NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年6月26日10:14

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
245301	6.8	MEDIUM	cisco	identity_services_engine_software identity_services_engine	The file-upload feature in Cisco Identity Services Engine (ISE) allows remote authenticated users to cause a denial of service (disk consumption and administration-interface outage) by uploading many…	CWE-399 リソース管理の問題	CVE-2013-5540	2013-10-16 23:13	2013-10-16	表示	GitHub Exploit DB Packet Storm

245302	6.8	MEDIUM	cisco	webex_meetings_server	The deployment module in the server in Cisco WebEx Meeting Center does not properly validate the passphrase, which allows remote attackers to launch a deployment or cause a denial of service (deploym…	CWE-20 不適切な入力確認	CVE-2013-5529	2013-10-16 23:09	2013-10-16	表示	GitHub Exploit DB Packet Storm

245303	5.0	MEDIUM	cisco	identity_services_engine_software identity_services_engine	The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak permissions for uploaded files, which allows remote attackers to read arbitrary files via a direct request, aka Bug ID CSCui67506.	CWE-264 認可・権限・アクセス制御	CVE-2013-5538	2013-10-16 23:02	2013-10-16	表示	GitHub Exploit DB Packet Storm

245304	6.8	MEDIUM	cisco	nx-os	Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574.	CWE-264 認可・権限・アクセス制御	CVE-2012-4121	2013-10-16 20:26	2013-10-14	表示	GitHub Exploit DB Packet Storm

245305	7.5	HIGH	real-estate-php-script	real_estate_php_script	SQL injection vulnerability in property_listings_detail.php in Real Estate PHP Script allows remote attackers to execute arbitrary SQL commands via the listingid parameter.	CWE-89 SQLインジェクション	CVE-2013-5931	2013-10-16 03:03	2013-09-24	表示	GitHub Exploit DB Packet Storm

245306	4.3	MEDIUM	knowledgeview	knowledgeview_editorial_and_management_application	Cross-site scripting (XSS) vulnerability in the KnowledgeView Editorial and Management application allows remote attackers to inject arbitrary web script or HTML via the username parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-3616	2013-10-16 02:56	2013-09-24	表示	GitHub Exploit DB Packet Storm

245307	6.6	MEDIUM	cisco	firewall_services_module_software	The authorization functionality in Cisco Firewall Services Module (FWSM) 3.1.x and 3.2.x before 3.2(25) and 4.x before 4.1(13), when multiple-context mode is enabled, allows local users to read or mo…	CWE-264 認可・権限・アクセス制御	CVE-2013-5506	2013-10-16 02:47	2013-10-13	表示	GitHub Exploit DB Packet Storm

245308	4.3	MEDIUM	tenable	securitycenter	Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 through 4.7 allows remote attackers to inject arbitrary web script or HTML via the message parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-5911	2013-10-16 02:04	2013-09-24	表示	GitHub Exploit DB Packet Storm

245309	7.8	HIGH	alstom	e-terracontrol	Alstom e-terracontrol 3.5, 3.6, and 3.7 allows remote attackers to cause a denial of service (infinite loop) via crafted DNP3 packets.	CWE-20 不適切な入力確認	CVE-2013-2787	2013-10-16 01:55	2013-10-13	表示	GitHub Exploit DB Packet Storm

245310	6.8	MEDIUM	cisco	unified_computing_system	The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary operating-system commands via crafted parameters to a file-relate…	CWE-78 OSコマンド・インジェクション	CVE-2012-4108	2013-10-16 01:51	2013-10-13	表示	GitHub Exploit DB Packet Storm

245311	6.9	MEDIUM	invensys	wonderware_intouch	Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) …	CWE-119 バッファエラー	CVE-2012-4709	2013-10-16 01:41	2013-10-13	表示	GitHub Exploit DB Packet Storm

245312	6.9	MEDIUM	invensys	wonderware_intouch	AV:L per http://ics-cert.us-cert.gov/advisories/ICSA-13-276-01 'This vulnerability is not exploitable remotely'	CWE-119 バッファエラー	CVE-2012-4709	2013-10-16 01:41	2013-10-13	表示	GitHub Exploit DB Packet Storm

245313	7.2	HIGH	mostgear	easy_lan_folder_share	Buffer overflow in MostGear Soft Easy LAN Folder Share 3.2.0.100 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in the (1) r…	CWE-119 バッファエラー	CVE-2013-6079	2013-10-16 01:38	2013-10-12	表示	GitHub Exploit DB Packet Storm

245314	9.0	HIGH	adaptivecomputing	torque_resource_manager	pbs_mom in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x, 4.x, and earlier does not properly restrict access by unprivileged ports, which allows remote authenti…	CWE-264 認可・権限・アクセス制御	CVE-2013-4319	2013-10-16 01:05	2013-10-12	表示	GitHub Exploit DB Packet Storm

245315	7.5	HIGH	richard_cook	rgpg	The self.run_gpg function in lib/rgpg/gpg_helper.rb in the rgpg gem before 0.2.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.	CWE-94 コード・インジェクション	CVE-2013-4203	2013-10-16 00:55	2013-10-12	表示	GitHub Exploit DB Packet Storm

245316	5.0	MEDIUM	xymon	xymon	Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. (dot dot) in the host name in a "drophost…	CWE-22 パス・トラバーサル	CVE-2013-4173	2013-10-16 00:21	2013-10-12	表示	GitHub Exploit DB Packet Storm

245317	4.3	MEDIUM	cmsmadesimple	cms_made_simple	Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) before 1.11.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-4167	2013-10-15 23:54	2013-10-12	表示	GitHub Exploit DB Packet Storm

245318	7.5	HIGH	status	statusnet	Multiple SQL injection vulnerabilities in StatusNet 1.0 before 1.0.2 and 1.1.0 allow remote attackers to execute arbitrary SQL commands via vectors related to user lists and "a particular tag format."	CWE-89 SQLインジェクション	CVE-2013-4137	2013-10-15 23:42	2013-10-12	表示	GitHub Exploit DB Packet Storm

245319	7.8	HIGH	ovislink	airlive_od-2025hd airlive_od-2060hd airlive_poe100hd airlive_poe200hd airlive_poe250hd airlive_poe2600hd	AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models use cleartext to store sensitive information, which allows attackers to obtain passwo…	CWE-310 暗号の問題	CVE-2013-3687	2013-10-15 23:20	2013-10-12	表示	GitHub Exploit DB Packet Storm

245320	10.0	HIGH	ovislink	airlive_wl2600cam	cgi-bin/operator/param in AirLive WL2600CAM and possibly other camera models allows remote attackers to obtain the administrator password via a list action.	CWE-264 認可・権限・アクセス制御	CVE-2013-3686	2013-10-15 23:15	2013-10-12	表示	GitHub Exploit DB Packet Storm

245321	7.8	HIGH	tp-link	tl-sc3130 tl-sc3130g tl-sc3171 tl-sc3171g lm_firmware	cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to modify the fir…	CWE-264 認可・権限・アクセス制御	CVE-2013-2581	2013-10-15 23:12	2013-10-12	表示	GitHub Exploit DB Packet Storm

245322	10.0	HIGH	tp-link	tl-sc3130 tl-sc3130g tl-sc3171 tl-sc3171g lm_firmware	TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 have an empty password for the hardcoded "qmik" account, which allow…	CWE-255 証明書・パスワード管理	CVE-2013-2579	2013-10-15 23:11	2013-10-12	表示	GitHub Exploit DB Packet Storm

245323	7.1	HIGH	tp-link	tl-sc3130 tl-sc3130g tl-sc3171 tl-sc3171g lm_firmware	Unrestricted file upload vulnerability in cgi-bin/uploadfile in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, all…	NVD-CWE-Other	CVE-2013-2580	2013-10-15 22:23	2013-10-12	表示	GitHub Exploit DB Packet Storm

245324	7.1	HIGH	tp-link	tl-sc3130 tl-sc3130g tl-sc3171 tl-sc3171g lm_firmware	Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type'	NVD-CWE-Other	CVE-2013-2580	2013-10-15 22:23	2013-10-12	表示	GitHub Exploit DB Packet Storm

245325	10.0	HIGH	tp-link	tl-sc3130 tl-sc3130g tl-sc3171 tl-sc3171g lm_firmware	cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute arbitr…	CWE-78 OSコマンド・インジェクション	CVE-2013-2578	2013-10-15 22:13	2013-10-12	表示	GitHub Exploit DB Packet Storm

245326	5.0	MEDIUM	friends_of_symfony_project	fosuserbundle	The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expens…	CWE-399 リソース管理の問題	CVE-2013-5750	2013-10-15 21:10	2013-09-25	表示	GitHub Exploit DB Packet Storm

245327	7.5	HIGH	open-xchange	open-xchange_appsuite	The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote…	CWE-287 不適切な認証	CVE-2013-5200	2013-10-15 20:58	2013-09-25	表示	GitHub Exploit DB Packet Storm

245328	4.3	MEDIUM	antti_alamki	prh_search	Cross-site scripting (XSS) vulnerability in the PRH Search module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-6576	2013-10-12 03:11	2013-06-28	表示	GitHub Exploit DB Packet Storm

245329	7.5	HIGH	bas_van_beek	multishop	SQL injection vulnerability in the Multishop extension before 2.0.39 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.	CWE-89 SQLインジェクション	CVE-2013-4682	2013-10-12 02:59	2013-06-26	表示	GitHub Exploit DB Packet Storm

245330	6.8	MEDIUM	cisco	unified_communications_manager	Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrar…	CWE-352 同一生成元ポリシー違反	CVE-2013-3397	2013-10-12 02:09	2013-06-27	表示	GitHub Exploit DB Packet Storm

245331	4.3	MEDIUM	kent-web	post-mail	Cross-site scripting (XSS) vulnerability in KENT-WEB POST-MAIL before 6.7, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an unspecifi…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-3648	2013-10-12 02:06	2013-06-29	表示	GitHub Exploit DB Packet Storm

245332	7.5	HIGH	lockon	ec-cube	LOCKON EC-CUBE 2.11.2 through 2.12.4 allows remote attackers to conduct unspecified PHP code-injection attacks via a crafted string, related to data/class/SC_CheckError.php and data/class/SC_FormPara…	CWE-94 コード・インジェクション	CVE-2013-3651	2013-10-12 02:04	2013-07-1	表示	GitHub Exploit DB Packet Storm

245333	5.0	MEDIUM	lockon	ec-cube	Directory traversal vulnerability in the lfCheckFileName function in data/class/pages/LC_Page_ResizeImage.php in LOCKON EC-CUBE before 2.12.5 allows remote attackers to read arbitrary image files via…	CWE-22 パス・トラバーサル	CVE-2013-3650	2013-10-12 02:03	2013-07-1	表示	GitHub Exploit DB Packet Storm

245334	4.3	MEDIUM	kent-web	clip-mail	Cross-site scripting (XSS) vulnerability in KENT-WEB CLIP-MAIL before 3.4, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an unspecifi…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-3649	2013-10-12 02:01	2013-06-29	表示	GitHub Exploit DB Packet Storm

245335	7.1	HIGH	choice_wireless	wixfmr-111	ajax.cgi in the web interface on the Choice Wireless Green Packet WIXFMR-111 4G WiMax modem allows remote attackers to obtain sensitive information via an Ajax (1) wmxState or (2) netState request.	CWE-287 不適切な認証	CVE-2013-3581	2013-10-12 01:55	2013-07-2	表示	GitHub Exploit DB Packet Storm

245336	4.3	MEDIUM	lockon	ec-cube	Cross-site scripting (XSS) vulnerability in data/class/pages/products/LC_Page_Products_List.php in LOCKON EC-CUBE 2.11.0 through 2.12.4 allows remote attackers to inject arbitrary web script or HTML …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-3652	2013-10-12 01:50	2013-07-1	表示	GitHub Exploit DB Packet Storm

245337	5.0	MEDIUM	lockon	ec-cube	Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4 allows remote attackers to read arbitrary image files via vectors related to data/class/SC_CheckError.php and data/class/SC_F…	CWE-22 パス・トラバーサル	CVE-2013-3654	2013-10-12 01:50	2013-07-1	表示	GitHub Exploit DB Packet Storm

245338	4.3	MEDIUM	lockon	ec-cube	Multiple cross-site scripting (XSS) vulnerabilities in the RecommendSearch feature in the management screen in LOCKON EC-CUBE before 2.12.5 allow remote attackers to inject arbitrary web script or HT…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-3653	2013-10-12 01:49	2013-07-1	表示	GitHub Exploit DB Packet Storm

245339	2.1	LOW	emc	replication_manager	EMC Replication Manager (RM) before 5.4.4 places encoded passwords in application log files, which makes it easier for local users to obtain sensitive information by reading a file and conducting an …	CWE-255 証明書・パスワード管理	CVE-2013-3272	2013-10-12 00:51	2013-07-9	表示	GitHub Exploit DB Packet Storm

245340	7.5	HIGH	simone_tellini	mod_accounting	SQL injection vulnerability in mod_accounting.c in the mod_accounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header.	CWE-89 SQLインジェクション	CVE-2013-5697	2013-10-12 00:17	2013-10-1	表示	GitHub Exploit DB Packet Storm

245341	5.1	MEDIUM	libreswan	libreswan	Buffer overflow in the atodn function in libreswan 3.0 and 3.1, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE …	CWE-119 バッファエラー	CVE-2013-2052	2013-10-12 00:11	2013-07-10	表示	GitHub Exploit DB Packet Storm

245342	6.8	MEDIUM	freeswitch	freeswitch	Multiple buffer overflows in the switch_perform_substitution function in switch_regex.c in FreeSWITCH 1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary co…	CWE-119 バッファエラー	CVE-2013-2238	2013-10-11 23:52	2013-10-1	表示	GitHub Exploit DB Packet Storm

245343	7.5	HIGH	spip	spip	SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and "take editorial control" via vectors related to ecrire/inc/filtres.php.	NVD-CWE-noinfo	CVE-2013-2118	2013-10-11 23:51	2013-07-10	表示	GitHub Exploit DB Packet Storm

245344	4.3	MEDIUM	simple_invoices	simple_invoices	Multiple cross-site scripting (XSS) vulnerabilities in SimpleInvoices before stable-2012-1-CIS3000 allow remote attackers to inject arbitrary web script or HTML via (1) the having parameter in a mana…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-4932	2013-10-11 23:51	2012-12-28	表示	GitHub Exploit DB Packet Storm

245345	9.3	HIGH	google	android	Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that…	CWE-310 暗号の問題	CVE-2013-4787	2013-10-11 23:49	2013-07-10	表示	GitHub Exploit DB Packet Storm

245346	9.3	HIGH	bluecoat	avos proxyav	Multiple cross-site request forgery (CSRF) vulnerabilities on the Blue Coat ProxyAV appliance before 3.2.6.1 allow remote attackers to hijack the authentication of administrators for requests that (1…	CWE-352 同一生成元ポリシー違反	CVE-2010-5191	2013-10-11 23:48	2012-08-27	表示	GitHub Exploit DB Packet Storm

245347	4.3	MEDIUM	cisco	telepresence_tc_software	The web portal in TC software on Cisco TelePresence endpoints does not require an exact password match during a login attempt by a user who has not configured a password, which allows remote attacker…	CWE-264 認可・権限・アクセス制御	CVE-2013-3405	2013-10-11 23:46	2013-07-11	表示	GitHub Exploit DB Packet Storm

245348	10.0	HIGH	wago	wago_i\/o_system_758_industrial_pc_device	The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices has a default password of wago for the (1) root and (2) admin accounts, (3) a def…	CWE-255 証明書・パスワード管理	CVE-2012-4879	2013-10-11 23:45	2012-09-7	表示	GitHub Exploit DB Packet Storm

245349	7.8	HIGH	cisco	asa_5500-x_series_ips_ssp_software intrusion_prevention_system asa_5585-x idsm-2 ips_4345_sensor ips_4360_sensor ips_4510_sensor ips_4520_sensor ips_nme	The IP stack in Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP software and hardware modules before 7.1(5)E4, IPS 4500 sensors before 7.1(6)E4, and IPS 4300 sensors before 7.1…	CWE-119 バッファエラー	CVE-2013-1243	2013-10-11 23:44	2013-07-18	表示	GitHub Exploit DB Packet Storm

245350	4.3	MEDIUM	cisco	unified_meetingplace	Cross-site scripting (XSS) vulnerability in the web framework in the Application Server in Cisco Unified MeetingPlace allows remote attackers to inject arbitrary web script or HTML via an unspecified…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-5495	2013-10-11 23:35	2013-09-16	表示	GitHub Exploit DB Packet Storm