NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年9月22日12:15

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
256951	7.5	HIGH	infor	eclient enspire_distribution_management_solution	SQL injection vulnerability in eClient 7.3.2.3 in Enspire Distribution Management Solution 7.3.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.	CWE-89 SQLインジェクション	CVE-2011-1915	2012-02-29 14:00	2011-11-2	表示	GitHub Exploit DB Packet Storm

256952	9.3	HIGH	investintech	slimpdf_reader	Investintech.com SlimPDF Reader does not properly restrict read operations during block data moves, which allows remote attackers to cause a denial of service (application crash) or possibly execute …	CWE-264 認可・権限・アクセス制御	CVE-2011-4217	2012-02-29 14:00	2011-11-2	表示	GitHub Exploit DB Packet Storm

256953	4.0	MEDIUM	process-one	ejabberd	The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alpha-3 allows remote authenticated users to cause a denial of service (infinite loop) via a stanza with a publish tag that lacks a …	CWE-399 リソース管理の問題	CVE-2011-4320	2012-02-29 14:00	2012-02-18	表示	GitHub Exploit DB Packet Storm

256954	6.8	MEDIUM	typo3	typo3	PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.…	CWE-94 コード・インジェクション	CVE-2011-4614	2012-02-29 14:00	2012-02-18	表示	GitHub Exploit DB Packet Storm

256955	5.8	MEDIUM	tencent	mobileqq	The Tencent MobileQQ (com.tencent.mobileqq) application 2.2 for Android does not properly protect data, which allows remote attackers to read or modify messages and a friends list via a crafted appli…	CWE-264 認可・権限・アクセス制御	CVE-2011-4864	2012-02-29 14:00	2012-01-25	表示	GitHub Exploit DB Packet Storm

256956	5.8	MEDIUM	tencent	microblogpad wblog	The Tencent WBlog (com.tencent.WBlog) 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search key…	CWE-264 認可・権限・アクセス制御	CVE-2011-4865	2012-02-29 14:00	2012-01-25	表示	GitHub Exploit DB Packet Storm

256957	5.8	MEDIUM	netcreators	irfaq	Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing a…	CWE-20 不適切な入力確認	CVE-2011-5079	2012-02-29 14:00	2012-02-15	表示	GitHub Exploit DB Packet Storm

256958	10.0	HIGH	utc	utc_fire_\&_security_ge-mc100-ntp\/gps-zb_master_clock_device	The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses hardcoded credentials for an administrative account, which makes it easier for remote attackers to obtain access via an HTTP sessi…	CWE-255 証明書・パスワード管理	CVE-2012-1288	2012-02-27 14:00	2012-02-23	表示	GitHub Exploit DB Packet Storm

256959	5.0	MEDIUM	sap	netweaver	Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vector…	NVD-CWE-noinfo	CVE-2012-1292	2012-02-27 14:00	2012-02-24	表示	GitHub Exploit DB Packet Storm

256960	10.0	HIGH	adobe	shockwave_player	The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a dif…	CWE-119 バッファエラー	CVE-2012-0766	2012-02-25 13:21	2012-02-15	表示	GitHub Exploit DB Packet Storm

256961	9.3	HIGH	realnetworks	realplayer realplayer_sp	The RV20 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle the frame size array, which allows remote attackers to ex…	CWE-94 コード・インジェクション	CVE-2012-0923	2012-02-25 13:21	2012-02-9	表示	GitHub Exploit DB Packet Storm

256962	9.3	HIGH	realnetworks	realplayer realplayer_sp	RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving a VIDOBJ_START_CODE code in …	CWE-94 コード・インジェクション	CVE-2012-0924	2012-02-25 13:21	2012-02-9	表示	GitHub Exploit DB Packet Storm

256963	9.3	HIGH	realnetworks	realplayer realplayer_sp	The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to…	CWE-94 コード・インジェクション	CVE-2012-0926	2012-02-25 13:21	2012-02-9	表示	GitHub Exploit DB Packet Storm

256964	9.3	HIGH	realnetworks	realplayer realplayer_sp	Unspecified vulnerability in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving…	NVD-CWE-noinfo CWE-94 コード・インジェクション	CVE-2012-0927	2012-02-25 13:21	2012-02-9	表示	GitHub Exploit DB Packet Storm

256965	7.5	HIGH	cyberoam	cyberoam_central_console	Directory traversal vulnerability in the WWWHELP Service (js/html/wwhelp.htm) in Cyberoam Central Console (CCC) 2.00.2 allows remote attackers to include and execute arbitrary local files via a .. (d…	CWE-22 パス・トラバーサル	CVE-2012-1047	2012-02-25 13:21	2012-02-13	表示	GitHub Exploit DB Packet Storm

256966	5.0	MEDIUM	11in1	11in1	Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/in…	CWE-22 パス・トラバーサル	CVE-2012-0996	2012-02-24 22:55	2012-02-24	表示	GitHub Exploit DB Packet Storm

256967	6.8	MEDIUM	11in1	11in1	Cross-site request forgery (CSRF) vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new to…	CWE-352 同一生成元ポリシー違反	CVE-2012-0997	2012-02-24 22:55	2012-02-24	表示	GitHub Exploit DB Packet Storm

256968	7.5	HIGH	lepton-cms	lepton	Directory traversal vulnerability in account/preferences.php in LEPTON before 1.1.4 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the language parameter.	CWE-22 パス・トラバーサル	CVE-2012-0998	2012-02-24 22:55	2012-02-24	表示	GitHub Exploit DB Packet Storm

256969	7.5	HIGH	lepton-cms	lepton	SQL injection vulnerability in modules/news/rss.php in LEPTON before 1.1.4 allows remote attackers to execute arbitrary SQL commands via the group_id parameter.	CWE-89 SQLインジェクション	CVE-2012-0999	2012-02-24 22:55	2012-02-24	表示	GitHub Exploit DB Packet Storm

256970	4.3	MEDIUM	lepton-cms	lepton	Multiple cross-site scripting (XSS) vulnerabilities in LEPTON 1.1.3 and other versions before 1.1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) message parameter to admi…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-1000	2012-02-24 22:55	2012-02-24	表示	GitHub Exploit DB Packet Storm

256971	7.5	HIGH	alanft	relocate-upload	PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin before 0.20 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath param…	CWE-94 コード・インジェクション	CVE-2012-1205	2012-02-24 22:55	2012-02-24	表示	GitHub Exploit DB Packet Storm

256972	4.3	MEDIUM	fork-cms	fork_cms	Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-1208	2012-02-24 22:55	2012-02-24	表示	GitHub Exploit DB Packet Storm

256973	9.3	HIGH	7t	aquis	Untrusted search path vulnerability in 7-Technologies (7T) AQUIS 1.5 and earlier allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerabili…	NVD-CWE-Other	CVE-2012-0224	2012-02-24 14:00	2012-02-21	表示	GitHub Exploit DB Packet Storm

256974	9.3	HIGH	7t	aquis	Per: http://www.us-cert.gov/control_systems/pdf/ICSA-12-025-02.pdf 'This vulnerability may be exploitable from a remote machine'	NVD-CWE-Other	CVE-2012-0224	2012-02-24 14:00	2012-02-21	表示	GitHub Exploit DB Packet Storm

256975	9.3	HIGH	7t	aquis	Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'	NVD-CWE-Other	CVE-2012-0224	2012-02-24 14:00	2012-02-21	表示	GitHub Exploit DB Packet Storm

256976	4.3	MEDIUM	boonex	dolphin	Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or th…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-0873	2012-02-24 14:00	2012-02-24	表示	GitHub Exploit DB Packet Storm

256977	6.8	MEDIUM	pbboard	pbboard	Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in PBBoard 2.1.4 allow remote attackers to hijack the authentication of administrators for requests that (1) upload a file via …	CWE-352 同一生成元ポリシー違反	CVE-2012-1216	2012-02-24 14:00	2012-02-21	表示	GitHub Exploit DB Packet Storm

256978	6.8	MEDIUM	pluck-cms	pluck	Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that (1) modify the admin email address…	CWE-352 同一生成元ポリシー違反	CVE-2012-1227	2012-02-24 14:00	2012-02-21	表示	GitHub Exploit DB Packet Storm

256979	4.3	MEDIUM	sap	netweaver	Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via th…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-1290	2012-02-24 14:00	2012-02-24	表示	GitHub Exploit DB Packet Storm

256980	5.0	MEDIUM	sap	netweaver	Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecifie…	NVD-CWE-noinfo	CVE-2012-1291	2012-02-24 14:00	2012-02-24	表示	GitHub Exploit DB Packet Storm

256981	10.0	HIGH	novell	iprint	Buffer overflow in the GetDriverSettings function in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a long realm field, a different v…	CWE-119 バッファエラー	CVE-2011-4187	2012-02-24 14:00	2012-02-21	表示	GitHub Exploit DB Packet Storm

256982	6.5	MEDIUM	advantech	advantech_webaccess	SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an…	CWE-89 SQLインジェクション	CVE-2012-1234	2012-02-23 14:00	2012-02-21	表示	GitHub Exploit DB Packet Storm

256983	6.0	MEDIUM	advantech	advantech_webaccess	Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: t…	CWE-352 同一生成元ポリシー違反	CVE-2012-1235	2012-02-23 14:00	2012-02-21	表示	GitHub Exploit DB Packet Storm

256984	10.0	HIGH	advantech	adam_opc_server modbus_rtu_opc_server modbus_tcp_opc_server	Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) Server ActiveX control in ADAM OPC Server before 3.01.012, Modbus RTU OPC Server before 3.01.010, and Modbus TCP OPC Server before …	CWE-119 バッファエラー	CVE-2011-1914	2012-02-23 14:00	2012-02-21	表示	GitHub Exploit DB Packet Storm

256985	9.3	HIGH	7t	termis	Untrusted search path vulnerability in 7-Technologies (7T) TERMIS 2.10 and earlier allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerabi…	NVD-CWE-Other	CVE-2012-0223	2012-02-22 22:54	2012-02-22	表示	GitHub Exploit DB Packet Storm

256986	9.3	HIGH	7t	termis	Per: http://www.us-cert.gov/control_systems/pdf/ICSA-12-025-02A.pdf 'This vulnerability may be exploitable from a remote machine.'	NVD-CWE-Other	CVE-2012-0223	2012-02-22 22:54	2012-02-22	表示	GitHub Exploit DB Packet Storm

256987	9.3	HIGH	7t	termis	Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'	NVD-CWE-Other	CVE-2012-0223	2012-02-22 22:54	2012-02-22	表示	GitHub Exploit DB Packet Storm

256988	4.3	MEDIUM	contentlion	contentlion_alpha	Cross-site scripting (XSS) vulnerability in system/classes/login.php in ContentLion Alpha 1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-1224	2012-02-22 14:00	2012-02-21	表示	GitHub Exploit DB Packet Storm

256989	10.0	HIGH	novell	iprint	The GetPrinterURLList2 method in the ActiveX control in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) …	CWE-119 バッファエラー	CVE-2011-4185	2012-02-22 14:00	2012-02-21	表示	GitHub Exploit DB Packet Storm

256990	9.3	HIGH	novell	iprint	Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url, a…	CWE-119 バッファエラー	CVE-2011-4186	2012-02-22 14:00	2012-02-21	表示	GitHub Exploit DB Packet Storm

256991	9.3	HIGH	plotsoft	pdfill_pdf_editor	Untrusted search path vulnerability in PlotSoft PDFill PDF Editor 8.0 allows local users to gain privileges via a Trojan horse mfc70enu.dll or mfc80loc.dll in the current working directory.	NVD-CWE-Other	CVE-2011-3690	2012-02-21 14:00	2011-09-28	表示	GitHub Exploit DB Packet Storm

256992	9.3	HIGH	plotsoft	pdfill_pdf_editor	Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'	NVD-CWE-Other	CVE-2011-3690	2012-02-21 14:00	2011-09-28	表示	GitHub Exploit DB Packet Storm

256993	9.3	HIGH	ffftp	ffftp	Untrusted search path vulnerability in FFFTP before 1.98d allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, a…	NVD-CWE-Other	CVE-2011-4266	2012-02-21 14:00	2011-12-13	表示	GitHub Exploit DB Packet Storm

256994	9.3	HIGH	ffftp	ffftp	Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'	NVD-CWE-Other	CVE-2011-4266	2012-02-21 14:00	2011-12-13	表示	GitHub Exploit DB Packet Storm

256995	6.4	MEDIUM	d.j.bernstein	djbdns	The resolver in dnscache in Daniel J. Bernstein djbdns 1.05 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote a…	CWE-20 不適切な入力確認	CVE-2012-1191	2012-02-20 14:00	2012-02-18	表示	GitHub Exploit DB Packet Storm

256996	6.4	MEDIUM	unbound	unbound	The resolver in Unbound before 1.4.11 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger co…	NVD-CWE-Other	CVE-2012-1192	2012-02-20 14:00	2012-02-18	表示	GitHub Exploit DB Packet Storm

256997	6.4	MEDIUM	microsoft	windows_server_2008	The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query,…	NVD-CWE-Other	CVE-2012-1194	2012-02-20 14:00	2012-02-18	表示	GitHub Exploit DB Packet Storm

256998	7.8	HIGH	cisco	nx-os nexus_1000v nexus_5000 nexus_5010 nexus_5020 nexus_5548p nexus_5548up nexus_5596up nexus_7000 nexus_7000_10-slot nexus_7000_18-slot nexus_7000_9-slot	Cisco NX-OS 4.2.x before 4.2(1)SV1(5.1) on Nexus 1000v series switches; 4.x and 5.0.x before 5.0(2)N1(1) on Nexus 5000 series switches; and 4.2.x before 4.2.8, 5.0.x before 5.0.5, and 5.1.x before 5.…	CWE-399 リソース管理の問題	CVE-2012-0352	2012-02-17 14:00	2012-02-17	表示	GitHub Exploit DB Packet Storm

256999	10.0	HIGH	finaldraft	finaldraft	Multiple stack-based buffer overflows in Final Draft 8 before 8.02 allow remote attackers to execute arbitrary code via a .fdx or .fdxt file with long (1) Word, (2) Transition, (3) Location, (4) Exte…	CWE-119 バッファエラー	CVE-2011-5002	2012-02-17 13:10	2011-12-25	表示	GitHub Exploit DB Packet Storm

257000	6.0	MEDIUM	fabrikar	com_fabrikar	Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbit…	NVD-CWE-Other	CVE-2011-5004	2012-02-17 13:10	2011-12-25	表示	GitHub Exploit DB Packet Storm