NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年9月23日5:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
256451	9.0	HIGH	cisco	telepresence_recording_server	The administrative web interface on Cisco TelePresence Recording Server before 1.8.0 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Bug ID CSCth85804.	CWE-78 OSコマンド・インジェクション	CVE-2012-3076	2012-07-12 19:34	2012-07-12	表示	GitHub Exploit DB Packet Storm

256452	10.0	HIGH	netsweeper	netsweeper	Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447.	NVD-CWE-noinfo	CVE-2012-3859	2012-07-10 23:29	2012-07-10	表示	GitHub Exploit DB Packet Storm

256453	6.8	MEDIUM	netsweeper	netsweeper	Cross-site request forgery (CSRF) vulnerability in accountmgr/adminupdate.php in the WebAdmin Portal in Netsweeper allows remote attackers to hijack the authentication of administrators for requests …	CWE-352 同一生成元ポリシー違反	CVE-2012-2447	2012-07-10 23:10	2012-07-10	表示	GitHub Exploit DB Packet Storm

256454	4.3	MEDIUM	netsweeper	netsweeper	Cross-site scripting (XSS) vulnerability in tools/local_lookup.php in the WebAdmin Portal in Netsweeper allows remote attackers to inject arbitrary web script or HTML via the group parameter in a loo…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-2446	2012-07-10 23:05	2012-07-10	表示	GitHub Exploit DB Packet Storm

256455	4.3	MEDIUM	aladdin fortinet pandasecurity rising-global	esafe fortinet_antivirus panda_antivirus rising_antivirus	The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file wit…	CWE-264 認可・権限・アクセス制御	CVE-2012-1445	2012-07-10 13:28	2012-03-21	表示	GitHub Exploit DB Packet Storm

256456	4.3	MEDIUM	ibm	websphere_application_server	Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via unspe…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-0716	2012-07-10 13:27	2012-06-20	表示	GitHub Exploit DB Packet Storm

256457	7.8	HIGH	f5	big-ip_application_security_manager big-ip_global_traffic_manager big-ip_local_traffic_manager tmos big-ip_1000 big-ip_11000 big-ip_11050 big-ip_1500 big-ip_1600 big-ip_240…	F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x befor…	CWE-255 証明書・パスワード管理	CVE-2012-1493	2012-07-10 13:00	2012-07-10	表示	GitHub Exploit DB Packet Storm

256458	7.8	HIGH	synel	sy-780\/a_time_\&_attendance_terminal	The Synel SY-780/A Time & Attendance terminal allows remote attackers to cause a denial of service (device hang) via network traffic to port (1) 1641, (2) 3734, or (3) 3735.	CWE-399 リソース管理の問題	CVE-2012-2970	2012-07-10 13:00	2012-07-10	表示	GitHub Exploit DB Packet Storm

256459	4.3	MEDIUM	astaro sophos	security_gateway_software security_gateway unified_threat_management_software unified_threat_management	Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Co…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-3238	2012-07-10 13:00	2012-07-10	表示	GitHub Exploit DB Packet Storm

256460	4.3	MEDIUM	hazama	mt4i	Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-2644	2012-07-9 23:28	2012-07-7	表示	GitHub Exploit DB Packet Storm

256461	4.3	MEDIUM	hazama	mt4i	Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-2642	2012-07-9 13:00	2012-07-7	表示	GitHub Exploit DB Packet Storm

256462	4.3	MEDIUM	kent-web	yy-board	Cross-site scripting (XSS) vulnerability in KENT-WEB YY-BOARD before 6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted form entry.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-2643	2012-07-9 13:00	2012-07-7	表示	GitHub Exploit DB Packet Storm

256463	6.8	MEDIUM	symantec	message_filter	Multiple cross-site request forgery (CSRF) vulnerabilities in Brightmail Control Center in Symantec Message Filter 6.3 allow remote attackers to hijack the authentication of arbitrary users for reque…	CWE-352 同一生成元ポリシー違反	CVE-2012-0303	2012-07-6 23:14	2012-07-6	表示	GitHub Exploit DB Packet Storm

256464	5.4	MEDIUM	symantec	message_filter	Session fixation vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to hijack web sessions via unspecified vectors.	CWE-287 不適切な認証	CVE-2012-0301	2012-07-6 23:05	2012-07-6	表示	GitHub Exploit DB Packet Storm

256465	4.3	MEDIUM	zenphoto	zenphoto	Cross-site scripting (XSS) vulnerability in Zenphoto before 1.4.3 allows remote attackers to inject arbitrary web script or HTML by triggering improper interaction with an unspecified library.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-2641	2012-07-6 13:00	2012-07-6	表示	GitHub Exploit DB Packet Storm

256466	2.6	LOW	redhat	dtach	Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an …	CWE-189 数値処理の問題	CVE-2012-3368	2012-07-4 13:00	2012-07-4	表示	GitHub Exploit DB Packet Storm

256467	4.3	MEDIUM	gnome	gdk-pixbuf	The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (…	NVD-CWE-Other	CVE-2011-2485	2012-07-4 01:40	2012-07-4	表示	GitHub Exploit DB Packet Storm

256468	1.2	LOW	apache	http_server	The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of envi…	CWE-20 不適切な入力確認	CVE-2011-4415	2012-07-3 13:04	2011-11-8	表示	GitHub Exploit DB Packet Storm

256469	7.5	HIGH	php	php	The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging pot…	CWE-94 コード・インジェクション	CVE-2011-3379	2012-07-3 13:02	2011-11-4	表示	GitHub Exploit DB Packet Storm

256470	4.3	MEDIUM	secureideas	basic_analysis_and_security_engine	Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[1] parame…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-4837	2012-07-3 13:00	2010-05-6	表示	GitHub Exploit DB Packet Storm

256471	7.5	HIGH	secureideas	basic_analysis_and_security_engine	SQL injection vulnerability in base_ag_common.php in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NO…	CWE-89 SQLインジェクション	CVE-2009-4838	2012-07-3 13:00	2010-05-6	表示	GitHub Exploit DB Packet Storm

256472	4.3	MEDIUM	secureideas	basic_analysis_and_security_engine	Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE), possibly 1.4.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via unspeci…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-4839	2012-07-3 13:00	2010-05-6	表示	GitHub Exploit DB Packet Storm

256473	4.3	MEDIUM	secureideas	basic_analysis_and_security_engine	Multiple cross-site scripting (XSS) vulnerabilities in base_qry_main.php in Base Analysis and Security Engine (BASE) before 1.3.9 allow remote attackers to inject arbitrary web script or HTML via the…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-6156	2012-07-3 13:00	2007-11-29	表示	GitHub Exploit DB Packet Storm

256474	7.5	HIGH	acid secureideas	analysis_console_for_intrusion_databases basic_analysis_and_security_engine	Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2,…	CWE-89 SQLインジェクション	CVE-2005-3325	2012-07-3 13:00	2005-10-27	表示	GitHub Exploit DB Packet Storm

256475	2.1	LOW	mikel_olasagasti	revelation	The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the version number but not the password when exporting a file, which might allow local users to obtain sensitive information.	CWE-310 暗号の問題	CVE-2012-3818	2012-07-2 21:36	2012-06-30	表示	GitHub Exploit DB Packet Storm

256476	4.3	MEDIUM	webatall	web\@all	Cross-site scripting (XSS) vulnerability in search.php in web@all 2.0, as downloaded before May 30, 2012, allows remote attackers to inject arbitrary web script or HTML via the _text[title] parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-3232	2012-07-2 21:22	2012-06-30	表示	GitHub Exploit DB Packet Storm

256477	4.3	MEDIUM	paul_lesniewsk	autocomplete	Cross-site scripting (XSS) vulnerability in the Autocomplete plugin before 3.0 for SquirrelMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-0323	2012-07-2 13:00	2012-03-9	表示	GitHub Exploit DB Packet Storm

256478	2.1	LOW	david_paleino	wicd	The DBus configuration file for Wicd before 1.5.9 allows arbitrary users to own org.wicd.daemon, which allows local users to receive messages that were intended for the Wicd daemon, possibly includin…	CWE-16 環境設定	CVE-2009-0489	2012-07-2 13:00	2009-02-10	表示	GitHub Exploit DB Packet Storm

256479	5.0	MEDIUM	wordpress	wordpress	The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a deni…	CWE-20 不適切な入力確認	CVE-2011-4957	2012-06-28 21:57	2012-06-28	表示	GitHub Exploit DB Packet Storm

256480	2.6	LOW	roundcube	webmail	Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.7, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via vectors involving an embed…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-1253	2012-06-28 13:00	2012-06-5	表示	GitHub Exploit DB Packet Storm

256481	6.5	MEDIUM	collabnet	scrumworks	The server in CollabNet ScrumWorks Pro before 6.0 allows remote authenticated users to gain privileges and obtain sensitive information via a modified desktop client.	CWE-264 認可・権限・アクセス制御	CVE-2012-2603	2012-06-28 13:00	2012-06-9	表示	GitHub Exploit DB Packet Storm

256482	6.8	MEDIUM	webatall	web\@all	Multiple cross-site request forgery (CSRF) vulnerabilities in web@all 2.0, as downloaded before May 30, 2012, allow remote attackers to hijack the authentication of administrators for requests that a…	CWE-352 同一生成元ポリシー違反	CVE-2012-3231	2012-06-28 13:00	2012-06-28	表示	GitHub Exploit DB Packet Storm

256483	7.5	HIGH	pippin_williamson	font_uploader	Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf…	CWE-264 認可・権限・アクセス制御	CVE-2012-3814	2012-06-28 13:00	2012-06-28	表示	GitHub Exploit DB Packet Storm

256484	10.0	HIGH	equis	metastock	Use-after-free vulnerability in Equis MetaStock 11 and earlier allows remote attackers to execute arbitrary code via a malformed (1) mwc chart, (2) mws chart, (3) mwt template, or (4) mwl layout.	CWE-399 リソース管理の問題	CVE-2011-3488	2012-06-28 13:00	2011-09-16	表示	GitHub Exploit DB Packet Storm

256485	4.3	MEDIUM	wordpress	wordpress	Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-4956	2012-06-28 13:00	2012-06-28	表示	GitHub Exploit DB Packet Storm

256486	3.5	LOW	geoff_davies	contact_forms	The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" …	CWE-264 認可・権限・アクセス制御	CVE-2012-2340	2012-06-28 12:43	2012-05-22	表示	GitHub Exploit DB Packet Storm

256487	5.1	MEDIUM	blaine_lang	filedepot	The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed using multiple different browsers from the same IP address, causes Internet Explorer sessions to "switch users" when uploading a …	CWE-264 認可・権限・アクセス制御	CVE-2012-2719	2012-06-28 01:51	2012-06-27	表示	GitHub Exploit DB Packet Storm

256488	5.0	MEDIUM	bryce_hamrick	janrain_capture	The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier t…	CWE-200 情報漏えい	CVE-2012-3798	2012-06-27 13:00	2012-06-27	表示	GitHub Exploit DB Packet Storm

256489	5.0	MEDIUM	canonical	ubuntu_linux	The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows rem…	CWE-200 情報漏えい	CVE-2012-0950	2012-06-26 13:00	2012-06-20	表示	GitHub Exploit DB Packet Storm

256490	6.9	MEDIUM	checkpoint	endpoint_connect endpoint_security endpoint_security_vpn remote_access_clients	Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint …	NVD-CWE-Other	CVE-2012-2753	2012-06-26 13:00	2012-06-20	表示	GitHub Exploit DB Packet Storm

256491	6.9	MEDIUM	checkpoint	endpoint_connect endpoint_security endpoint_security_vpn remote_access_clients	Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'	NVD-CWE-Other	CVE-2012-2753	2012-06-26 13:00	2012-06-20	表示	GitHub Exploit DB Packet Storm

256492	4.0	MEDIUM	digium	asterisk	chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon cr…	NVD-CWE-Other	CVE-2012-3553	2012-06-26 13:00	2012-06-20	表示	GitHub Exploit DB Packet Storm

256493	4.0	MEDIUM	digium	asterisk	Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'	NVD-CWE-Other	CVE-2012-3553	2012-06-26 13:00	2012-06-20	表示	GitHub Exploit DB Packet Storm

256494	7.5	HIGH	dell	wyse_device_manager	hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 que…	CWE-287 不適切な認証	CVE-2009-0695	2012-06-26 13:00	2012-06-20	表示	GitHub Exploit DB Packet Storm

256495	6.4	MEDIUM	php	php	PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.	CWE-264 認可・権限・アクセス制御	CVE-2001-1247	2012-06-25 13:00	2001-12-6	表示	GitHub Exploit DB Packet Storm

256496	2.6	LOW	ibm	websphere_application_server	IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication …	CWE-287 不適切な認証	CVE-2012-0717	2012-06-21 13:00	2012-06-20	表示	GitHub Exploit DB Packet Storm

256497	9.3	HIGH	cisco	anyconnect_secure_mobility_client	The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linu…	CWE-20 不適切な入力確認	CVE-2012-2493	2012-06-21 13:00	2012-06-21	表示	GitHub Exploit DB Packet Storm

256498	4.3	MEDIUM	cisco	anyconnect_secure_mobility_client	The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to t…	CWE-20 不適切な入力確認	CVE-2012-2494	2012-06-21 13:00	2012-06-21	表示	GitHub Exploit DB Packet Storm

256499	4.3	MEDIUM	cisco	anyconnect_secure_mobility_client secure_desktop	The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the…	CWE-20 不適切な入力確認	CVE-2012-2495	2012-06-21 13:00	2012-06-21	表示	GitHub Exploit DB Packet Storm

256500	4.3	MEDIUM	adiscon	loganalyzer	Cross-site scripting (XSS) vulnerability in index.php in Adiscon LogAnalyzer before 3.4.4 and 3.5.x before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the highlight param…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-3790	2012-06-21 13:00	2012-06-21	表示	GitHub Exploit DB Packet Storm