NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年9月22日5:16

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
257101	5.0	MEDIUM	adacore	ada_web_services	AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a …	CWE-20 不適切な入力確認	CVE-2012-1035	2012-02-9 14:00	2012-02-9	表示	GitHub Exploit DB Packet Storm

257102	7.5	HIGH	extensionsforjoomla	com_vikrealestate	Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a re…	CWE-89 SQLインジェクション	CVE-2011-4823	2012-02-9 14:00	2011-12-15	表示	GitHub Exploit DB Packet Storm

257103	6.8	MEDIUM	autosectools	v-cms	SQL injection vulnerability in session.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to process.php. NOTE: some of these details are…	CWE-89 SQLインジェクション	CVE-2011-4826	2012-02-9 14:00	2011-12-15	表示	GitHub Exploit DB Packet Storm

257104	4.3	MEDIUM	autosectools	v-cms	Multiple cross-site scripting (XSS) vulnerabilities in AutoSec Tools V-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) p parameter to redirect.php and (2) box parame…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-4827	2012-02-9 14:00	2011-12-15	表示	GitHub Exploit DB Packet Storm

257105	4.0	MEDIUM	david_azoulay	web_file_browser	Directory traversal vulnerability in webFileBrowser.php in Web File Browser 0.4b14 allows remote authenticated users to read arbitrary files via a ..%2f (encoded dot dot) in the file parameter in a d…	CWE-22 パス・トラバーサル	CVE-2011-4831	2012-02-9 14:00	2011-12-15	表示	GitHub Exploit DB Packet Storm

257106	6.5	MEDIUM	sybase	m-business_anywhere	The web administration interface in the server in Sybase M-Business Anywhere 6.7 before ESD# 3 and 7.0 before ESD# 7 does not require admin authentication for unspecified scripts, which allows remote…	CWE-264 認可・権限・アクセス制御	CVE-2011-5078	2012-02-9 14:00	2012-02-9	表示	GitHub Exploit DB Packet Storm

257107	6.8	MEDIUM	emobile	pocket_wifi_firmware pocket_wifi	Multiple cross-site request forgery (CSRF) vulnerabilities on the eAccess Pocket WiFi (aka GP02) router before 2.00 with firmware 11.203.11.05.168 and earlier allow remote attackers to hijack the aut…	CWE-352 同一生成元ポリシー違反	CVE-2012-0314	2012-02-9 13:10	2012-02-3	表示	GitHub Exploit DB Packet Storm

257108	7.5	HIGH	hudong	hdwiki	Unrestricted file upload vulnerability in attachement.php in HDWiki 5.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a dir…	NVD-CWE-Other	CVE-2011-5077	2012-02-9 00:21	2012-02-8	表示	GitHub Exploit DB Packet Storm

257109	7.5	HIGH	hudong	hdwiki	SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, 5.1, and possibly other versions allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php. NOTE:…	CWE-89 SQLインジェクション	CVE-2011-5076	2012-02-9 00:16	2012-02-8	表示	GitHub Exploit DB Packet Storm

257110	2.1	LOW	foswiki	foswiki	Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the (1…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-1004	2012-02-8 14:00	2012-02-8	表示	GitHub Exploit DB Packet Storm

257111	2.1	LOW	foswiki	foswiki	Per: http://foswiki.org/Support/SecurityAlert-CVE-2012-1004 'Vulnerable Software Versions - All versions 1.0.0 - 1.1.4 inclusive for sites that use the user registration process'	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-1004	2012-02-8 14:00	2012-02-8	表示	GitHub Exploit DB Packet Storm

257112	4.3	MEDIUM	xwiki	xwiki_enterprise	Multiple cross-site scripting (XSS) vulnerabilities in XWiki Enterprise 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) XWiki.XWikiComments_comment parameter to xwiki/bi…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-1019	2012-02-8 14:00	2012-02-8	表示	GitHub Exploit DB Packet Storm

257113	5.0	MEDIUM	dream-multimedia-tv	enigma2_webinterface	Absolute path traversal vulnerability in file in Enigma2 Webinterface 1.6.0 through 1.6.8, 1.6rc3, and 1.7.0 allows remote attackers to read arbitrary files via a full pathname in the file parameter.	CWE-22 パス・トラバーサル	CVE-2012-1025	2012-02-8 14:00	2012-02-8	表示	GitHub Exploit DB Packet Storm

257114	7.5	HIGH	whmcs	whmcompletesolution	functions.php in WHMCompleteSolution (WHMCS) 4.0.x through 5.0.x allows remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket, related to…	CWE-94 コード・インジェクション	CVE-2011-5061	2012-02-8 14:00	2012-01-14	表示	GitHub Exploit DB Packet Storm

257115	2.1	LOW	ibm	websphere_application_server	The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus (SIB) dump o…	CWE-200 情報漏えい	CVE-2011-5066	2012-02-8 14:00	2012-01-15	表示	GitHub Exploit DB Packet Storm

257116	5.0	MEDIUM	oracle	fusion_middleware	Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect availability via unknown vectors …	NVD-CWE-noinfo	CVE-2011-3531	2012-02-7 14:00	2012-01-19	表示	GitHub Exploit DB Packet Storm

257117	4.6	MEDIUM	oracle	communications_unified	Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Calendar Server.	NVD-CWE-noinfo	CVE-2011-3565	2012-02-7 14:00	2012-01-19	表示	GitHub Exploit DB Packet Storm

257118	5.0	MEDIUM	oracle	fusion_middleware	Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect confidentiality via unknown vecto…	NVD-CWE-noinfo	CVE-2011-3569	2012-02-7 14:00	2012-01-19	表示	GitHub Exploit DB Packet Storm

257119	2.1	LOW	oracle	communications_unified	Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality via unknown vectors related to Calendar Server.	NVD-CWE-noinfo	CVE-2011-3570	2012-02-7 14:00	2012-01-19	表示	GitHub Exploit DB Packet Storm

257120	4.0	MEDIUM	oracle	communications_unified	Unspecified vulnerability in Oracle Communications Unified 7.0 allows remote authenticated users to affect availability via unknown vectors related to Calendar Server.	NVD-CWE-noinfo	CVE-2011-3573	2012-02-7 14:00	2012-01-19	表示	GitHub Exploit DB Packet Storm

257121	3.3	LOW	oracle	communications_unified	Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality and integrity via unknown vectors related to Calendar Server.	NVD-CWE-noinfo	CVE-2011-3574	2012-02-7 14:00	2012-01-19	表示	GitHub Exploit DB Packet Storm

257122	9.3	HIGH	siemens	wincc_flexible wincc simatic_hmi_panels wincc_runtime_advanced wincc_flexible_runtime	The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panel…	CWE-287 不適切な認証	CVE-2011-4508	2012-02-7 14:00	2012-02-4	表示	GitHub Exploit DB Packet Storm

257123	5.8	MEDIUM	tencent	qqpphoto	The Tencent QQPhoto (com.tencent.qqphoto) application 0.97 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a password hash via a cr…	CWE-264 認可・権限・アクセス制御	CVE-2011-4867	2012-02-7 14:00	2012-01-25	表示	GitHub Exploit DB Packet Storm

257124	7.5	HIGH	cafuego	simple_document_management_system	SQL injection vulnerability in detail.php in Simple Document Management System (SDMS) allows remote attackers to execute arbitrary SQL commands via the doc_id parameter.	CWE-89 SQLインジェクション	CVE-2010-4986	2012-02-7 14:00	2011-11-2	表示	GitHub Exploit DB Packet Storm

257125	7.5	HIGH	cafuego	simple_document_management_system	Multiple SQL injection vulnerabilities in Simple Document Management System (SDMS) 2.0-CVS and earlier allow remote attackers to execute arbitrary SQL commands via the (1) folder_id parameter in list…	CWE-89 SQLインジェクション	CVE-2005-3877	2012-02-7 14:00	2005-11-29	表示	GitHub Exploit DB Packet Storm

257126	4.3	MEDIUM	oscommerce	oscommerce	Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-0311	2012-02-6 14:00	2012-01-27	表示	GitHub Exploit DB Packet Storm

257127	4.3	MEDIUM	oscommerce	online_merchant oscommerce	Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9, and osCommerce Online Merchant before 2.3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified v…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-0312	2012-02-6 14:00	2012-01-27	表示	GitHub Exploit DB Packet Storm

257128	9.3	HIGH	emc	networker	Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before 7.6.3 SP1 Cumulative Release build 851 allows remote attackers to cause a denial of service (daemon crash) or possibly execute ar…	CWE-119 バッファエラー	CVE-2012-0395	2012-02-6 14:00	2012-01-27	表示	GitHub Exploit DB Packet Storm

257129	4.3	MEDIUM	apple	mac_os_x mac_os_x_server	Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an…	CWE-310 暗号の問題	CVE-2011-3444	2012-02-6 14:00	2012-02-3	表示	GitHub Exploit DB Packet Storm

257130	5.0	MEDIUM	rsa	envision	EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified vectors.	CWE-200 情報漏えい	CVE-2011-4143	2012-02-6 14:00	2012-01-27	表示	GitHub Exploit DB Packet Storm

257131	10.0	HIGH	siemens	wincc_flexible wincc simatic_hmi_panels wincc_runtime_advanced wincc_flexible_runtime	The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; …	CWE-264 認可・権限・アクセス制御	CVE-2011-4509	2012-02-6 14:00	2012-02-4	表示	GitHub Exploit DB Packet Storm

257132	4.3	MEDIUM	siemens	wincc_flexible wincc simatic_hmi_panels wincc_runtime_advanced wincc_flexible_runtime	Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-4510	2012-02-6 14:00	2012-02-4	表示	GitHub Exploit DB Packet Storm

257133	4.3	MEDIUM	siemens	wincc_flexible wincc simatic_hmi_panels wincc_runtime_advanced wincc_flexible_runtime	Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-4511	2012-02-6 14:00	2012-02-4	表示	GitHub Exploit DB Packet Storm

257134	5.0	MEDIUM	siemens	wincc_flexible wincc simatic_hmi_panels wincc_runtime_advanced wincc_flexible_runtime	CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and…	CWE-94 コード・インジェクション	CVE-2011-4512	2012-02-6 14:00	2012-02-4	表示	GitHub Exploit DB Packet Storm

257135	10.0	HIGH	siemens	wincc_flexible wincc simatic_hmi_panels wincc_runtime_advanced wincc_flexible_runtime	Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Run…	NVD-CWE-noinfo	CVE-2011-4513	2012-02-6 14:00	2012-02-4	表示	GitHub Exploit DB Packet Storm

257136	10.0	HIGH	siemens	wincc_flexible wincc simatic_hmi_panels wincc_runtime_advanced wincc_flexible_runtime	The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; a…	CWE-287 不適切な認証	CVE-2011-4514	2012-02-6 14:00	2012-02-4	表示	GitHub Exploit DB Packet Storm

257137	4.3	MEDIUM	mozilla	bugzilla	Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3, when debug mode is used…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-3657	2012-02-4 13:01	2012-01-3	表示	GitHub Exploit DB Packet Storm

257138	4.3	MEDIUM	roundcube	webmail	Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to t…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-2937	2012-02-4 13:00	2011-09-22	表示	GitHub Exploit DB Packet Storm

257139	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embe…	CWE-189 数値処理の問題	CVE-2011-0200	2012-02-4 12:56	2011-06-25	表示	GitHub Exploit DB Packet Storm

257140	4.3	MEDIUM	apple	mac_os_x mac_os_x_server	Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lac…	CWE-200 情報漏えい	CVE-2011-3452	2012-02-4 01:16	2012-02-3	表示	GitHub Exploit DB Packet Storm

257141	7.8	HIGH	freebsd netbsd	freebsd netbsd	The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD, NetBSD, and possibly other BSD-based operating systems allows remote attackers to cause a denial of service (CPU cons…	CWE-399 リソース管理の問題	CVE-2011-2393	2012-02-3 14:00	2012-02-3	表示	GitHub Exploit DB Packet Storm

257142	7.5	HIGH	apple	mac_os_x mac_os_x_server	Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execute arbitrary code or cause a denial of service (ap…	NVD-CWE-noinfo	CVE-2011-3446	2012-02-3 14:00	2012-02-3	表示	GitHub Exploit DB Packet Storm

257143	4.3	MEDIUM	apple	mac_os_x mac_os_x_server	CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL.	CWE-200 情報漏えい	CVE-2011-3447	2012-02-3 14:00	2012-02-3	表示	GitHub Exploit DB Packet Storm

257144	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file wit…	CWE-119 バッファエラー	CVE-2011-3448	2012-02-3 14:00	2012-02-3	表示	GitHub Exploit DB Packet Storm

257145	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font…	CWE-399 リソース管理の問題	CVE-2011-3449	2012-02-3 14:00	2012-02-3	表示	GitHub Exploit DB Packet Storm

257146	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restrict the allocation of stack memory, which allows remote attackers to execute arbitrary code or cause a denial of service (memory c…	CWE-399 リソース管理の問題	CVE-2011-3450	2012-02-3 14:00	2012-02-3	表示	GitHub Exploit DB Packet Storm

257147	6.8	MEDIUM	apple	mac_os_x mac_os_x_server	Per http://support.apple.com/kb/HT5130 : This issue does not affect systems prior to OS X Lion. 'This issue does not affect systems prior to OS X Lion.'	CWE-399 リソース管理の問題	CVE-2011-3450	2012-02-3 14:00	2012-02-3	表示	GitHub Exploit DB Packet Storm

257148	5.0	MEDIUM	apple	mac_os_x mac_os_x_server	Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in…	NVD-CWE-noinfo	CVE-2011-3462	2012-02-3 14:00	2012-02-3	表示	GitHub Exploit DB Packet Storm

257149	7.2	HIGH	apple	mac_os_x mac_os_x_server	WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properly perform authentication, which allows local users to gain privileges by leveraging access to (1) the server or (2) a bound direc…	CWE-287 不適切な認証	CVE-2011-3463	2012-02-3 14:00	2012-02-3	表示	GitHub Exploit DB Packet Storm

257150	7.2	HIGH	apple	mac_os_x mac_os_x_server	Per: http://support.apple.com/kb/HT5130 'This issue does not affect systems prior to OS X Lion.'	CWE-287 不適切な認証	CVE-2011-3463	2012-02-3 14:00	2012-02-3	表示	GitHub Exploit DB Packet Storm