NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年9月23日5:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
256551	7.8	HIGH	opera	opera_browser	Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors.	NVD-CWE-noinfo CWE-200 情報漏えい	CVE-2008-5683	2012-06-8 02:18	2008-12-20	表示	GitHub Exploit DB Packet Storm

256552	6.8	MEDIUM	opera	opera_browser	Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a b…	CWE-287 不適切な認証	CVE-2009-2070	2012-06-8 01:12	2009-06-16	表示	GitHub Exploit DB Packet Storm

256553	10.0	HIGH	opera	opera_browser	Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a "moderately severe issue."	NVD-CWE-noinfo	CVE-2009-0916	2012-06-7 13:00	2009-03-17	表示	GitHub Exploit DB Packet Storm

256554	4.3	MEDIUM	bandainamcogames	madomagi-ip_android	The Puella Magi Madoka Magica iP application 1.05 and earlier for Android places cleartext Twitter credentials in a log file, which allows remote attackers to obtain sensitive information via a craft…	CWE-255 証明書・パスワード管理	CVE-2012-2630	2012-06-6 13:00	2012-06-5	表示	GitHub Exploit DB Packet Storm

256555	6.5	MEDIUM	bestpractical	rt	Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arb…	CWE-264 認可・権限・アクセス制御	CVE-2011-5093	2012-06-6 01:34	2012-06-5	表示	GitHub Exploit DB Packet Storm

256556	7.5	HIGH	bestpractical	rt	Best Practical Solutions RT 3.8.x before 3.8.12 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code and gain privileges via unspecified vectors, a different vulnerability than CVE-…	CWE-264 認可・権限・アクセス制御	CVE-2011-5092	2012-06-6 01:31	2012-06-5	表示	GitHub Exploit DB Packet Storm

256557	4.3	MEDIUM	rssowl	rssowl	Cross-site scripting (XSS) vulnerability in RSSOwl before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a feed, a different vulnerability than CVE-2006-4760.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-1252	2012-06-5 13:00	2012-06-5	表示	GitHub Exploit DB Packet Storm

256558	10.0	HIGH	cogentdatahub	cogent_datahub	Multiple stack-based buffer overflows in the DH_OneSecondTick function in Cogent DataHub 7.1.1.63 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrar…	CWE-119 バッファエラー	CVE-2011-3493	2012-06-4 13:00	2011-09-16	表示	GitHub Exploit DB Packet Storm

256559	7.1	HIGH	typo3	typo3	The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values dur…	CWE-264 認可・権限・アクセス制御	CVE-2010-3714	2012-06-1 12:33	2010-10-26	表示	GitHub Exploit DB Packet Storm

256560	5.0	MEDIUM	php-collab	phpcollab	phpCollab 2.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by topics/noti_newt…	CWE-200 情報漏えい	CVE-2011-3772	2012-05-31 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256561	5.0	MEDIUM	idevspot	phphostbot	PhpHostBot 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/create_ac…	CWE-200 情報漏えい	CVE-2011-3779	2012-05-31 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256562	4.3	MEDIUM	roundup-tracker	roundup	Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-2491	2012-05-31 13:00	2010-09-25	表示	GitHub Exploit DB Packet Storm

256563	5.4	MEDIUM	cisco	ios unified_communications_manager	Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted respo…	CWE-399 リソース管理の問題	CVE-2011-4019	2012-05-30 13:00	2012-05-3	表示	GitHub Exploit DB Packet Storm

256564	2.1	LOW	apple	mac_os_x mac_os_x_server	Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspeci…	CWE-264 認可・権限・アクセス制御	CVE-2012-0657	2012-05-30 12:42	2012-05-11	表示	GitHub Exploit DB Packet Storm

256565	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a mo…	CWE-119 バッファエラー	CVE-2012-0658	2012-05-30 12:42	2012-05-11	表示	GitHub Exploit DB Packet Storm

256566	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.	CWE-189 数値処理の問題	CVE-2012-0659	2012-05-30 12:42	2012-05-11	表示	GitHub Exploit DB Packet Storm

256567	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.	CWE-119 バッファエラー	CVE-2012-0660	2012-05-30 12:42	2012-05-11	表示	GitHub Exploit DB Packet Storm

256568	7.5	HIGH	apple	mac_os_x mac_os_x_server	Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via…	CWE-189 数値処理の問題	CVE-2012-0662	2012-05-30 12:42	2012-05-11	表示	GitHub Exploit DB Packet Storm

256569	4.3	MEDIUM	apple	mac_os_x mac_os_x_server	Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Caps…	CWE-287 不適切な認証	CVE-2012-0675	2012-05-30 12:42	2012-05-11	表示	GitHub Exploit DB Packet Storm

256570	5.0	MEDIUM	cisco	unified_meetingplace	The web server in Cisco Unified MeetingPlace 6.1 and 8.5 produces different responses for directory queries depending on whether the directory exists, which allows remote attackers to enumerate direc…	CWE-200 情報漏えい	CVE-2011-4232	2012-05-30 12:40	2012-05-3	表示	GitHub Exploit DB Packet Storm

256571	6.5	MEDIUM	pligg	pligg_cms	Directory traversal vulnerability in the captcha module in Pligg CMS before 1.2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the captcha para…	CWE-22 パス・トラバーサル	CVE-2012-2435	2012-05-29 13:00	2012-05-28	表示	GitHub Exploit DB Packet Storm

256572	2.6	LOW	zen-cart	zen_cart	Cross-site scripting (XSS) vulnerability in zc_install/includes/modules/pages/database_setup/header_php.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote attacker…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-1413	2012-05-28 13:00	2012-05-28	表示	GitHub Exploit DB Packet Storm

256573	2.6	LOW	oscommerce	online_merchant	Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-1792	2012-05-28 13:00	2012-05-28	表示	GitHub Exploit DB Packet Storm

256574	7.2	HIGH	measuresoft	scadapro_client scadapro_server	Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users to gain privileges via a Trojan horse DLL in the current working di…	NVD-CWE-Other	CVE-2012-1824	2012-05-28 13:00	2012-05-26	表示	GitHub Exploit DB Packet Storm

256575	4.3	MEDIUM	sitracker	support_incident_tracker	Cross-site scripting (XSS) vulnerability in Support Incident Tracker (SiT!) 3.65 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, which is…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-2235	2012-05-28 13:00	2012-05-28	表示	GitHub Exploit DB Packet Storm

256576	7.8	HIGH	xarrow	xarrow	The server in xArrow before 3.4.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors.	CWE-399 リソース管理の問題	CVE-2012-2426	2012-05-28 13:00	2012-05-26	表示	GitHub Exploit DB Packet Storm

256577	10.0	HIGH	xarrow	xarrow	Heap-based buffer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via packets that trigger an invalid free operation.	CWE-119 バッファエラー	CVE-2012-2427	2012-05-28 13:00	2012-05-26	表示	GitHub Exploit DB Packet Storm

256578	10.0	HIGH	xarrow	xarrow	Integer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via a crafted packet that triggers an out-of-bounds read operation.	CWE-189 数値処理の問題	CVE-2012-2428	2012-05-28 13:00	2012-05-26	表示	GitHub Exploit DB Packet Storm

256579	10.0	HIGH	xarrow	xarrow	The server in xArrow before 3.4.1 performs an invalid read operation, which allows remote attackers to execute arbitrary code via unspecified vectors.	CWE-189 数値処理の問題	CVE-2012-2429	2012-05-28 13:00	2012-05-26	表示	GitHub Exploit DB Packet Storm

256580	7.5	HIGH	johan_cwiklinski	galette	SQL injection vulnerability in includes/picture.class.php in Galette 0.63, 0.63.1, 0.63.2, 0.63.3, and 0.64rc1 allows remote attackers to execute arbitrary SQL commands via the id_adh parameter to pi…	CWE-89 SQLインジェクション	CVE-2012-2338	2012-05-23 02:25	2012-05-22	表示	GitHub Exploit DB Packet Storm

256581	4.3	MEDIUM	symantec	web_gateway	Multiple cross-site scripting (XSS) vulnerabilities in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vect…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-0296	2012-05-23 01:37	2012-05-22	表示	GitHub Exploit DB Packet Storm

256582	3.3	LOW	debian	texlive-extra-utils	latex2man in texlive-extra-utils 2011.20120322, and possibly other versions or packages, when used with the H or T option, allows local users to overwrite arbitrary files via a symlink attack on a te…	CWE-264 認可・権限・アクセス制御	CVE-2012-2120	2012-05-22 01:24	2012-05-19	表示	GitHub Exploit DB Packet Storm

256583	1.9	LOW	tembria	server_monitor	Tembria Server Monitor before 6.0.5 Build 2252 uses a substitution cipher to encrypt application credentials, which allows local users to obtain sensitive information by leveraging read access to (1)…	CWE-310 暗号の問題	CVE-2011-3685	2012-05-21 13:00	2011-09-28	表示	GitHub Exploit DB Packet Storm

256584	4.3	MEDIUM	sonexis	conferencemanager	Multiple cross-site scripting (XSS) vulnerabilities in myAddressBook.asp in Sonexis ConferenceManager 9.2.11.0 and 9.3.14.0 allow remote attackers to inject arbitrary web script or HTML via the (1) f…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-3686	2012-05-21 13:00	2011-09-28	表示	GitHub Exploit DB Packet Storm

256585	4.3	MEDIUM	tembria	server_monitor	Multiple cross-site scripting (XSS) vulnerabilities in Tembria Server Monitor before 6.0.5 Build 2252 allow remote attackers to inject arbitrary web script or HTML via (1) the siteid parameter to log…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-3684	2012-05-21 13:00	2011-09-28	表示	GitHub Exploit DB Packet Storm

256586	4.3	MEDIUM	wibu	codemeter_webadmin	Cross-site scripting (XSS) vulnerability in Licenses.html in Wibu-Systems CodeMeter WebAdmin 3.30 and 4.30 allows remote attackers to inject arbitrary web script or HTML via the BoxSerial parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-3689	2012-05-21 13:00	2011-09-28	表示	GitHub Exploit DB Packet Storm

256587	1.9	LOW	netsaro	enterprise_messenger_server	NetSaro Enterprise Messenger Server 2.0 stores cleartext console credentials in configuration.xml, which allows local users to obtain sensitive information by reading this file and performing a base6…	CWE-310 暗号の問題	CVE-2011-3692	2012-05-21 13:00	2011-09-28	表示	GitHub Exploit DB Packet Storm

256588	1.9	LOW	netsaro	enterprise_messenger_server	NetSaro Enterprise Messenger Server 2.0 allows local users to discover cleartext server credentials by reading the NetSaro.fdb file.	CWE-310 暗号の問題	CVE-2011-3693	2012-05-21 13:00	2011-09-28	表示	GitHub Exploit DB Packet Storm

256589	5.0	MEDIUM	netsaro	enterprise_messenger_server	The Server Administration Console in NetSaro Enterprise Messenger Server 2.0 allows remote attackers to read application source code by appending a %00 character to a URL.	CWE-200 情報漏えい	CVE-2011-3694	2012-05-21 13:00	2011-09-28	表示	GitHub Exploit DB Packet Storm

256590	5.0	MEDIUM	phpicalendar	php_icalendar	PHP iCalendar 2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by rss/rss_comm…	CWE-200 情報漏えい	CVE-2011-3780	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256591	5.0	MEDIUM	phpids	phpids	PHPIDS 0.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/IDS/Version…	CWE-200 情報漏えい	CVE-2011-3781	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256592	5.0	MEDIUM	phplinkdirectory	phpld	phpLD 2-151.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libs/smarty/Sm…	CWE-200 情報漏えい	CVE-2011-3782	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256593	5.0	MEDIUM	phpmyfaq	phpmyfaq	phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lang/language_…	CWE-200 情報漏えい	CVE-2011-3783	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256594	5.0	MEDIUM	phpnuke	php-nuke	Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by t…	CWE-200 情報漏えい	CVE-2011-3784	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256595	5.0	MEDIUM	phppointofsale	php_point_of_sale	PHP Point Of Sale (POS) 10.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by s…	CWE-200 情報漏えい	CVE-2011-3785	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256596	5.0	MEDIUM	phprojekt	phprojekt	PHProjekt 6.0.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Setup/Controll…	CWE-200 情報漏えい	CVE-2011-3786	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256597	5.0	MEDIUM	nick_korbel	phpscheduleit	phpScheduleIt 1.2.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates…	CWE-200 情報漏えい	CVE-2011-3787	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256598	5.0	MEDIUM	phpsec	phpsecinfo	PhpSecInfo 0.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Test/Test_Suh…	CWE-200 情報漏えい	CVE-2011-3788	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256599	5.0	MEDIUM	phpwcms	phpwcms	phpwcms 1.4.7 r412 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by template/in…	CWE-200 情報漏えい	CVE-2011-3789	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256600	5.0	MEDIUM	piwigo	piwigo	Piwigo 2.1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/metadata.ph…	CWE-200 情報漏えい	CVE-2011-3790	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm