NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年9月22日16:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
256851	5.0	MEDIUM	ganglia	ganglia	Ganglia 3.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by host_view.php an…	CWE-200 情報漏えい	CVE-2011-3741	2012-03-12 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256852	5.0	MEDIUM	helpcenterlive	helpcenter_live	HelpCenter Live 2.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/…	CWE-200 情報漏えい	CVE-2011-3742	2012-03-12 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256853	5.0	MEDIUM	hesk	hesk	Hesk 2.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/footer.inc.php an…	CWE-200 情報漏えい	CVE-2011-3743	2012-03-12 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256854	5.0	MEDIUM	htmlpurifier	html_purifier	HTML Purifier 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/PHPT…	CWE-200 情報漏えい	CVE-2011-3744	2012-03-12 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256855	5.0	MEDIUM	hycus	hycus_cms	HycusCMS 1.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/hycus…	CWE-200 情報漏えい	CVE-2011-3745	2012-03-12 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256856	5.0	MEDIUM	jcow	jcow	Jcow 4.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/default/page…	CWE-200 情報漏えい	CVE-2011-3746	2012-03-12 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256857	5.0	MEDIUM	joomla	joomla\!	Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmai…	CWE-200 情報漏えい	CVE-2011-3747	2012-03-12 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256858	5.0	MEDIUM	kamads_classifieds	2_b3	Kamads Classifieds 2_B3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by V2A_XH…	CWE-200 情報漏えい	CVE-2011-3748	2012-03-12 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256859	5.0	MEDIUM	maptools	ka-map	ka-Map 1.0-20070205 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by test.php a…	CWE-200 情報漏えい	CVE-2011-3749	2012-03-12 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256860	5.0	MEDIUM	kplaylist	kplaylist	kPlaylist 1.8.502 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by getid3/getid…	CWE-200 情報漏えい	CVE-2011-3750	2012-03-12 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256861	5.0	MEDIUM	lifetype	lifetype	LifeType 1.2.10 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/badbeh…	CWE-200 情報漏えい	CVE-2011-3751	2012-03-12 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256862	5.0	MEDIUM	limesurvey	limesurvey	LimeSurvey 1.90+ build9642-20101214 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrat…	CWE-200 情報漏えい	CVE-2011-3752	2012-03-12 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256863	5.0	MEDIUM	linpha	linpha	LinPHA 1.3.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by viewer.php and ce…	CWE-200 情報漏えい	CVE-2011-3753	2012-03-12 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256864	5.0	MEDIUM	mambo-foundation	mambo	Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php a…	CWE-200 情報漏えい	CVE-2011-3754	2012-03-12 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256865	5.0	MEDIUM	microblog	microblog	MicroBlog 0.9.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by init.php and c…	CWE-200 情報漏えい	CVE-2011-3756	2012-03-12 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256866	5.0	MEDIUM	moodle	moodle	Moodle 2.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by webservice/xmlrpc…	CWE-200 情報漏えい	CVE-2011-3757	2012-03-12 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256867	5.0	MEDIUM	moundlabs	\	::mound:: 2.1.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/smarty/lib…	CWE-200 情報漏えい	CVE-2011-3758	2012-03-12 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256868	5.0	MEDIUM	mybb	mybb	MyBB (aka MyBulletinBoard) 1.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by…	CWE-200 情報漏えい	CVE-2011-3759	2012-03-12 13:00	2011-09-24	表示	GitHub Exploit DB Packet Storm

256869	7.5	HIGH	cisco linksys	linksys_wrt54g_router_firmware wrt54g linksys_wrt54gs_router_firmware wrt54gs	The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before …	CWE-16 環境設定	CVE-2011-4499	2012-03-9 14:00	2011-11-22	表示	GitHub Exploit DB Packet Storm

256870	9.3	HIGH	schneider-electric	vijeo_historian citecthistorian citectscada_reports	Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allo…	CWE-119 バッファエラー	CVE-2011-4034	2012-03-8 14:00	2011-12-2	表示	GitHub Exploit DB Packet Storm

256871	10.0	HIGH	realnetworks	realplayer	Heap-based buffer overflow in the RealVideo renderer in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors.	CWE-119 バッファエラー	CVE-2011-4244	2012-03-8 14:00	2011-11-24	表示	GitHub Exploit DB Packet Storm

256872	10.0	HIGH	realnetworks	realplayer	The RealVideo renderer in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption…	CWE-119 バッファエラー	CVE-2011-4245	2012-03-8 14:00	2011-11-24	表示	GitHub Exploit DB Packet Storm

256873	9.3	HIGH	realnetworks	realplayer	RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted QCELP stream.	CWE-94 コード・インジェクション	CVE-2011-4247	2012-03-8 14:00	2011-11-24	表示	GitHub Exploit DB Packet Storm

256874	9.3	HIGH	realnetworks	realplayer	RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed AAC file.	CWE-94 コード・インジェクション	CVE-2011-4248	2012-03-8 14:00	2011-11-24	表示	GitHub Exploit DB Packet Storm

256875	10.0	HIGH	realnetworks	realplayer	Array index error in the RV30 codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors.	CWE-20 不適切な入力確認	CVE-2011-4249	2012-03-8 14:00	2011-11-24	表示	GitHub Exploit DB Packet Storm

256876	10.0	HIGH	realnetworks	realplayer	Unspecified vulnerability in the ATRC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors.	NVD-CWE-noinfo	CVE-2011-4250	2012-03-8 14:00	2011-11-24	表示	GitHub Exploit DB Packet Storm

256877	9.3	HIGH	realnetworks	realplayer	RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted sample size in a RealAudio file.	CWE-94 コード・インジェクション	CVE-2011-4251	2012-03-8 14:00	2011-11-24	表示	GitHub Exploit DB Packet Storm

256878	9.3	HIGH	realnetworks	realplayer	The RV10 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via a crafted sample height.	CWE-94 コード・インジェクション	CVE-2011-4252	2012-03-8 14:00	2011-11-24	表示	GitHub Exploit DB Packet Storm

256879	10.0	HIGH	realnetworks	realplayer	Unspecified vulnerability in the RV20 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors.	NVD-CWE-noinfo	CVE-2011-4253	2012-03-8 14:00	2011-11-24	表示	GitHub Exploit DB Packet Storm

256880	10.0	HIGH	realnetworks	realplayer	RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted RTSP SETUP request.	CWE-94 コード・インジェクション	CVE-2011-4254	2012-03-8 14:00	2011-11-24	表示	GitHub Exploit DB Packet Storm

256881	10.0	HIGH	realnetworks	realplayer	Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via an invalid codec name.	NVD-CWE-noinfo	CVE-2011-4255	2012-03-8 14:00	2011-11-24	表示	GitHub Exploit DB Packet Storm

256882	10.0	HIGH	realnetworks	realplayer	The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 does not initialize an unspecified index value, which allows remote attackers to execute arbitrary code v…	CWE-94 コード・インジェクション	CVE-2011-4256	2012-03-8 14:00	2011-11-24	表示	GitHub Exploit DB Packet Storm

256883	9.3	HIGH	realnetworks	realplayer	The Cook codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via crafted channel data.	CWE-94 コード・インジェクション	CVE-2011-4257	2012-03-8 14:00	2011-11-24	表示	GitHub Exploit DB Packet Storm

256884	9.3	HIGH	realnetworks	realplayer	RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted length of an MLTI chunk in an IVR file.	CWE-94 コード・インジェクション	CVE-2011-4258	2012-03-8 14:00	2011-11-24	表示	GitHub Exploit DB Packet Storm

256885	9.3	HIGH	realnetworks	realplayer	Integer underflow in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted width value in an MPG file.	CWE-189 数値処理の問題	CVE-2011-4259	2012-03-8 14:00	2011-11-24	表示	GitHub Exploit DB Packet Storm

256886	9.3	HIGH	realnetworks	realplayer	RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed header in an MP4 file.	CWE-94 コード・インジェクション	CVE-2011-4260	2012-03-8 14:00	2011-11-24	表示	GitHub Exploit DB Packet Storm

256887	9.3	HIGH	realnetworks	realplayer	RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted video dimensions in an MP4 file.	CWE-119 バッファエラー	CVE-2011-4261	2012-03-8 14:00	2011-11-24	表示	GitHub Exploit DB Packet Storm

256888	9.3	HIGH	realnetworks	realplayer	Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted MP4 file.	NVD-CWE-noinfo	CVE-2011-4262	2012-03-8 14:00	2011-11-24	表示	GitHub Exploit DB Packet Storm

256889	7.5	HIGH	genmei_mori zyxel	pseudoics p-330w_router	The UPnP IGD implementation in the Pseudo ICS UPnP software on the ZyXEL P-330W allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request …	CWE-16 環境設定	CVE-2011-4504	2012-03-8 14:00	2011-11-22	表示	GitHub Exploit DB Packet Storm

256890	7.5	HIGH	alcatel	speedtouch_5x6_router_firmware speedtouch_5x6_router	The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware before 6.2.29 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP reques…	CWE-16 環境設定	CVE-2011-4505	2012-03-8 14:00	2011-11-22	表示	GitHub Exploit DB Packet Storm

256891	7.5	HIGH	technicolor	tg585_router_firmware tg585_router	The UPnP IGD implementation on the Thomson (aka Technicolor) TG585 with firmware 7.x before 7.4.3.2 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping actio…	CWE-16 環境設定	CVE-2011-4506	2012-03-8 14:00	2011-11-22	表示	GitHub Exploit DB Packet Storm

256892	4.3	MEDIUM	opera	opera_browser	The Cascading Style Sheets (CSS) implementation in Opera 10.5 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages…	CWE-200 情報漏えい	CVE-2010-5068	2012-03-8 14:00	2011-12-8	表示	GitHub Exploit DB Packet Storm

256893	5.0	MEDIUM	mozilla	firefox thunderbird seamonkey	The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly restrict the set of values contained in the object returned by the getC…	CWE-264 認可・権限・アクセス制御	CVE-2002-2437	2012-03-8 14:00	2011-12-8	表示	GitHub Exploit DB Packet Storm

256894	10.0	HIGH	netease	neteaseweibo	Unspecified vulnerability in the NetEaseWeibo (com.netease.wb) application 1.2.1 and 1.2.2 for Android has unknown impact and attack vectors.	NVD-CWE-noinfo	CVE-2012-1380	2012-03-7 20:55	2012-03-7	表示	GitHub Exploit DB Packet Storm

256895	10.0	HIGH	netease	netease_cloudalbum	Unspecified vulnerability in the NetEase CloudAlbum (com.netease.cloudalbum) application 2.0.0 and 2.2.0 for Android has unknown impact and attack vectors.	NVD-CWE-noinfo	CVE-2012-1381	2012-03-7 20:55	2012-03-7	表示	GitHub Exploit DB Packet Storm

256896	10.0	HIGH	netease	netease_reader	Unspecified vulnerability in the NetEase Reader (com.netease.pris) application 1.1.2 and 1.2.0 for Android has unknown impact and attack vectors.	NVD-CWE-noinfo	CVE-2012-1383	2012-03-7 20:55	2012-03-7	表示	GitHub Exploit DB Packet Storm

256897	10.0	HIGH	netease	netease_pmail	Unspecified vulnerability in the NetEase Pmail (com.netease.rpmms) application 0.5.0 and 0.5.2 for Android has unknown impact and attack vectors.	NVD-CWE-noinfo	CVE-2012-1384	2012-03-7 20:55	2012-03-7	表示	GitHub Exploit DB Packet Storm

256898	10.0	HIGH	netease	netease_weibohd	Unspecified vulnerability in the NetEase WeiboHD (com.netease.wbhd) application 1.0.0 for Android has unknown impact and attack vectors.	NVD-CWE-noinfo	CVE-2012-1385	2012-03-7 20:55	2012-03-7	表示	GitHub Exploit DB Packet Storm

256899	10.0	HIGH	youmail	youmail_visual_voicemail_plus	Unspecified vulnerability in the YouMail Visual Voicemail Plus (com.youmail.android.vvm) application 2.0.45 and 2.1.43 for Android has unknown impact and attack vectors.	NVD-CWE-noinfo	CVE-2012-1386	2012-03-7 20:55	2012-03-7	表示	GitHub Exploit DB Packet Storm

256900	10.0	HIGH	uangel	realtalk	Unspecified vulnerability in the RealTalk (com.tmsmanager.tms) application A.0.9.250 for Android has unknown impact and attack vectors.	NVD-CWE-noinfo	CVE-2012-1387	2012-03-7 20:55	2012-03-7	表示	GitHub Exploit DB Packet Storm