packet Storm

243783	7.5	HIGH	hp	tippingpoint_security_management_system tippingpoint_virtual_security_management_system	HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS) before 4.1 patch 3 and 4.2 before patch 1 do not require authentication for JBoss RMI reque…	CWE-287 不適切な認証	CVE-2015-2117	2016-12-3 12:04	2015-04-27	表示	GitHub Exploit DB Packet Storm

243784	7.8	HIGH	hp	network_virtualization	HP Network Virtualization for LoadRunner and Performance Center 8.61 and 11.52 allows remote attackers to read arbitrary files via a crafted filename in a URL to the (1) HttpServlet or (2) NetworkEdi…	CWE-200 情報漏えい	CVE-2015-2121	2016-12-3 12:04	2015-05-26	表示	GitHub Exploit DB Packet Storm

243785	7.8	HIGH	hp	sdn_van_controller	The REST layer on HP SDN VAN Controller devices 2.5 and earlier allows remote attackers to cause a denial of service via network traffic to the REST port.	CWE-399 リソース管理の問題	CVE-2015-2122	2016-12-3 12:04	2015-05-25	表示	GitHub Exploit DB Packet Storm

243786	9.0	HIGH	hp	nonstop_safeguard_security	Unspecified vulnerability in HP NonStop Safeguard Security Software H06.x, L15.02, and J06.x before J06.19 allows remote authenticated users to gain privileges by leveraging Expand access.	NVD-CWE-noinfo	CVE-2015-2123	2016-12-3 12:04	2015-05-26	表示	GitHub Exploit DB Packet Storm

243787	7.2	HIGH	hp	smart_zero_core thinpro_linux	Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 through 5.1 and Smart Zero Core 4.3 and 4.4 allows local users to bypass intended access restrictions and gain privileges via un…	NVD-CWE-noinfo	CVE-2015-2124	2016-12-3 12:04	2015-06-5	表示	GitHub Exploit DB Packet Storm

243788	5.0	MEDIUM	ericsson	drutt_mobile_service_delivery_platform	Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot en…	CWE-22 パス・トラバーサル	CVE-2015-2166	2016-12-3 12:04	2015-04-7	表示	GitHub Exploit DB Packet Storm

243789	5.8	MEDIUM	ericsson	drutt_mobile_service_delivery_platform	Open redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to redirect users to arbitrary web sites and conduct phish…	NVD-CWE-Other	CVE-2015-2167	2016-12-3 12:04	2015-04-7	表示	GitHub Exploit DB Packet Storm

243790	5.8	MEDIUM	ericsson	drutt_mobile_service_delivery_platform	<a href="http://cwe.mitre.org/data/definitions/601.html">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>	NVD-CWE-Other	CVE-2015-2167	2016-12-3 12:04	2015-04-7	表示	GitHub Exploit DB Packet Storm

243791	4.3	MEDIUM	zohocorp	manageengine_assetexplorer	Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 allows remote attackers to inject arbitrary web script or HTML via a Publisher registry entry, which …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2015-2169	2016-12-3 12:04	2015-06-24	表示	GitHub Exploit DB Packet Storm

243792	7.5	HIGH	slimframework	slim	Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data.	CWE-94 コード・インジェクション	CVE-2015-2171	2016-12-3 12:04	2015-03-30	表示	GitHub Exploit DB Packet Storm

243793	6.5	MEDIUM	digitalnature	fusion	Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion theme 3.1 for Wordpress allows remote authenticated users to execute arbitrary code by uploading a…	NVD-CWE-Other	CVE-2015-2194	2016-12-3 12:04	2015-03-4	表示	GitHub Exploit DB Packet Storm

243794	6.5	MEDIUM	digitalnature	fusion	<a href="http://cwe.mitre.org/data/definitions/434.html">CWE-434: Unrestricted Upload of File with Dangerous Type</a>	NVD-CWE-Other	CVE-2015-2194	2016-12-3 12:04	2015-03-4	表示	GitHub Exploit DB Packet Storm

243795	5.0	MEDIUM	dlguard	dlguard	DLGuard 4.5 allows remote attackers to obtain the installation path via the c parameter to index.php.	CWE-200 情報漏えい	CVE-2015-2209	2016-12-3 12:04	2015-03-5	表示	GitHub Exploit DB Packet Storm

243796	5.0	MEDIUM	netcat	netcat	NetCat 5.01 and earlier allows remote attackers to obtain the installation path via the redirect_url parameter to netshop/post.php.	CWE-200 情報漏えい	CVE-2015-2214	2016-12-3 12:04	2015-03-6	表示	GitHub Exploit DB Packet Storm

243797	7.5	HIGH	photocati_media	photocrati	SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme 4.x for WordPress allows remote attackers to execute arbitrary SQL commands via the prod_id parameter.	CWE-89 SQLインジェクション	CVE-2015-2216	2016-12-3 12:04	2015-03-6	表示	GitHub Exploit DB Packet Storm

243798	4.3	MEDIUM	magic_hills	wonderplugin_audio_player	Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2015-2218	2016-12-3 12:04	2015-03-6	表示	GitHub Exploit DB Packet Storm

243799	7.2	HIGH	lenovo	system_update	Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to th…	CWE-264 認可・権限・アクセス制御	CVE-2015-2219	2016-12-3 12:04	2015-05-13	表示	GitHub Exploit DB Packet Storm

243800	8.3	HIGH	lenovo	system_update	Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and ex…	CWE-310 暗号の問題	CVE-2015-2233	2016-12-3 12:04	2015-05-13	表示	GitHub Exploit DB Packet Storm