NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2024年9月22日20:13

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
256651 5.0 MEDIUM
novell groupwise Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, a different vu… NVD-CWE-noinfo
CVE-2011-2218 2012-05-14 13:00 2011-10-8 表示 GitHub Exploit DB Packet Storm
256652 5.0 MEDIUM
novell groupwise Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, a different vu… NVD-CWE-noinfo
CVE-2011-2219 2012-05-14 13:00 2011-10-8 表示 GitHub Exploit DB Packet Storm
256653 8.5 HIGH
oracle database_server Unspecified vulnerability in the Oracle Text component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and… NVD-CWE-noinfo
CVE-2011-2301 2012-05-14 13:00 2011-10-19 表示 GitHub Exploit DB Packet Storm
256654 4.3 MEDIUM
oracle siebel_crm Unspecified vulnerability in the Siebel Apps - Marketing component in Oracle Siebel CRM 8.0.0 allows remote attackers to affect integrity via unknown vectors related to Email Marketing. NVD-CWE-noinfo
CVE-2011-2316 2012-05-14 13:00 2011-10-19 表示 GitHub Exploit DB Packet Storm
256655 3.6 LOW
oracle database_server Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.1.0.7 allows remote authenticated users to affect integrity and availability, related to SYSDBA. NVD-CWE-noinfo
CVE-2011-2322 2012-05-14 13:00 2011-10-19 表示 GitHub Exploit DB Packet Storm
256656 4.3 MEDIUM
novell groupwise Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 8.0 before HP3 allow remote attackers to inject arbitrary web script or HTML via the (1) Directory.Item.name or (2… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-2661 2012-05-14 13:00 2011-10-8 表示 GitHub Exploit DB Packet Storm
256657 10.0 HIGH
novell groupwise Integer signedness error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a negative BYWEEKNO property in a weekly RRULE var… CWE-189
数値処理の問題 		CVE-2011-2662 2012-05-14 13:00 2011-10-8 表示 GitHub Exploit DB Packet Storm
256658 7.8 HIGH
cisco ios
10008_router 		Unspecified vulnerability in Cisco IOS 12.2SB before 12.2(33)SB10 and 15.0S before 15.0(1)S3a on Cisco 10000 series routers allows remote attackers to cause a denial of service (device reload) via a … NVD-CWE-noinfo
CVE-2011-3270 2012-05-14 13:00 2011-10-4 表示 GitHub Exploit DB Packet Storm
256659 10.0 HIGH
cisco ios Unspecified vulnerability in the Smart Install functionality in Cisco IOS 12.2 and 15.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via crafted TCP p… NVD-CWE-noinfo
CVE-2011-3271 2012-05-14 13:00 2011-10-4 表示 GitHub Exploit DB Packet Storm
256660 7.8 HIGH
cisco ios Memory leak in Cisco IOS 15.0 through 15.1, when IPS or Zone-Based Firewall (aka ZBFW) is configured, allows remote attackers to cause a denial of service (memory consumption or device crash) via vec… CWE-399
リソース管理の問題 		CVE-2011-3273 2012-05-14 13:00 2011-10-4 表示 GitHub Exploit DB Packet Storm
256661 6.1 MEDIUM
cisco ios
ios_xe 		Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15.0, and 15.1, and IOS XE 2.1.x through 3.3.x, when an MPLS domain is configured, allows remote attackers to cause a denial of ser… NVD-CWE-noinfo
CVE-2011-3274 2012-05-14 13:00 2011-10-4 表示 GitHub Exploit DB Packet Storm
256662 7.8 HIGH
cisco ios
ios_xe 		Memory leak in Cisco IOS 12.4, 15.0, and 15.1, and IOS XE 2.5.x through 3.2.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted SIP message, aka Bug ID CSCti485… CWE-399
リソース管理の問題 		CVE-2011-3275 2012-05-14 13:00 2011-10-4 表示 GitHub Exploit DB Packet Storm
256663 7.8 HIGH
cisco ios_xe
ios 		Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or ha… NVD-CWE-noinfo
CVE-2011-3276 2012-05-14 13:00 2011-10-4 表示 GitHub Exploit DB Packet Storm
256664 7.8 HIGH
cisco ios Unspecified vulnerability in Cisco IOS 15.0 through 15.1, in certain HTTP Layer 7 Application Control and Inspection configurations, allows remote attackers to cause a denial of service (device reloa… NVD-CWE-noinfo
CVE-2011-3281 2012-05-14 13:00 2011-10-4 表示 GitHub Exploit DB Packet Storm
256665 7.8 HIGH
cisco ios
ios_xe 		Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15.0, and 15.1, and IOS XE 2.1.x through 3.3.x, when an MPLS domain is configured, allows remote attackers to cause a denial of ser… NVD-CWE-noinfo
CVE-2011-3282 2012-05-14 13:00 2011-10-4 表示 GitHub Exploit DB Packet Storm
256666 7.8 HIGH
cisco jabber_extensible_communications_platform Cisco Jabber Extensible Communications Platform (aka Jabber XCP) 2.x through 5.4.x before 5.4.0.27581 and 5.8.x before 5.8.1.27561 does not properly detect recursion during entity expansion, which al… CWE-399
リソース管理の問題 		CVE-2011-3287 2012-05-14 13:00 2011-10-6 表示 GitHub Exploit DB Packet Storm
256667 7.5 HIGH
aspindir xweblog SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the tarih parameter. CWE-89
SQLインジェクション 		CVE-2010-4856 2012-05-14 13:00 2011-10-5 表示 GitHub Exploit DB Packet Storm
256668 7.5 HIGH
hinnendahl kontakt_formular PHP remote file inclusion vulnerability in formmailer.php in Kontakt Formular 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter. CWE-94
コード・インジェクション 		CVE-2010-4878 2012-05-14 13:00 2011-10-7 表示 GitHub Exploit DB Packet Storm
256669 7.5 HIGH
digitaljunkies dompdf PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the input_file parameter. CWE-94
コード・インジェクション 		CVE-2010-4879 2012-05-14 13:00 2011-10-7 表示 GitHub Exploit DB Packet Storm
256670 4.3 MEDIUM
peter_proell xing Cross-site scripting (XSS) vulnerability in the XING Button (xing) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-4885 2012-05-14 13:00 2011-10-7 表示 GitHub Exploit DB Packet Storm
256671 4.3 MEDIUM
peter_proell tweetbutton Cross-site scripting (XSS) vulnerability in the "official twitter tweet button for your page" (tweetbutton) extension before 1.0.5 for TYPO3 allows remote attackers to inject arbitrary web script or … CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-4886 2012-05-14 13:00 2011-10-7 表示 GitHub Exploit DB Packet Storm
256672 7.5 HIGH
raphael_zschorsch commentsbe SQL injection vulnerability in the Commenting system Backend Module (commentsbe) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vector… CWE-89
SQLインジェクション 		CVE-2010-4887 2012-05-14 13:00 2011-10-7 表示 GitHub Exploit DB Packet Storm
256673 7.5 HIGH
marco_hezel hm_tinymarket SQL injection vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. CWE-89
SQLインジェクション 		CVE-2010-4888 2012-05-14 13:00 2011-10-7 表示 GitHub Exploit DB Packet Storm
256674 10.0 HIGH
marco_hezel hm_tinymarket Unspecified vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors. NVD-CWE-noinfo
CVE-2010-4889 2012-05-14 13:00 2011-10-7 表示 GitHub Exploit DB Packet Storm
256675 4.3 MEDIUM
andreas_kiefer ke_yac Cross-site scripting (XSS) vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-4890 2012-05-14 13:00 2011-10-7 表示 GitHub Exploit DB Packet Storm
256676 7.5 HIGH
andreas_kiefer ke_yac SQL injection vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. CWE-89
SQLインジェクション 		CVE-2010-4891 2012-05-14 13:00 2011-10-7 表示 GitHub Exploit DB Packet Storm
256677 4.3 MEDIUM
alex_kellner powermail Cross-site scripting (XSS) vulnerability in the powermail extension before 1.5.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-4892 2012-05-14 13:00 2011-10-7 表示 GitHub Exploit DB Packet Storm
256678 7.5 HIGH
gantry-framework com_gantry SQL injection vulnerability in the Gantry (com_gantry) component 3.0.10 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter to index.php. CWE-89
SQLインジェクション 		CVE-2010-4898 2012-05-14 13:00 2011-10-8 表示 GitHub Exploit DB Packet Storm
256679 7.5 HIGH
simon_philips com_aardvertiser SQL injection vulnerability in the Aardvertiser (com_aardvertiser) component 2.1 and 2.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_name parameter in a view a… CWE-89
SQLインジェクション 		CVE-2010-4904 2012-05-14 13:00 2011-10-8 表示 GitHub Exploit DB Packet Storm
256680 7.5 HIGH
softbizscripts article_directory_script SQL injection vulnerability in article_details.php in Softbiz Article Directory Script allows remote attackers to execute arbitrary SQL commands via the sbiz_id parameter. CWE-89
SQLインジェクション 		CVE-2010-4905 2012-05-14 13:00 2011-10-8 表示 GitHub Exploit DB Packet Storm
256681 7.5 HIGH
joostina-cms com_ezautos SQL injection vulnerability in the Joostina (com_ezautos) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the firstCode parameter in a helpers action to index.php. CWE-89
SQLインジェクション 		CVE-2010-4929 2012-05-14 13:00 2011-10-9 表示 GitHub Exploit DB Packet Storm
256682 4.3 MEDIUM
khader_abbeb entrans Cross-site scripting (XSS) vulnerability in search.php in Entrans before 0.3.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-4932 2012-05-14 13:00 2011-10-9 表示 GitHub Exploit DB Packet Storm
256683 7.5 HIGH
svcreation get_tube SQL injection vulnerability in video.php in Get Tube 4.51 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. CWE-89
SQLインジェクション 		CVE-2010-4934 2012-05-14 13:00 2011-10-9 表示 GitHub Exploit DB Packet Storm
256684 7.5 HIGH
khader_abbeb entrans SQL injection vulnerability in poll.php in Entrans 0.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sid parameter. CWE-89
SQLインジェクション 		CVE-2010-4935 2012-05-14 13:00 2011-10-9 表示 GitHub Exploit DB Packet Storm
256685 7.5 HIGH
joomla com_weblinks SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a categories action to index.php.… CWE-89
SQLインジェクション 		CVE-2010-4938 2012-05-14 13:00 2011-10-9 表示 GitHub Exploit DB Packet Storm
256686 7.5 HIGH
scripts.bdr130 mailform PHP remote file inclusion vulnerability in index.php in MailForm 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the theme parameter. CWE-94
コード・インジェクション 		CVE-2010-4939 2012-05-14 13:00 2011-10-9 表示 GitHub Exploit DB Packet Storm
256687 7.5 HIGH
brothersoft saurus_cms Multiple PHP remote file inclusion vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to execute arbitrary PHP code via a URL in the class_path parameter to (1) file.php or (2) com_del.php. CWE-94
コード・インジェクション 		CVE-2010-4943 2012-05-14 13:00 2011-10-9 表示 GitHub Exploit DB Packet Storm
256688 7.5 HIGH
allpcscript allpc SQL injection vulnerability in product_info.php in ALLPC 2.5 allows remote attackers to execute arbitrary SQL commands via the products_id parameter. CWE-89
SQLインジェクション 		CVE-2010-4946 2012-05-14 13:00 2011-10-9 表示 GitHub Exploit DB Packet Storm
256689 4.3 MEDIUM
allpcscript allpc Cross-site scripting (XSS) vulnerability in advanced_search_result.php in ALLPC 2.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-4947 2012-05-14 13:00 2011-10-9 表示 GitHub Exploit DB Packet Storm
256690 7.5 HIGH
phpgalleryscript php_free_photo_gallery PHP remote file inclusion vulnerability in libs/adodb/adodb.inc.php in PHP Free Photo Gallery script allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. CWE-94
コード・インジェクション 		CVE-2010-4948 2012-05-14 13:00 2011-10-9 表示 GitHub Exploit DB Packet Storm
256691 7.5 HIGH
joachim_ruhs event SQL injection vulnerability in the Event (event) extension before 0.3.7 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. CWE-89
SQLインジェクション 		CVE-2010-4950 2012-05-14 13:00 2011-10-9 表示 GitHub Exploit DB Packet Storm
256692 4.3 MEDIUM
thomas_mammitzsch vx_xajax_shoutbox Cross-site scripting (XSS) vulnerability in the xaJax Shoutbox (vx_xajax_shoutbox) extension before 1.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vect… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-4951 2012-05-14 13:00 2011-10-9 表示 GitHub Exploit DB Packet Storm
256693 9.0 HIGH
dlink dcs-2121_firmware
dcs-2121 		recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a "semicolon inject… CWE-94
コード・インジェクション 		CVE-2010-4964 2012-05-14 13:00 2011-10-17 表示 GitHub Exploit DB Packet Storm
256694 9.0 HIGH
dlink dcs-2121_firmware
dcs-2121 		/etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by… CWE-255
証明書・パスワード管理 		CVE-2010-4965 2012-05-14 13:00 2011-10-17 表示 GitHub Exploit DB Packet Storm
256695 4.3 MEDIUM
atcom netvolution Cross-site scripting (XSS) vulnerability in default.asp in ATCOM Netvolution allows remote attackers to inject arbitrary web script or HTML via the query parameter in a Search action. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-4966 2012-05-14 13:00 2011-10-21 表示 GitHub Exploit DB Packet Storm
256696 7.5 HIGH
atcom netvolution SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 ASP allows remote attackers to execute arbitrary SQL commands via the bpe_nid parameter. CWE-89
SQLインジェクション 		CVE-2009-5102 2012-05-14 13:00 2011-10-21 表示 GitHub Exploit DB Packet Storm
256697 4.3 MEDIUM
atcom netvolution Cross-site scripting (XSS) vulnerability in ATCOM Netvolution 1.0 ASP allows remote attackers to inject arbitrary web script or HTML via the email variable. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-5103 2012-05-14 13:00 2011-10-21 表示 GitHub Exploit DB Packet Storm
256698 8.5 HIGH
sun opensolaris
sunos 		The labeled networking implementation in Solaris Trusted Extensions in Sun Solaris 10 and OpenSolaris snv_39 through snv_67, when a labeled zone is in the installed state, allows remote authenticated… CWE-264
認可・権限・アクセス制御 		CVE-2008-7300 2012-05-14 13:00 2011-10-5 表示 GitHub Exploit DB Packet Storm
256699 4.3 MEDIUM
gnome empathy Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers … CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-4170 2012-05-13 13:00 2011-10-23 表示 GitHub Exploit DB Packet Storm
256700 5.8 MEDIUM
nathanielkh limit_my_call The Limit My Call (com.limited.call.view) application 2.11 for Android does not properly protect data, which allows remote attackers to read or modify call logs and a contact list via a crafted appli… CWE-264
認可・権限・アクセス制御 		CVE-2011-4703 2012-05-13 13:00 2012-01-25 表示 GitHub Exploit DB Packet Storm