NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2024年7月2日20:11

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
244051 4.3 MEDIUM
cogentdatahub cogent_datahub Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2014-2353 2014-06-5 21:36 2014-05-31 表示 GitHub Exploit DB Packet Storm
244052 5.0 MEDIUM
trianglemicroworks scada_data_gateway Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet. CWE-20
不適切な入力確認 		CVE-2014-2342 2014-06-5 21:32 2014-05-31 表示 GitHub Exploit DB Packet Storm
244053 5.5 MEDIUM
owncloud owncloud ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the files_external application, which allows remote authenticated users to add external storage via unspecified vect… CWE-264
認可・権限・アクセス制御 		CVE-2014-3835 2014-06-5 20:10 2014-06-4 表示 GitHub Exploit DB Packet Storm
244054 6.5 MEDIUM
postfix_admin_project postfix_admin SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands v… CWE-89
SQLインジェクション 		CVE-2014-2655 2014-06-5 13:31 2014-04-3 表示 GitHub Exploit DB Packet Storm
244055 7.1 HIGH
debian dpkg dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error… CWE-22
パス・トラバーサル 		CVE-2014-3127 2014-06-5 13:31 2014-05-14 表示 GitHub Exploit DB Packet Storm
244056 7.5 HIGH
owncloud owncloud ownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated users to (1) access the contacts of other users via the address book or (2) rename files via unspec… CWE-264
認可・権限・アクセス制御 		CVE-2014-3834 2014-06-5 04:10 2014-06-4 表示 GitHub Exploit DB Packet Storm
244057 4.3 MEDIUM
owncloud owncloud Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web sc… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2014-3833 2014-06-5 04:09 2014-06-4 表示 GitHub Exploit DB Packet Storm
244058 4.3 MEDIUM
owncloud owncloud Cross-site scripting (XSS) vulnerability in the Documents component in ownCloud Server 6.0.x before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possi… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2014-3832 2014-06-5 04:06 2014-06-4 表示 GitHub Exploit DB Packet Storm
244059 7.5 HIGH
owncloud
phpdocx 		owncloud
phpdocx 		PHPDocX, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External… NVD-CWE-Other
CVE-2014-2056 2014-06-5 03:41 2014-06-4 表示 GitHub Exploit DB Packet Storm
244060 7.5 HIGH
owncloud
phpdocx 		owncloud
phpdocx 		Per: http://cwe.mitre.org/data/definitions/611.html "CWE-611: Improper Restriction of XML External Entity Reference ('XXE')" NVD-CWE-Other
CVE-2014-2056 2014-06-5 03:41 2014-06-4 表示 GitHub Exploit DB Packet Storm
244061 7.5 HIGH
fruux
owncloud 		sabredav
owncloud 		SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via … NVD-CWE-Other
CVE-2014-2055 2014-06-5 03:38 2014-06-4 表示 GitHub Exploit DB Packet Storm
244062 7.5 HIGH
fruux
owncloud 		sabredav
owncloud 		Per: http://cwe.mitre.org/data/definitions/611.html "CWE-611: Improper Restriction of XML External Entity Reference ('XXE')" NVD-CWE-Other
CVE-2014-2055 2014-06-5 03:38 2014-06-4 表示 GitHub Exploit DB Packet Storm
244063 7.5 HIGH
owncloud
phpexcel_project 		owncloud
phpexcel 		PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, caus… NVD-CWE-Other
CVE-2014-2054 2014-06-5 03:34 2014-06-4 表示 GitHub Exploit DB Packet Storm
244064 7.5 HIGH
owncloud
phpexcel_project 		owncloud
phpexcel 		Per: http://cwe.mitre.org/data/definitions/611.html "CWE-611: Improper Restriction of XML External Entity Reference ('XXE')" NVD-CWE-Other
CVE-2014-2054 2014-06-5 03:34 2014-06-4 表示 GitHub Exploit DB Packet Storm
244065 5.0 MEDIUM
owncloud owncloud The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which mak… CWE-310
暗号の問題 		CVE-2013-1941 2014-06-5 03:18 2014-06-4 表示 GitHub Exploit DB Packet Storm
244066 4.6 MEDIUM
owncloud owncloud settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings. CWE-94
コード・インジェクション 		CVE-2013-0204 2014-06-5 03:01 2014-06-4 表示 GitHub Exploit DB Packet Storm
244067 4.0 MEDIUM
owncloud owncloud lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV. CWE-20
不適切な入力確認 		CVE-2012-5336 2014-06-5 02:28 2014-06-4 表示 GitHub Exploit DB Packet Storm
244068 4.3 MEDIUM
owncloud owncloud CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter. NVD-CWE-Other
CVE-2012-5057 2014-06-5 02:19 2014-06-4 表示 GitHub Exploit DB Packet Storm
244069 4.3 MEDIUM
owncloud owncloud Per: http://cwe.mitre.org/data/definitions/93.html "CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')" NVD-CWE-Other
CVE-2012-5057 2014-06-5 02:19 2014-06-4 表示 GitHub Exploit DB Packet Storm
244070 4.3 MEDIUM
owncloud owncloud Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odf… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-5056 2014-06-5 02:15 2014-06-4 表示 GitHub Exploit DB Packet Storm
244071 4.0 MEDIUM
typo3 typo3 The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary … CWE-200
情報漏えい 		CVE-2014-3946 2014-06-5 00:26 2014-06-3 表示 GitHub Exploit DB Packet Storm
244072 4.0 MEDIUM
typo3 typo3 The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remot… CWE-287
不適切な認証 		CVE-2014-3945 2014-06-5 00:24 2014-06-3 表示 GitHub Exploit DB Packet Storm
244073 5.8 MEDIUM
typo3 typo3 The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors. CWE-287
不適切な認証 		CVE-2014-3944 2014-06-5 00:15 2014-06-3 表示 GitHub Exploit DB Packet Storm
244074 2.1 LOW
trianglemicroworks scada_data_gateway Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line. CWE-20
不適切な入力確認 		CVE-2014-2343 2014-06-4 23:00 2014-05-31 表示 GitHub Exploit DB Packet Storm
244075 4.3 MEDIUM
alfresco alfresco Multiple cross-site scripting (XSS) vulnerabilities in Alfresco Enterprise before 4.1.6.13 allow remote attackers to inject arbitrary web script or HTML via (1) an XHTML document, (2) a <% tag, or (3… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2014-2939 2014-06-4 00:30 2014-06-3 表示 GitHub Exploit DB Packet Storm
244076 7.5 HIGH
ajaydsouza contextual_related_posts SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. CWE-89
SQLインジェクション 		CVE-2014-3937 2014-06-4 00:09 2014-06-3 表示 GitHub Exploit DB Packet Storm
244077 5.0 MEDIUM
redhat openstack The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid… CWE-287
不適切な認証 		CVE-2013-6470 2014-06-4 00:00 2014-06-3 表示 GitHub Exploit DB Packet Storm
244078 5.8 MEDIUM
danielkorte nodeaccesskeys The Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote attackers to bypass access restrictions via a node listing. CWE-264
認可・権限・アクセス制御 		CVE-2013-4596 2014-06-3 23:49 2014-06-3 表示 GitHub Exploit DB Packet Storm
244079 6.8 MEDIUM
dleviet datalife_engine Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie. NVD-CWE-Other
CVE-2013-7387 2014-06-3 22:10 2014-06-3 表示 GitHub Exploit DB Packet Storm
244080 6.8 MEDIUM
dleviet datalife_engine Per: http://cwe.mitre.org/data/definitions/384.html "CWE-384: Session Fixation" NVD-CWE-Other
CVE-2013-7387 2014-06-3 22:10 2014-06-3 表示 GitHub Exploit DB Packet Storm
244081 7.5 HIGH
dleviet datalife_engine DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier. CWE-94
コード・インジェクション 		CVE-2013-1412 2014-06-3 21:27 2014-06-3 表示 GitHub Exploit DB Packet Storm
244082 6.8 MEDIUM
mediawiki mediawiki Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centrala… NVD-CWE-Other
CVE-2012-5395 2014-06-3 21:09 2014-06-3 表示 GitHub Exploit DB Packet Storm
244083 6.8 MEDIUM
mediawiki mediawiki Per: http://cwe.mitre.org/data/definitions/384.html "CWE-384: Session Fixation" NVD-CWE-Other
CVE-2012-5395 2014-06-3 21:09 2014-06-3 表示 GitHub Exploit DB Packet Storm
244084 4.3 MEDIUM
intel indeo_video ir41_32.ax 4.51.16.3 for Intel Indeo Video 4.5 allows remote attackers to cause a denial of service (crash) via a crafted .avi file. CWE-119
バッファエラー 		CVE-2014-3735 2014-06-3 20:45 2014-05-19 表示 GitHub Exploit DB Packet Storm
244085 7.5 HIGH
xoops glossaire_module SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter. CWE-89
SQLインジェクション 		CVE-2014-3935 2014-06-3 20:08 2014-06-2 表示 GitHub Exploit DB Packet Storm
244086 7.5 HIGH
phpnuke php-nuke
submit_news_module 		SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php. CWE-89
SQLインジェクション 		CVE-2014-3934 2014-06-3 20:03 2014-06-2 表示 GitHub Exploit DB Packet Storm
244087 7.5 HIGH
cososys endpoint_protector SQL injection vulnerability in the device registration component in wsf/webservice.php in CoSoSys Endpoint Protector 4 4.3.0.4 and 4.4.0.2 allows remote attackers to execute arbitrary SQL commands vi… CWE-89
SQLインジェクション 		CVE-2014-3932 2014-06-3 19:49 2014-06-2 表示 GitHub Exploit DB Packet Storm
244088 6.8 MEDIUM
debian xbuffy Stack-based buffer overflow in a certain Debian patch for xbuffy before 3.3.bl.3.dfsg-9 allows remote attackers to execute arbitrary code via the subject of an email, possibly related to indent subje… CWE-119
バッファエラー 		CVE-2014-0469 2014-05-31 13:30 2014-05-6 表示 GitHub Exploit DB Packet Storm
244089 6.5 MEDIUM
typo3 typo3 The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors t… CWE-20
不適切な入力確認 		CVE-2013-4250 2014-05-31 13:25 2014-05-20 表示 GitHub Exploit DB Packet Storm
244090 10.0 HIGH
canonical ltsp_display_manager
ubuntu_linux 		The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window. CWE-78
OSコマンド・インジェクション 		CVE-2012-1166 2014-05-31 13:09 2014-05-21 表示 GitHub Exploit DB Packet Storm
244091 5.1 MEDIUM
mp3info mp3info Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this … NVD-CWE-Other
CVE-2006-2465 2014-05-31 11:22 2006-05-19 表示 GitHub Exploit DB Packet Storm
244092 6.5 MEDIUM
jasig uportal uPortal before 4.0.13.1 does not properly check the CONFIG permission, which allows remote authenticated users to configure portlets by leveraging the SUBSCRIBE permission for a portlet. CWE-264
認可・権限・アクセス制御 		CVE-2014-3417 2014-05-31 01:36 2014-05-29 表示 GitHub Exploit DB Packet Storm
244093 6.5 MEDIUM
jasig uportal uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-adm… CWE-264
認可・権限・アクセス制御 		CVE-2014-3416 2014-05-31 01:35 2014-05-29 表示 GitHub Exploit DB Packet Storm
244094 4.3 MEDIUM
sosreport_project sosreport SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive. CWE-255
証明書・パスワード管理 		CVE-2014-0246 2014-05-30 22:59 2014-05-29 表示 GitHub Exploit DB Packet Storm
244095 5.0 MEDIUM
google_authenticator_login_project ga_login The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password … CWE-287
不適切な認証 		CVE-2013-4178 2014-05-30 22:35 2014-05-29 表示 GitHub Exploit DB Packet Storm
244096 5.0 MEDIUM
google_authenticator_login_project ga_login The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-… CWE-264
認可・権限・アクセス制御 		CVE-2013-4177 2014-05-30 22:34 2014-05-29 表示 GitHub Exploit DB Packet Storm
244097 6.8 MEDIUM
mail_on_update_project mail_on_update Cross-site request forgery (CSRF) vulnerability in the Mail On Update plugin before 5.2.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change… CWE-352
同一生成元ポリシー違反 		CVE-2013-2107 2014-05-30 09:32 2014-05-23 表示 GitHub Exploit DB Packet Storm
244098 2.1 LOW
robert_ancell
canonical 		lightdm
ubuntu_linux 		debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name … CWE-264
認可・権限・アクセス制御 		CVE-2012-0943 2014-05-30 09:19 2014-05-23 表示 GitHub Exploit DB Packet Storm
244099 6.8 MEDIUM
apache couchdb Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash. CWE-94
コード・インジェクション 		CVE-2012-5649 2014-05-30 09:16 2014-05-23 表示 GitHub Exploit DB Packet Storm
244100 4.3 MEDIUM
krisonav krisonav Cross-site scripting (XSS) vulnerability in services/get_article.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2013-2712 2014-05-30 08:44 2014-05-23 表示 GitHub Exploit DB Packet Storm