NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年9月22日20:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
256751	5.0	MEDIUM	insoshi	insoshi	Insoshi before 20080920 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the ForumPost user_id value via a modified URL, r…	CWE-255 証明書・パスワード管理	CVE-2008-7309	2012-04-12 13:00	2012-04-5	表示	GitHub Exploit DB Packet Storm

256752	5.0	MEDIUM	spreecommerce	spree	The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographi…	CWE-255 証明書・パスワード管理	CVE-2008-7311	2012-04-12 13:00	2012-04-5	表示	GitHub Exploit DB Packet Storm

256753	4.3	MEDIUM	dotnetnuke	dotnetnuke	Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x through 6.0.2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted URL containing text that is used wi…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-1030	2012-04-11 19:39	2012-04-11	表示	GitHub Exploit DB Packet Storm

256754	4.3	MEDIUM	dotnetnuke	dotnetnuke	Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke before 5.6.4 and 6.x before 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a message.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-1036	2012-04-11 19:39	2012-04-11	表示	GitHub Exploit DB Packet Storm

256755	10.0	HIGH	toshibatec	e-studio-167_with_network_printer_kit_firmware e-studio-181_with_network_printer_kit_firmware e-studio-182_with_network_printer_kit_firmware e-studio-207_with_network_printer_kit_firmware	The TopAccess web-based management interface on TOSHIBA TEC e-Studio multi-function peripheral (MFP) devices with firmware 30x through 302, 35x through 354, and 4xx through 421 allows remote attacker…	CWE-264 認可・権限・アクセス制御	CVE-2012-1239	2012-04-9 13:00	2012-04-7	表示	GitHub Exploit DB Packet Storm

256756	7.8	HIGH	cisco	video_surveillance_2421 video_surveillance_2500 video_surveillance_software video_surveillance_2600	Cisco Video Surveillance 2421 and 2500 series cameras with software 1.1.x and 2.x before 2.4.0 and Video Surveillance 2600 series cameras with software before 4.2.0-13 allow remote attackers to cause…	CWE-399 リソース管理の問題	CVE-2011-3318	2012-04-6 13:00	2011-10-28	表示	GitHub Exploit DB Packet Storm

256757	9.3	HIGH	cisco	webex_recording_format_player	Buffer overflow in the WRF parsing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a craf…	CWE-119 バッファエラー	CVE-2011-3319	2012-04-6 13:00	2011-10-28	表示	GitHub Exploit DB Packet Storm

256758	9.3	HIGH	cisco	webex_recording_format_player	Buffer overflow in the ATAS32 processing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via …	CWE-119 バッファエラー	CVE-2011-4004	2012-04-6 13:00	2011-10-28	表示	GitHub Exploit DB Packet Storm

256759	4.3	MEDIUM	openssl	openssl	OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use o…	CWE-310 暗号の問題	CVE-2008-7270	2012-04-6 12:07	2010-12-7	表示	GitHub Exploit DB Packet Storm

256760	5.0	MEDIUM	redmine	redmine	Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) Iss…	CWE-255 証明書・パスワード管理	CVE-2012-2054	2012-04-5 23:55	2012-04-5	表示	GitHub Exploit DB Packet Storm

256761	5.0	MEDIUM	spreecommerce	spree	Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the Order state value and bypass the intended payment step vi…	CWE-255 証明書・パスワード管理	CVE-2008-7310	2012-04-5 22:25	2012-04-5	表示	GitHub Exploit DB Packet Storm

256762	4.3	MEDIUM	privawall	privawall_antivirus	The scanner engine in PrivaWall Antivirus 5.6 and earlier does not recognize the Office XML (aka Open Document XML) file format, which allows remote attackers to bypass malware detection via a crafte…	CWE-264 認可・権限・アクセス制御	CVE-2012-1907	2012-04-5 13:00	2012-03-28	表示	GitHub Exploit DB Packet Storm

256763	5.0	MEDIUM	rockwellautomation	factorytalk rslogix_5000	The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 does not properly handle the return value from an unspeci…	CWE-20 不適切な入力確認	CVE-2012-0221	2012-04-3 13:00	2012-04-3	表示	GitHub Exploit DB Packet Storm

256764	5.0	MEDIUM	rockwellautomation	factorytalk rslogix_5000	The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 allows remote attackers to cause a denial of service (out…	CWE-119 バッファエラー	CVE-2012-0222	2012-04-3 13:00	2012-04-3	表示	GitHub Exploit DB Packet Storm

256765	9.3	HIGH	arcinfo	frontvue pcvue plantvue	An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code by using a crafted HTML document to …	NVD-CWE-noinfo	CVE-2011-4042	2012-04-3 13:00	2012-04-3	表示	GitHub Exploit DB Packet Storm

256766	9.3	HIGH	arcinfo	frontvue pcvue plantvue	Integer overflow in an unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code via a large valu…	CWE-189 数値処理の問題	CVE-2011-4043	2012-04-3 13:00	2012-04-3	表示	GitHub Exploit DB Packet Storm

256767	5.8	MEDIUM	arcinfo	frontvue pcvue plantvue	An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods.	NVD-CWE-noinfo	CVE-2011-4044	2012-04-3 13:00	2012-04-3	表示	GitHub Exploit DB Packet Storm

256768	4.3	MEDIUM	arcinfo	frontvue pcvue plantvue	Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to cause a denial of service via a crafted …	CWE-119 バッファエラー	CVE-2011-4045	2012-04-3 13:00	2012-04-3	表示	GitHub Exploit DB Packet Storm

256769	6.8	MEDIUM	craig_peterson scadatec	turbopower_abbrevia modbustagserver scadaphone	Buffer overflow in TurboPower Abbrevia before 4.0, as used in ScadaTEC ScadaPhone 5.3.11.1230 and earlier, ScadaTEC ModbusTagServer 4.1.1.81 and earlier, and other products, allows remote attackers t…	CWE-119 バッファエラー	CVE-2011-4535	2012-04-3 13:00	2012-04-3	表示	GitHub Exploit DB Packet Storm

256770	6.8	MEDIUM	apple	mac_os_x mac_os_x_server iphone_os	Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a …	CWE-189 数値処理の問題	CVE-2011-1417	2012-03-30 13:00	2011-03-12	表示	GitHub Exploit DB Packet Storm

256771	4.3	MEDIUM	apple	iphone_os	Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element.	CWE-20 不適切な入力確認	CVE-2010-1181	2012-03-30 13:00	2010-03-30	表示	GitHub Exploit DB Packet Storm

256772	4.6	MEDIUM	emc	networker	EMC NetWorker (formerly Legato NetWorker) before 7.0 stores log files in the /nsr/logs/ directory with world-readable permissions, which allows local users to read sensitive information and possibly …	NVD-CWE-Other	CVE-2002-0113	2012-03-30 10:14	2002-03-25	表示	GitHub Exploit DB Packet Storm

256773	4.6	MEDIUM	emc	networker	EMC NetWorker (formerly Legato NetWorker) before 7.0 stores passwords in plaintext in the daemon.log file, which allows local users to gain privileges by reading the password from the file. NOTE: th…	NVD-CWE-Other	CVE-2002-0114	2012-03-30 10:14	2002-03-25	表示	GitHub Exploit DB Packet Storm

256774	4.3	MEDIUM	comodo sophos	comodo_antivirus sophos_anti-virus	The Microsoft Office file parser in Comodo Antivirus 7425 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via an Office file with a ustar character sequence at a cert…	CWE-264 認可・権限・アクセス制御	CVE-2012-1438	2012-03-27 13:00	2012-03-21	表示	GitHub Exploit DB Packet Storm

256775	4.3	MEDIUM	aladdin authentium bitdefender comodo f-prot f-secure mcafee nprotect rising-global sophos	esafe command_antivirus bitdefender comodo_antivirus f-prot_antivirus f-secure_anti-virus gateway nprotect_antivirus rising_antivirus sophos_anti-virus	The ELF file parser in Bitdefender 7.2, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Gateway (formerly Webwas…	CWE-264 認可・権限・アクセス制御	CVE-2012-1431	2012-03-27 13:00	2012-03-21	表示	GitHub Exploit DB Packet Storm

256776	4.3	MEDIUM	ahnlab aladdin emsisoft ikarus pandasecurity	v3_internet_security esafe anti-malware ikarus_virus_utilities_t3_command_line_scanner panda_antivirus	The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus…	CWE-264 認可・権限・アクセス制御	CVE-2012-1433	2012-03-21 19:11	2012-03-21	表示	GitHub Exploit DB Packet Storm

256777	4.3	MEDIUM	aladdin ca fortinet norman pandasecurity	esafe etrust_vet_antivirus fortinet_antivirus norman_antivirus_\&_antispyware panda_antivirus	The ELF file parser in Norman Antivirus 6.06.12, eSafe 7.0.17.0, CA eTrust Vet Antivirus 36.1.8511, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malwar…	CWE-264 認可・権限・アクセス制御	CVE-2012-1440	2012-03-21 19:11	2012-03-21	表示	GitHub Exploit DB Packet Storm

256778	4.3	MEDIUM	ahnlab aladdin emsisoft ikarus pandasecurity	v3_internet_security esafe anti-malware ikarus_virus_utilities_t3_command_line_scanner panda_antivirus	The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus…	CWE-264 認可・権限・アクセス制御	CVE-2012-1435	2012-03-21 19:11	2012-03-21	表示	GitHub Exploit DB Packet Storm

256779	5.0	MEDIUM	easyvista	easyvista	The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account parameter, in conjunction with a valid login name i…	CWE-287 不適切な認証	CVE-2012-1256	2012-03-21 12:54	2012-02-22	表示	GitHub Exploit DB Packet Storm

256780	10.0	HIGH	adobe	shockwave_player	The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a dif…	CWE-119 バッファエラー	CVE-2012-0764	2012-03-21 12:53	2012-02-15	表示	GitHub Exploit DB Packet Storm

256781	7.5	HIGH	dotclear	dotclear	Unrestricted file upload vulnerability in inc/swf/swfupload.swf in Dotclear 2.3.1 and 2.4.2 allows remote attackers to execute arbitrary code by uploading a file with an executable PHP extension, the…	CWE-264 認可・権限・アクセス制御	CVE-2011-5083	2012-03-20 22:17	2012-03-20	表示	GitHub Exploit DB Packet Storm

256782	4.3	MEDIUM	osqa	osqa	Multiple cross-site scripting (XSS) vulnerabilities in questions/ask in OSQA 3b allow remote attackers to inject arbitrary web script or HTML via the (1) url bar or (2) picture bar.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-1782	2012-03-20 13:00	2012-03-20	表示	GitHub Exploit DB Packet Storm

256783	7.5	HIGH	ibm	tivoli_directory_server	Heap-based buffer overflow in ibmdiradm in IBM Tivoli Directory Server (TDS) 6.0 on Linux allows remote attackers to have an unspecified impact via unknown vectors that trigger heap corruption, as de…	CWE-119 バッファエラー	CVE-2009-3088	2012-03-20 13:00	2009-09-9	表示	GitHub Exploit DB Packet Storm

256784	5.0	MEDIUM	ibm	tivoli_directory_server	Unspecified vulnerability in IBM Tivoli Directory Server (TDS) 6.0 on Linux allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain module in VulnDisco …	NVD-CWE-noinfo	CVE-2009-3090	2012-03-20 13:00	2009-09-9	表示	GitHub Exploit DB Packet Storm

256785	5.0	MEDIUM	bitweaver	bitweaver	Directory traversal vulnerability in wiki/rankings.php in Bitweaver 2.7 and 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the style parameter.	CWE-22 パス・トラバーサル	CVE-2010-5086	2012-03-20 08:19	2012-03-20	表示	GitHub Exploit DB Packet Storm

256786	2.1	LOW	linux	linux_kernel	The tpm_read function in the Linux kernel 2.6 does not properly clear memory, which might allow local users to read the results of the previous TPM command.	CWE-200 情報漏えい	CVE-2011-1162	2012-03-19 13:00	2012-01-28	表示	GitHub Exploit DB Packet Storm

256787	10.0	HIGH	adobe	flash_media_server flash_media_server_2	Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, allows attackers to execute arbitrary code via unspecified vectors, related to a "JS method vulnerability."	CWE-94 コード・インジェクション	CVE-2010-2217	2012-03-19 13:00	2010-08-12	表示	GitHub Exploit DB Packet Storm

256788	5.0	MEDIUM	adobe	flash_media_server flash_media_server_2	Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, allows attackers to cause a denial of service via unspecified vectors, related to a "JS method issue."	NVD-CWE-noinfo	CVE-2010-2218	2012-03-19 13:00	2010-08-12	表示	GitHub Exploit DB Packet Storm

256789	5.0	MEDIUM	adobe	flash_media_server flash_media_server_2	Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, allows attackers to cause a denial of service (memory consumption) via unknown vectors.	CWE-399 リソース管理の問題	CVE-2010-2219	2012-03-19 13:00	2010-08-12	表示	GitHub Exploit DB Packet Storm

256790	5.0	MEDIUM	adobe	flash_media_server flash_media_server_2	Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, allows attackers to cause a denial of service via unspecified vectors, related to an "input validation issue."	NVD-CWE-noinfo	CVE-2010-2220	2012-03-19 13:00	2010-08-12	表示	GitHub Exploit DB Packet Storm

256791	3.6	LOW	linux	linux_kernel	The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle …	CWE-264 認可・権限・アクセス制御	CVE-2009-0835	2012-03-19 13:00	2009-03-6	表示	GitHub Exploit DB Packet Storm

256792	4.9	MEDIUM	linux	linux_kernel	Buffer overflow in the perf_copy_attr function in kernel/perf_counter.c in the Linux kernel 2.6.31-rc1 allows local users to cause a denial of service (crash) and execute arbitrary code via a "big si…	CWE-119 バッファエラー	CVE-2009-3234	2012-03-19 13:00	2009-09-17	表示	GitHub Exploit DB Packet Storm

256793	4.9	MEDIUM	linux	linux_kernel	Unspecified vulnerability in the EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel 2.6.32-git6 and earlier allows local users to cause a denial of s…	NVD-CWE-noinfo	CVE-2009-4306	2012-03-19 13:00	2009-12-13	表示	GitHub Exploit DB Packet Storm

256794	4.9	MEDIUM	linux	linux_kernel	The fuse_ioctl_copy_user function in the ioctl handler in fs/fuse/file.c in the Linux kernel 2.6.29-rc1 through 2.6.30.y uses the wrong variable in an argument to the kunmap function, which allows lo…	NVD-CWE-Other	CVE-2009-4410	2012-03-19 13:00	2009-12-25	表示	GitHub Exploit DB Packet Storm

256795	4.7	MEDIUM	linux	linux_kernel	The nfs_lock function in fs/nfs/file.c in the Linux kernel 2.6.9 does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a de…	CWE-399 リソース管理の問題	CVE-2007-6733	2012-03-19 13:00	2010-03-17	表示	GitHub Exploit DB Packet Storm

256796	9.3	HIGH	invensys	wonderware_inbatch	Buffer overflow in the InBatch BatchField ActiveX control for Invensys Wonderware InBatch 8.1 SP1, 9.0, and 9.0 SP1 allows remote attackers to cause a denial of service (crash) and possibly execute a…	CWE-119 バッファエラー	CVE-2011-3141	2012-03-16 13:00	2011-08-17	表示	GitHub Exploit DB Packet Storm

256797	9.3	HIGH	invensys	wonderware_inbatch	Per: http://iom.invensys.com/EN/pdfLibrary/Final.Tech.Alert.141.pdf 'This vulnerability, if exploited, could cause the hosting application (container) to shutdown. In pre-9.0 versions of InBatch i…	CWE-119 バッファエラー	CVE-2011-3141	2012-03-16 13:00	2011-08-17	表示	GitHub Exploit DB Packet Storm

256798	10.0	HIGH	wellintech	kingview	Stack-based buffer overflow in an ActiveX control in KVWebSvr.dll in WellinTech KingView 6.52 and 6.53 allows remote attackers to execute arbitrary code via a long second argument to the ValidateUser…	CWE-119 バッファエラー	CVE-2011-3142	2012-03-16 13:00	2011-08-17	表示	GitHub Exploit DB Packet Storm

256799	7.5	HIGH	emc	documentum_eroom	EMC Documentum eRoom before 7.4.4 does not properly validate session cookies, which allows remote attackers to hijack or replay sessions via unspecified vectors.	CWE-264 認可・権限・アクセス制御	CVE-2012-0398	2012-03-15 13:00	2012-03-15	表示	GitHub Exploit DB Packet Storm

256800	4.3	MEDIUM	emc	documentum_eroom	Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom before 7.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-0404	2012-03-15 13:00	2012-03-15	表示	GitHub Exploit DB Packet Storm