NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年11月17日5:17

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
245501	6.5	MEDIUM ネットワーク	juniper	junos_space	XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service.	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2016-4931	2017-03-23 04:46	2017-03-21	表示	GitHub Exploit DB Packet Storm

245502	6.1	MEDIUM ネットワーク	juniper	junos_space	Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to steal sensitive information or perform certain administrative actions.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-4930	2017-03-23 04:45	2017-03-21	表示	GitHub Exploit DB Packet Storm

245503	8.8	HIGH ネットワーク	juniper	junos_space	Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space.	CWE-352 同一生成元ポリシー違反	CVE-2016-4928	2017-03-23 04:43	2017-03-21	表示	GitHub Exploit DB Packet Storm

245504	8.1	HIGH ネットワーク	juniper	junos_space	Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices.	CWE-20 不適切な入力確認	CVE-2016-4927	2017-03-23 04:34	2017-03-21	表示	GitHub Exploit DB Packet Storm

245505	9.8	CRITICAL ネットワーク	juniper	junos_space	Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authe…	CWE-287 不適切な認証	CVE-2016-4926	2017-03-23 04:24	2017-03-21	表示	GitHub Exploit DB Packet Storm

245506	8.8	HIGH ネットワーク	juniper	junos_space	Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user.	CWE-77 コマンドインジェクション	CVE-2016-4929	2017-03-23 02:16	2017-03-21	表示	GitHub Exploit DB Packet Storm

245507	6.1	MEDIUM ネットワーク	concrete5	concrete5	An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (fID) passed to the "concrete5-legacy-master/web/concrete/tools/files/se…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-6908	2017-03-22 22:38	2017-03-15	表示	GitHub Exploit DB Packet Storm

245508	8.8	HIGH ネットワーク	mcafee	vulnerability_manager	Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows attackers to more easily decrypt user pa…	CWE-310 暗号の問題	CVE-2015-8989	2017-03-22 22:28	2017-03-15	表示	GitHub Exploit DB Packet Storm

245509	5.5	MEDIUM ローカル	ibm	cognos_business_intelligence	IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671.	CWE-532 ログファイルからの情報漏えい	CVE-2016-9985	2017-03-22 10:59	2017-03-9	表示	GitHub Exploit DB Packet Storm

245510	9.8	CRITICAL ネットワーク	podofo_project	podofo	Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size.	CWE-119 バッファエラー	CVE-2015-8981	2017-03-22 04:05	2017-03-17	表示	GitHub Exploit DB Packet Storm

245511	5.3	MEDIUM ネットワーク	weblate	weblate	The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate use…	CWE-200 情報漏えい	CVE-2017-5537	2017-03-22 03:56	2017-03-16	表示	GitHub Exploit DB Packet Storm

245512	4.3	MEDIUM ネットワーク	cisco	prime_optical	A RADIUS Secret Disclosure vulnerability in the web network management interface of Cisco Prime Optical for Service Providers could allow an authenticated, remote attacker to disclose sensitive infor…	CWE-200 情報漏えい	CVE-2017-3871	2017-03-22 02:53	2017-03-18	表示	GitHub Exploit DB Packet Storm

245513	9.8	CRITICAL ネットワーク	cerberus	cerberus_ftp_server	Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command.	CWE-119 バッファエラー	CVE-2017-6880	2017-03-22 01:54	2017-03-18	表示	GitHub Exploit DB Packet Storm

245514	9.8	CRITICAL ネットワーク	easycom-aura	easycom_for_php	Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PHP 4.0.0.29 allows remote attackers to execute arbitrary code via the server argument to the (1) i5_connect, (2) i5_pconnect, or (…	CWE-119 バッファエラー	CVE-2017-5358	2017-03-22 00:17	2017-03-16	表示	GitHub Exploit DB Packet Storm

245515	6.1	MEDIUM ネットワーク	sitecore	experience_platform	Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-8855	2017-03-21 23:30	2017-03-20	表示	GitHub Exploit DB Packet Storm

245516	7.1	HIGH ネットワーク	rapid7	metasploit	All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build …	CWE-22 パス・トラバーサル	CVE-2017-5228	2017-03-21 10:59	2017-03-3	表示	GitHub Exploit DB Packet Storm

245517	7.1	HIGH ネットワーク	rapid7	metasploit	All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafte…	CWE-22 パス・トラバーサル	CVE-2017-5229	2017-03-21 10:59	2017-03-3	表示	GitHub Exploit DB Packet Storm

245518	7.1	HIGH ネットワーク	rapid7	metasploit	All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specia…	CWE-22 パス・トラバーサル	CVE-2017-5231	2017-03-21 10:59	2017-03-3	表示	GitHub Exploit DB Packet Storm

245519	7.8	HIGH ローカル	rapid7	nexpose	All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current worki…	CWE-426 信頼性のない検索パス	CVE-2017-5232	2017-03-21 10:59	2017-03-3	表示	GitHub Exploit DB Packet Storm

245520	7.5	HIGH ネットワーク	efssoft	easy_file_sharing_ftp_server	Easy File Sharing FTP Server version 3.6 is vulnerable to a directory traversal vulnerability which allows an attacker to list and download any file from any folder outside the FTP root Directory.	CWE-22 パス・トラバーサル	CVE-2017-6510	2017-03-21 10:59	2017-03-16	表示	GitHub Exploit DB Packet Storm

245521	6.1	MEDIUM ネットワーク	django-epiceditor_project	django-epiceditor	There is a cross-site scripting vulnerability in django-epiceditor 0.2.3 via crafted content in a form field.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-6591	2017-03-21 10:59	2017-03-10	表示	GitHub Exploit DB Packet Storm

245522	8.6	HIGH ネットワーク	ca_technologies	unified_infrastructure_management	An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be wit…	CWE-22 パス・トラバーサル	CVE-2016-5803	2017-03-21 10:59	2017-02-14	表示	GitHub Exploit DB Packet Storm

245523	5.5	MEDIUM ローカル	libtiff	libtiff	LibTIFF allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file.	CWE-399 リソース管理の問題	CVE-2015-7313	2017-03-21 02:02	2017-03-17	表示	GitHub Exploit DB Packet Storm

245524	7.5	HIGH ネットワーク	apng2gif_project	apng2gif	An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer overflow. This is related to the read_chunk function making an unchecked addition of 12.	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2017-6962	2017-03-21 02:00	2017-03-17	表示	GitHub Exploit DB Packet Storm

245525	7.5	HIGH ネットワーク	wondercms	wondercms	Wonder CMS 2014 allows remote attackers to obtain sensitive information by viewing /files/password, which reveals the unsalted MD5 hashed password.	CWE-200 情報漏えい	CVE-2014-8701	2017-03-21 02:00	2017-03-17	表示	GitHub Exploit DB Packet Storm

245526	5.5	MEDIUM ローカル	calibre-ebook	calibre	The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript.	CWE-264 認可・権限・アクセス制御	CVE-2016-10187	2017-03-21 01:59	2017-03-17	表示	GitHub Exploit DB Packet Storm

245527	5.3	MEDIUM ネットワーク	qdpm	qdpm	qdPM 8.3 allows remote attackers to obtain sensitive information via invalid ID value to index.php/users/info/id/[ID], which reveals the installation path in an error message.	CWE-200 情報漏えい	CVE-2015-3882	2017-03-21 01:59	2017-03-17	表示	GitHub Exploit DB Packet Storm

245528	5.5	MEDIUM ローカル	apng2gif_project	apng2gif	An issue was discovered in apng2gif 1.7. There is improper sanitization of user input causing huge memory allocations, resulting in a crash. This is related to the read_chunk function using the pChun…	CWE-20 不適切な入力確認	CVE-2017-6961	2017-03-21 01:58	2017-03-17	表示	GitHub Exploit DB Packet Storm

245529	6.1	MEDIUM ネットワーク	wondercms	wondercms	Cross-site scripting (XSS) vulnerability in Wonder CMS 2014 allows remote attackers to inject arbitrary web script or HTML.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-8703	2017-03-21 01:58	2017-03-17	表示	GitHub Exploit DB Packet Storm

245530	9.8	CRITICAL ネットワーク	wondercms	wondercms	Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include and execute arbitrary local files via a crafted theme.	CWE-22 パス・トラバーサル	CVE-2014-8704	2017-03-21 01:58	2017-03-17	表示	GitHub Exploit DB Packet Storm

245531	9.8	CRITICAL ネットワーク	wondercms	wondercms	PHP remote file inclusion vulnerability in editInplace.php in Wonder CMS 2014 allows remote attackers to execute arbitrary PHP code via a URL in the hook parameter.	CWE-20 不適切な入力確認	CVE-2014-8705	2017-03-21 01:57	2017-03-17	表示	GitHub Exploit DB Packet Storm

245532	7.5	HIGH ネットワーク	qdpm	qdpm	Information disclosure issue in qdPM 8.3 allows remote attackers to obtain sensitive information via a direct request to (1) core/config/databases.yml, (2) core/log/qdPM_prod.log, or (3) core/apps/qd…	CWE-200 情報漏えい	CVE-2015-3881	2017-03-21 01:55	2017-03-17	表示	GitHub Exploit DB Packet Storm

245533	9.8	CRITICAL ネットワーク	pluck-cms	pluck	Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via the blog form feature.	CWE-264 認可・権限・アクセス制御	CVE-2014-8708	2017-03-21 01:55	2017-03-17	表示	GitHub Exploit DB Packet Storm

245534	6.1	MEDIUM ネットワーク	qdpm	qdpm	Multiple cross-site scripting (XSS) vulnerabilities in qdPM 8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) search[keywords] parameter to index.php/users page; the (2) "…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2015-3883	2017-03-21 01:51	2017-03-17	表示	GitHub Exploit DB Packet Storm

245535	5.4	MEDIUM ネットワーク	pluck-cms	pluck	Cross-site scripting (XSS) vulnerability in TinyMCE in Pluck CMS 4.7.2 allows remote authenticated users to inject arbitrary web script or HTML via the "edit HTML source" option.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-8707	2017-03-21 01:49	2017-03-17	表示	GitHub Exploit DB Packet Storm

245536	5.3	MEDIUM ネットワーク	get-simple	getsimple_cms	GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation …	CWE-200 情報漏えい	CVE-2014-8723	2017-03-21 01:49	2017-03-17	表示	GitHub Exploit DB Packet Storm

245537	6.1	MEDIUM ネットワーク	zammad	zammad	An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attachments are opened in a new tab instead of getting downloaded. This creates an attack vector of exe…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-5620	2017-03-18 10:59	2017-03-13	表示	GitHub Exploit DB Packet Storm

245538	6.1	MEDIUM ネットワーク	zammad	zammad	An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. XSS can be triggered via malicious HTML in a chat message or the content of a ticket article, when using ei…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-5621	2017-03-18 10:59	2017-03-13	表示	GitHub Exploit DB Packet Storm

245539	6.1	MEDIUM ネットワーク	webpagetest_project	webpagetest	A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (pssid) passed to the webpagetest-master/www/pss.ph…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-6534	2017-03-18 10:59	2017-03-8	表示	GitHub Exploit DB Packet Storm

245540	6.1	MEDIUM ネットワーク	webpagetest_project	webpagetest	Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, url) passed to the webpagetes…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-6535	2017-03-18 10:59	2017-03-8	表示	GitHub Exploit DB Packet Storm

245541	6.1	MEDIUM ネットワーク	webpagetest_project	webpagetest	Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (url, pssid) passed to the webpagetest-ma…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-6536	2017-03-18 10:59	2017-03-8	表示	GitHub Exploit DB Packet Storm

245542	6.1	MEDIUM ネットワーク	webpagetest_project	webpagetest	A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (bgcolor) passed to the webpagetest-master/www/vide…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-6537	2017-03-18 10:59	2017-03-8	表示	GitHub Exploit DB Packet Storm

245543	6.1	MEDIUM ネットワーク	webpagetest_project	webpagetest	A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (video) passed to the webpagetest-master/www/speedi…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-6538	2017-03-18 10:59	2017-03-8	表示	GitHub Exploit DB Packet Storm

245544	6.1	MEDIUM ネットワーク	webpagetest_project	webpagetest	Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, time) passed to the webpagete…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-6539	2017-03-18 10:59	2017-03-8	表示	GitHub Exploit DB Packet Storm

245545	6.1	MEDIUM ネットワーク	webpagetest_project	webpagetest	Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (configs) passed to the webpagetest-maste…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-6540	2017-03-18 10:59	2017-03-8	表示	GitHub Exploit DB Packet Storm

245546	6.1	MEDIUM ネットワーク	webpagetest_project	webpagetest	Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, time) passed to the webpagete…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-6541	2017-03-18 10:59	2017-03-8	表示	GitHub Exploit DB Packet Storm

245547	5.4	MEDIUM ネットワーク	cmsmadesimple	cms_made_simple	Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description paramet…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-6555	2017-03-18 10:59	2017-03-9	表示	GitHub Exploit DB Packet Storm

245548	5.4	MEDIUM ネットワーク	cmsmadesimple	cms_made_simple	Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage > sitesetting > General Settings …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-6556	2017-03-18 10:59	2017-03-9	表示	GitHub Exploit DB Packet Storm

245549	6.1	MEDIUM ネットワーク	mangoswebv4_project	mangoswebv4	paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.faq.php (id parameter).	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-6808	2017-03-18 10:59	2017-03-11	表示	GitHub Exploit DB Packet Storm

245550	6.1	MEDIUM ネットワーク	mangoswebv4_project	mangoswebv4	paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.donate.php (id parameter).	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-6809	2017-03-18 10:59	2017-03-11	表示	GitHub Exploit DB Packet Storm