NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年7月7日20:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
243951	7.5	HIGH	fuelphp	fuelphp	The auto-format feature in the Request_Curl class in FuelPHP 1.1 through 1.7.1 allows remote attackers to execute arbitrary code via a crafted response.	CWE-94 コード・インジェクション	CVE-2014-1999	2014-08-5 01:27	2014-07-20	表示	GitHub Exploit DB Packet Storm

243952	4.3	MEDIUM	php_kobo	multifunctional_mailform_free	Cross-site scripting (XSS) vulnerability in PHP Kobo Multifunctional MailForm Free 2014/1/28 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-3894	2014-08-5 01:06	2014-07-20	表示	GitHub Exploit DB Packet Storm

243953	4.3	MEDIUM	webidsupport	webid	Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) TPL_name, (2) TPL_nick, (3) TPL_email, (4) TPL_year, (5) T…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-5101	2014-08-5 00:29	2014-07-26	表示	GitHub Exploit DB Packet Storm

243954	5.0	MEDIUM	innominate	mguard_firmware	Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request.	CWE-200 情報漏えい	CVE-2014-2356	2014-08-5 00:19	2014-07-30	表示	GitHub Exploit DB Packet Storm

243955	9.0	HIGH	yealink	sip-t38g	cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running …	CWE-78 OSコマンド・インジェクション	CVE-2013-5758	2014-08-4 23:13	2014-08-4	表示	GitHub Exploit DB Packet Storm

243956	4.0	MEDIUM	yealink	sip-t38g	Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parame…	CWE-22 パス・トラバーサル	CVE-2013-5757	2014-08-4 23:10	2014-08-4	表示	GitHub Exploit DB Packet Storm

243957	4.0	MEDIUM	yealink	sip-t38g	Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx.	CWE-22 パス・トラバーサル	CVE-2013-5756	2014-08-4 23:08	2014-08-4	表示	GitHub Exploit DB Packet Storm

243958	5.0	MEDIUM	vitamin_plugin_project	vitamin	Multiple directory traversal vulnerabilities in the Vitamin plugin before 1.1.0 for WordPress allow remote attackers to access arbitrary files via a .. (dot dot) in the path parameter to (1) add_head…	CWE-22 パス・トラバーサル	CVE-2012-6651	2014-08-1 23:07	2014-07-31	表示	GitHub Exploit DB Packet Storm

243959	7.8	HIGH	juniper	junos srx100 srx110 srx1400 srx210 srx220 srx240 srx3400 srx3600 srx550 srx5600 srx5800 srx650	Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D32, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 on SRX Series devices, when NAT protocol translat…	CWE-20 不適切な入力確認	CVE-2014-3817	2014-08-1 14:09	2014-07-12	表示	GitHub Exploit DB Packet Storm

243960	4.3	MEDIUM	homepage_decorator_perlmailer_project	homepage_decorator_perlmailer	Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlMailer 3.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-3897	2014-07-31 04:03	2014-07-30	表示	GitHub Exploit DB Packet Storm

243961	6.4	MEDIUM	iodata	ts-wlcam\/v_camera_firmware ts-wlcam\/v_camera ts-wptcam_camera_firmware ts-wptcam_camera ts-wlcam_camera_firmware ts-wlcam_camera ts-ptcam\/poe_camera_firmware ts-ptcam\/poe_cam…	The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and …	CWE-287 不適切な認証	CVE-2014-3895	2014-07-31 03:48	2014-07-30	表示	GitHub Exploit DB Packet Storm

243962	6.4	MEDIUM	iodata	ts-wlcam\/v_camera_firmware ts-wlcam\/v_camera ts-wptcam_camera_firmware ts-wptcam_camera ts-wlcam_camera_firmware ts-wlcam_camera ts-ptcam\/poe_camera_firmware ts-ptcam\/poe_cam…	Per: http://jvn.jp/en/jp/JVN94592501/index.html "Products Affected TS-WLCAM firmware version 1.06 and earlier TS-WLCAM/V firmware version 1.06 and earlier TS-WPTCAM firmware version 1.0…	CWE-287 不適切な認証	CVE-2014-3895	2014-07-31 03:48	2014-07-30	表示	GitHub Exploit DB Packet Storm

243963	5.0	MEDIUM	cairographics	cairo	The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string.	NVD-CWE-Other	CVE-2014-5116	2014-07-31 02:18	2014-07-29	表示	GitHub Exploit DB Packet Storm

243964	5.0	MEDIUM	cairographics	cairo	<a href="http://cwe.mitre.org/data/definitions/476.html" target="_blank">CWE-476: NULL Pointer Dereference</a>	NVD-CWE-Other	CVE-2014-5116	2014-07-31 02:18	2014-07-29	表示	GitHub Exploit DB Packet Storm

243965	7.5	HIGH	webidsupport	webid	WeBid 1.1.1 allows remote attackers to conduct an LDAP injection attack via the (1) js or (2) cat parameter.	NVD-CWE-Other	CVE-2014-5114	2014-07-31 02:02	2014-07-29	表示	GitHub Exploit DB Packet Storm

243966	7.5	HIGH	webidsupport	webid	<a href="http://cwe.mitre.org/data/definitions/90.html" target="_blank">CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')</a>	NVD-CWE-Other	CVE-2014-5114	2014-07-31 02:02	2014-07-29	表示	GitHub Exploit DB Packet Storm

243967	6.8	MEDIUM	silver-peak	vx	Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create…	CWE-352 同一生成元ポリシー違反	CVE-2014-2974	2014-07-29 23:28	2014-07-29	表示	GitHub Exploit DB Packet Storm

243968	4.3	MEDIUM	visualware	myconnection_server	Multiple cross-site scripting (XSS) vulnerabilities in test.php in Visualware MyConnection Server 9.7i allow remote attackers to inject arbitrary web script or HTML via the (1) testtype, (2) ver, (3)…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-5113	2014-07-29 23:18	2014-07-29	表示	GitHub Exploit DB Packet Storm

243969	4.3	MEDIUM	ol-commerce_project	ol-commerce	Multiple cross-site scripting (XSS) vulnerabilities in ol-commerce 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) a_country parameter in a process action to affiliate…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-5105	2014-07-29 22:05	2014-07-29	表示	GitHub Exploit DB Packet Storm

243970	7.5	HIGH	ol-commerce_project	ol-commerce	Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) a…	CWE-89 SQLインジェクション	CVE-2014-5104	2014-07-29 22:04	2014-07-29	表示	GitHub Exploit DB Packet Storm

243971	7.5	HIGH	mailpoet	mailpoet_newsletters	Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors.	NVD-CWE-noinfo	CVE-2014-4726	2014-07-29 04:21	2014-07-28	表示	GitHub Exploit DB Packet Storm

243972	7.5	HIGH	mailpoet	mailpoet_newsletters	The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-a…	CWE-287 不適切な認証	CVE-2014-4725	2014-07-29 04:18	2014-07-28	表示	GitHub Exploit DB Packet Storm

243973	4.3	MEDIUM	gurock	testrail	Cross-site scripting (XSS) vulnerability in Gurock TestRail before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Created By field in a project activity.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4857	2014-07-29 04:05	2014-07-27	表示	GitHub Exploit DB Packet Storm

243974	5.0	MEDIUM	caucho	resin	The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demo…	CWE-264 CWE-20 認可・権限・アクセス制御不適切な入力確認	CVE-2014-2966	2014-07-29 04:00	2014-07-27	表示	GitHub Exploit DB Packet Storm

243975	10.0	HIGH	morpho	itemiser_3	Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.	NVD-CWE-Other	CVE-2014-2363	2014-07-29 02:45	2014-07-26	表示	GitHub Exploit DB Packet Storm

243976	10.0	HIGH	morpho	itemiser_3	<a href="http://cwe.mitre.org/data/definitions/798.html" target="_blank">CWE-798: Use of Hard-coded Credentials</a>	NVD-CWE-Other	CVE-2014-2363	2014-07-29 02:45	2014-07-26	表示	GitHub Exploit DB Packet Storm

243977	6.8	MEDIUM	siemens	simatic_pcs7 wincc	The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive infor…	NVD-CWE-Other	CVE-2014-4686	2014-07-25 23:59	2014-07-24	表示	GitHub Exploit DB Packet Storm

243978	6.8	MEDIUM	siemens	simatic_pcs7 wincc	<a href="http://cwe.mitre.org/data/definitions/798.html" target="_blank">CWE-798: CWE-798: Use of Hard-coded Credentials</a>	NVD-CWE-Other	CVE-2014-4686	2014-07-25 23:59	2014-07-24	表示	GitHub Exploit DB Packet Storm

243979	4.6	MEDIUM	siemens	simatic_pcs7 wincc	Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control.	CWE-264 認可・権限・アクセス制御	CVE-2014-4685	2014-07-25 23:49	2014-07-24	表示	GitHub Exploit DB Packet Storm

243980	6.0	MEDIUM	siemens	simatic_pcs7 wincc	The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433.	CWE-264 認可・権限・アクセス制御	CVE-2014-4684	2014-07-25 23:42	2014-07-24	表示	GitHub Exploit DB Packet Storm

243981	4.9	MEDIUM	siemens	simatic_pcs7 wincc	The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request.	CWE-264 認可・権限・アクセス制御	CVE-2014-4683	2014-07-25 23:37	2014-07-24	表示	GitHub Exploit DB Packet Storm

243982	5.0	MEDIUM	siemens	simatic_pcs7 wincc	The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request.	CWE-200 情報漏えい	CVE-2014-4682	2014-07-25 23:27	2014-07-24	表示	GitHub Exploit DB Packet Storm

243983	3.5	LOW	micropact	icomplaints	Cross-site scripting (XSS) vulnerability in AddStdLetter.jsp in MicroPact iComplaints before 8.0.2.1.8.8014 allows remote authenticated users to inject arbitrary web script or HTML via the descriptio…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-2971	2014-07-25 23:00	2014-07-24	表示	GitHub Exploit DB Packet Storm

243984	7.6	HIGH	honeywell	falcon_xlweb_linux_controller falcon_xlweb_xlwebexe	Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain adminis…	NVD-CWE-Other	CVE-2014-2717	2014-07-25 22:52	2014-07-24	表示	GitHub Exploit DB Packet Storm

243985	7.6	HIGH	honeywell	falcon_xlweb_linux_controller falcon_xlweb_xlwebexe	<a href="http://cwe.mitre.org/data/definitions/552.html" target="_blank">CWE-552: CWE-552: Files or Directories Accessible to External Parties</a>	NVD-CWE-Other	CVE-2014-2717	2014-07-25 22:52	2014-07-24	表示	GitHub Exploit DB Packet Storm

243986	4.3	MEDIUM	huawei	e355_web_ui e355_firmware e355	Cross-site scripting (XSS) vulnerability in the web interface on the Huawei E355 CH1E355SM modem with software 21.157.37.01.910 and Web UI 11.001.08.00.03 allows remote attackers to inject arbitrary …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-2968	2014-07-25 03:49	2014-07-24	表示	GitHub Exploit DB Packet Storm

243987	4.3	MEDIUM	huawei	e355_web_ui e355_firmware e355	Per: http://www.kb.cert.org/vuls/id/688812 "The following device configuration was reported to be vulnerable. Other versions may be affected: Hardware version: CH1E355SM Software version: 21.157.37…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-2968	2014-07-25 03:49	2014-07-24	表示	GitHub Exploit DB Packet Storm

243988	6.0	MEDIUM	omron	ns_series_system_program_firmware ns10_hmi_terminal ns12_hmi_terminal ns15_hmi_terminal ns5_hmi_terminal ns8_hmi_terminal	Cross-site request forgery (CSRF) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to hijack the authen…	CWE-352 同一生成元ポリシー違反	CVE-2014-2369	2014-07-25 03:29	2014-07-24	表示	GitHub Exploit DB Packet Storm

243989	10.0	HIGH	attachmate	verastream_process_designer	Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executabl…	NVD-CWE-Other	CVE-2014-0607	2014-07-25 02:33	2014-07-24	表示	GitHub Exploit DB Packet Storm

243990	10.0	HIGH	attachmate	verastream_process_designer	<a href="http://cwe.mitre.org/data/definitions/434.html" target="_blank">CWE-434: Unrestricted Upload of File with Dangerous Type</a>	NVD-CWE-Other	CVE-2014-0607	2014-07-25 02:33	2014-07-24	表示	GitHub Exploit DB Packet Storm

243991	7.5	HIGH	yiiframework	yiiframework	The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property.	CWE-94 コード・インジェクション	CVE-2014-4672	2014-07-24 14:01	2014-07-4	表示	GitHub Exploit DB Packet Storm

243992	7.5	HIGH	yiiframework	yiiframework	per http://www.yiiframework.com/news/78/yii-1-1-15-is-released-security-fix/: "Note that the issue only affects 1.1.14. All previous releases are not affected"	CWE-94 コード・インジェクション	CVE-2014-4672	2014-07-24 14:01	2014-07-4	表示	GitHub Exploit DB Packet Storm

243993	4.3	MEDIUM	symantec	data_insight	Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified fo…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-3432	2014-07-24 14:00	2014-06-27	表示	GitHub Exploit DB Packet Storm

243994	4.3	MEDIUM	symantec	data_insight	Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified fo…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-3433	2014-07-24 14:00	2014-06-27	表示	GitHub Exploit DB Packet Storm

243995	7.8	HIGH	juniper	junos srx100 srx110 srx1400 srx210 srx220 srx240 srx3400 srx3600 srx550 srx5600 srx5800 srx650	Juniper Junos 12.1X46 before 12.1X46-D20 and 12.1X47 before 12.1X47-D10 on SRX Series devices allows remote attackers to cause a denial of service (flowd crash) via a crafted SIP packet.	CWE-20 不適切な入力確認	CVE-2014-3815	2014-07-24 14:00	2014-07-12	表示	GitHub Exploit DB Packet Storm

243996	4.0	MEDIUM	oracle	fusion_middleware	Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7.0 allows remote authenticated users to affect integrity via vectors related to CEP system.	NVD-CWE-noinfo	CVE-2014-2424	2014-07-24 13:59	2014-04-16	表示	GitHub Exploit DB Packet Storm

243997	4.0	MEDIUM	hp	release_control	Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to obtain sens…	NVD-CWE-noinfo	CVE-2014-2612	2014-07-24 13:59	2014-06-29	表示	GitHub Exploit DB Packet Storm

243998	9.0	HIGH	hp	release_control	Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to gain privil…	NVD-CWE-noinfo	CVE-2014-2613	2014-07-24 13:59	2014-06-29	表示	GitHub Exploit DB Packet Storm

243999	7.9	HIGH	symantec	workspace_streaming	The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS.	CWE-264 認可・権限・アクセス制御	CVE-2014-1649	2014-07-24 13:58	2014-05-16	表示	GitHub Exploit DB Packet Storm

244000	4.3	MEDIUM	happyworm	jplayer	Cross-site scripting (XSS) vulnerability in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-2023	2014-07-24 13:49	2013-08-16	表示	GitHub Exploit DB Packet Storm