NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年9月22日20:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
256601	5.0	MEDIUM	pligg	pligg_cms	Pligg CMS 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by widgets/statis…	CWE-200 情報漏えい	CVE-2011-3794	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256602	5.0	MEDIUM	betella	podcast_generator	Podcast Generator 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by core/the…	CWE-200 情報漏えい	CVE-2011-3795	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256603	5.0	MEDIUM	prestashop	prestashop	PrestaShop 1.4.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by product-sor…	CWE-200 情報漏えい	CVE-2011-3796	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256604	5.0	MEDIUM	projectpier	projectpier	ProjectPier 0.8.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upg…	CWE-200 情報漏えい	CVE-2011-3797	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256605	5.0	MEDIUM	elazos	reos	ReOS 2.0.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by padmin/blocks/verga…	CWE-200 情報漏えい	CVE-2011-3799	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256606	5.0	MEDIUM	s9y	serendipity	Serendipity 1.5.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/ne…	CWE-200 情報漏えい	CVE-2011-3800	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256607	5.0	MEDIUM	simpletest	simpletest	SimpleTest 1.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by test/visual_t…	CWE-200 情報漏えい	CVE-2011-3801	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256608	5.0	MEDIUM	status	statusnet	StatusNet 0.9.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tpl/index.php …	CWE-200 情報漏えい	CVE-2011-3802	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256609	5.0	MEDIUM	sugarcrm	sugarcrm	SugarCRM 6.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Sugar5/l…	CWE-200 情報漏えい	CVE-2011-3803	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256610	5.0	MEDIUM	basic-cms	sweetrice	SweetRice 0.7.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by _plugin/tiny_m…	CWE-200 情報漏えい	CVE-2011-3804	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256611	5.0	MEDIUM	taskfreak	taskfreak\!_multi-mysql	TaskFreak! multi-mysql-0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc…	CWE-200 情報漏えい	CVE-2011-3805	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256612	5.0	MEDIUM	tecnick	tcexam	TCExam 11.1.015 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/code/tc…	CWE-200 情報漏えい	CVE-2011-3806	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256613	5.0	MEDIUM	textpattern	textpattern	Textpattern 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/txplib_d…	CWE-200 情報漏えい	CVE-2011-3807	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256614	5.0	MEDIUM	thebuggenie	the_bug_genie	The Bug Genie 2.1.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/sv…	CWE-200 情報漏えい	CVE-2011-3808	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256615	5.0	MEDIUM	thehostingtool	thehostingtool	TheHostingTool (THT) 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc…	CWE-200 情報漏えい	CVE-2011-3809	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256616	5.0	MEDIUM	tinywebgallery	tinywebgallery	TinyWebGallery (TWG) 1.8.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by i_f…	CWE-200 情報漏えい	CVE-2011-3810	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256617	5.0	MEDIUM	tomatocart	tomatocart	TomatoCart 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/sys…	CWE-200 情報漏えい	CVE-2011-3811	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256618	5.0	MEDIUM	vanillaforums	vanilla	Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/…	CWE-200 情報漏えい	CVE-2011-3812	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256619	5.0	MEDIUM	vwar	virtual_war	Virtual War (aka VWar) 1.5.0r15 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated b…	CWE-200 情報漏えい	CVE-2011-3813	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256620	5.0	MEDIUM	webidsupport	webid	WeBid 1.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by js/calendar.php an…	CWE-200 情報漏えい	CVE-2011-3815	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256621	5.0	MEDIUM	webinsta	mailing_list_manager	WEBinsta mailing list manager 1.3e allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrate…	CWE-200 情報漏えい	CVE-2011-3816	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256622	5.0	MEDIUM	websitebaker2	website_baker	Website Baker 2.8.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/medi…	CWE-200 情報漏えい	CVE-2011-3817	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256623	5.0	MEDIUM	wordpress	wordpress	WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by wp-a…	CWE-200 情報漏えい	CVE-2011-3818	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256624	5.0	MEDIUM	53x11	wow_server_status	WoW Server Status 4.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by status.p…	CWE-200 情報漏えい	CVE-2011-3819	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256625	5.0	MEDIUM	webmastersite	wsn_software	WSN Software 6.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/pr…	CWE-200 情報漏えい	CVE-2011-3820	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256626	5.0	MEDIUM	xajax-project	xajax	xajax 0.6 beta1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xajax_core/plu…	CWE-200 情報漏えい	CVE-2011-3821	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256627	5.0	MEDIUM	xoops	xoops	XOOPS 2.5.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/system/xoo…	CWE-200 情報漏えい	CVE-2011-3822	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256628	5.0	MEDIUM	yamamah	yamamah	Yamamah 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/default/ind…	CWE-200 情報漏えい	CVE-2011-3823	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256629	5.0	MEDIUM	yourls	yourls	Your Own URL Shortener (YOURLS) 1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrat…	CWE-200 情報漏えい	CVE-2011-3824	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256630	5.0	MEDIUM	zend	framework server	Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as …	CWE-200 情報漏えい	CVE-2011-3825	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256631	5.0	MEDIUM	zikula	zikula	Zikula 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/voodoodoll…	CWE-200 情報漏えい	CVE-2011-3826	2012-05-21 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256632	7.5	HIGH	mhproducts	download_center	SQL injection vulnerability in admin/login.php in MHP DownloadScript (aka MH Products Download Center) 2.2 allows remote attackers to execute arbitrary SQL commands via the Name parameter. NOTE: som…	CWE-89 SQLインジェクション	CVE-2010-4842	2012-05-21 13:00	2011-09-27	表示	GitHub Exploit DB Packet Storm

256633	7.8	HIGH	cisco	ios ios_xe	Unspecified vulnerability in Cisco IOS 12.4, 15.0, and 15.1, and IOS XE 2.5.x through 3.2.x, allows remote attackers to cause a denial of service (device reload) via a crafted SIP message, aka Bug ID…	NVD-CWE-noinfo	CVE-2011-0939	2012-05-18 13:00	2011-10-4	表示	GitHub Exploit DB Packet Storm

256634	7.8	HIGH	cisco	ios	Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (device reload) via malformed IPv6 packets, aka Bug ID CSCtj41194.	CWE-399 リソース管理の問題	CVE-2011-0944	2012-05-18 13:00	2011-10-4	表示	GitHub Exploit DB Packet Storm

256635	4.3	MEDIUM	twiki	twiki	Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, r…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-3010	2012-05-18 13:00	2011-09-30	表示	GitHub Exploit DB Packet Storm

256636	5.0	MEDIUM	juan_toledo	etherape	The add_conversation function in conversations.c in EtherApe before 0.9.12 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RPC packet, rel…	NVD-CWE-Other	CVE-2011-3369	2012-05-18 13:00	2011-10-1	表示	GitHub Exploit DB Packet Storm

256637	5.0	MEDIUM	juan_toledo	etherape	Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'	NVD-CWE-Other	CVE-2011-3369	2012-05-18 13:00	2011-10-1	表示	GitHub Exploit DB Packet Storm

256638	4.3	MEDIUM	punbb	punbb	Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csr…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-3371	2012-05-18 13:00	2011-10-3	表示	GitHub Exploit DB Packet Storm

256639	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application …	CWE-264 認可・権限・アクセス制御	CVE-2011-3458	2012-05-18 12:43	2012-02-3	表示	GitHub Exploit DB Packet Storm

256640	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie fil…	CWE-189 数値処理の問題	CVE-2011-3459	2012-05-18 12:43	2012-02-3	表示	GitHub Exploit DB Packet Storm

256641	7.5	HIGH	apple	mac_os_x mac_os_x_server	Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file.	CWE-119 バッファエラー	CVE-2011-3460	2012-05-18 12:43	2012-02-3	表示	GitHub Exploit DB Packet Storm

256642	10.0	HIGH	novell	groupwise	Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbit…	CWE-119 バッファエラー	CVE-2011-0333	2012-05-14 13:00	2011-10-8	表示	GitHub Exploit DB Packet Storm

256643	10.0	HIGH	novell	groupwise	Stack-based buffer overflow in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a long HTTP request for a .css file.	CWE-119 バッファエラー	CVE-2011-0334	2012-05-14 13:00	2011-10-8	表示	GitHub Exploit DB Packet Storm

256644	4.3	MEDIUM	cyber-ark	password_vault_web_access	Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault Web Access (PVWA) 5.0 and earlier, 5.5 through 5.5 patch 4, and 6.0 through 6.0 patch 2 allows remote attackers to inject arbitrar…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-0459	2012-05-14 13:00	2011-10-5	表示	GitHub Exploit DB Packet Storm

256645	7.8	HIGH	cisco	ios ios_xe	Memory leak in the Data-link switching (aka DLSw) feature in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xS before 3.1.3S and 3.2.xS before 3.2.1S, when implemented over Fast Se…	CWE-399 リソース管理の問題	CVE-2011-0945	2012-05-14 13:00	2011-10-4	表示	GitHub Exploit DB Packet Storm

256646	2.1	LOW	tedfelix	acpid	acpid.c in acpid before 2.0.9 does not properly handle a situation in which a process has connected to acpid.socket but is not reading any data, which allows local users to cause a denial of service …	CWE-20 不適切な入力確認	CVE-2011-1159	2012-05-14 13:00	2011-10-5	表示	GitHub Exploit DB Packet Storm

256647	4.3	MEDIUM	realnetworks	realplayer realplayer_sp	Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-1221	2012-05-14 13:00	2011-10-5	表示	GitHub Exploit DB Packet Storm

256648	9.3	HIGH	checkpoint	connectra_ngx vpn-1 vpn-1_firewall-1_vsx	Multiple unspecified vulnerabilities in Check Point SSL Network Extender (SNX), SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow re…	NVD-CWE-noinfo	CVE-2011-1827	2012-05-14 13:00	2011-10-5	表示	GitHub Exploit DB Packet Storm

256649	5.0	MEDIUM	cisco	ciscoworks_common_services	The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4.1 allows remote attackers to obtain potentially sensitive information about the engine name and dat…	CWE-200 情報漏えい	CVE-2011-2042	2012-05-14 13:00	2011-10-22	表示	GitHub Exploit DB Packet Storm

256650	2.1	LOW	cherokee-project	cherokee	The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords vi…	CWE-310 暗号の問題	CVE-2011-2190	2012-05-14 13:00	2011-10-7	表示	GitHub Exploit DB Packet Storm