NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2024年9月21日20:15

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
257151 5.0 MEDIUM
linux linux_kernel The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo… CWE-200
情報漏えい 		CVE-2010-4563 2012-02-3 14:00 2012-02-3 表示 GitHub Exploit DB Packet Storm
257152 7.5 HIGH
sitracker support_incident_tracker Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in … CWE-94
コード・インジェクション 		CVE-2011-4337 2012-02-2 14:00 2012-01-29 表示 GitHub Exploit DB Packet Storm
257153 7.5 HIGH
sitracker support_incident_tracker Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php,… CWE-89
SQLインジェクション 		CVE-2011-5071 2012-02-2 14:00 2012-01-29 表示 GitHub Exploit DB Packet Storm
257154 7.5 HIGH
sitracker support_incident_tracker Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) co… CWE-89
SQLインジェクション 		CVE-2011-5072 2012-02-2 14:00 2012-01-29 表示 GitHub Exploit DB Packet Storm
257155 4.3 MEDIUM
sitracker support_incident_tracker Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to cont… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-5073 2012-02-2 14:00 2012-01-29 表示 GitHub Exploit DB Packet Storm
257156 6.8 MEDIUM
sitracker support_incident_tracker Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that c… CWE-352
同一生成元ポリシー違反 		CVE-2011-5074 2012-02-2 14:00 2012-01-29 表示 GitHub Exploit DB Packet Storm
257157 5.0 MEDIUM
sitracker support_incident_tracker translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installati… NVD-CWE-noinfo
CVE-2011-5075 2012-02-2 14:00 2012-01-29 表示 GitHub Exploit DB Packet Storm
257158 10.0 HIGH
sitracker support_incident_tracker Multiple unspecified vulnerabilities in Salford Software Support Incident Tracker (SiT!) before 3.30 have unknown impact and attack vectors. NVD-CWE-noinfo
CVE-2007-5635 2012-02-2 14:00 2007-10-24 表示 GitHub Exploit DB Packet Storm
257159 4.9 MEDIUM
cluster_resources
clusterresources 		torque_resource_manager Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) before 2.5.9, when munge authentication is used, allows remote authenticated users to impersonate arbitrary user account… CWE-264
認可・権限・アクセス制御 		CVE-2011-4925 2012-02-2 13:09 2012-01-13 表示 GitHub Exploit DB Packet Storm
257160 10.0 HIGH
hp database_archiving_software Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1213. NVD-CWE-noinfo
CVE-2011-4163 2012-02-2 13:08 2011-12-30 表示 GitHub Exploit DB Packet Storm
257161 10.0 HIGH
hp database_archiving_software Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1214. NVD-CWE-noinfo
CVE-2011-4164 2012-02-2 13:08 2011-12-30 表示 GitHub Exploit DB Packet Storm
257162 10.0 HIGH
hp database_archiving_software Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1263. NVD-CWE-noinfo
CVE-2011-4165 2012-02-2 13:08 2011-12-30 表示 GitHub Exploit DB Packet Storm
257163 4.3 MEDIUM
adobe coldfusion Cross-site scripting (XSS) vulnerability in Remote Development Services (RDS) in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vect… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-4368 2012-02-2 13:08 2011-12-14 表示 GitHub Exploit DB Packet Storm
257164 6.8 MEDIUM
mozilla bugzilla Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that c… CWE-352
同一生成元ポリシー違反 		CVE-2011-3668 2012-02-2 13:07 2012-01-3 表示 GitHub Exploit DB Packet Storm
257165 6.8 MEDIUM
mozilla bugzilla Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that… CWE-352
同一生成元ポリシー違反 		CVE-2011-3669 2012-02-2 13:07 2012-01-3 表示 GitHub Exploit DB Packet Storm
257166 4.3 MEDIUM
adobe coldfusion Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the cfform tag. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-2463 2012-02-2 13:06 2011-12-14 表示 GitHub Exploit DB Packet Storm
257167 5.0 MEDIUM
gnome libsoup Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI. CWE-22
パス・トラバーサル 		CVE-2011-2524 2012-02-2 13:06 2011-09-1 表示 GitHub Exploit DB Packet Storm
257168 6.9 MEDIUM
linux-ha ocf_resource_agents The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allow… NVD-CWE-Other
CVE-2010-3389 2012-02-2 12:58 2010-10-21 表示 GitHub Exploit DB Packet Storm
257169 1.2 LOW
python virtualenv virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/. CWE-59
リンク解釈の問題 		CVE-2011-4617 2012-02-1 13:12 2011-12-31 表示 GitHub Exploit DB Packet Storm
257170 4.3 MEDIUM
zabbix zabbix Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the profiler. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-5027 2012-02-1 13:12 2011-12-30 表示 GitHub Exploit DB Packet Storm
257171 9.0 HIGH
cisco digital_media_manager Cisco Digital Media Manager 5.2.2 and earlier, and 5.2.3, allows remote authenticated users to execute arbitrary code via vectors involving a URL and an administrative resource, aka Bug ID CSCts63878. CWE-94
コード・インジェクション 		CVE-2012-0329 2012-01-31 13:08 2012-01-20 表示 GitHub Exploit DB Packet Storm
257172 7.5 HIGH
drusus
kerry_thompson 		logsurfer
logsurfer\+ 		Double free vulnerability in the prepare_exec function in src/exec.c in Logsurfer 1.5b and earlier, and Logsurfer+ 1.7 and earlier, allows remote attackers to execute arbitrary commands via crafted s… CWE-399
リソース管理の問題 		CVE-2011-3626 2012-01-30 14:00 2012-01-28 表示 GitHub Exploit DB Packet Storm
257173 5.0 MEDIUM
duckcorp bip bip before 0.8.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an empty USER command. NVD-CWE-Other
CVE-2010-3071 2012-01-28 02:43 2010-10-14 表示 GitHub Exploit DB Packet Storm
257174 5.0 MEDIUM
ibm websphere_application_server IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability … CWE-20
不適切な入力確認 		CVE-2012-0193 2012-01-27 13:04 2012-01-20 表示 GitHub Exploit DB Packet Storm
257175 10.0 HIGH
oneorzero aims OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to bypass authentication and obtain administrator privileges via a crafted oozimsrememberme cookie. CWE-287
不適切な認証 		CVE-2011-4214 2012-01-27 13:03 2011-11-2 表示 GitHub Exploit DB Packet Storm
257176 7.5 HIGH
oneorzero aims SQL injection vulnerability in lib/ooz_access.php in OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the cookieName variabl… CWE-89
SQLインジェクション 		CVE-2011-4215 2012-01-27 13:03 2011-11-2 表示 GitHub Exploit DB Packet Storm
257177 4.3 MEDIUM
horde groupware_webmail_edition Cross-site scripting (XSS) vulnerability in Horde_Form in Horde Groupware Webmail Edition before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related … CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-0909 2012-01-27 01:00 2012-01-25 表示 GitHub Exploit DB Packet Storm
257178 4.3 MEDIUM
asterisk open_source chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial … NVD-CWE-noinfo
CVE-2012-0885 2012-01-26 23:50 2012-01-26 表示 GitHub Exploit DB Packet Storm
257179 4.3 MEDIUM
google android The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) in Android 2.3 before 2.3.6 allows remote attackers within Bluetooth range to obtain contact data via an AT phonebook transfer. CWE-200
情報漏えい 		CVE-2011-4276 2012-01-26 14:00 2012-01-26 表示 GitHub Exploit DB Packet Storm
257180 9.3 HIGH
splunk splunk Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote … CWE-287
不適切な認証 		CVE-2011-4644 2012-01-26 14:00 2012-01-3 表示 GitHub Exploit DB Packet Storm
257181 6.4 MEDIUM
kaixin001 kaixin001 The Kaixin001 (com.kaixin001.activity) application 1.3.1 and 1.3.3 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a cleartext pass… CWE-200
情報漏えい 		CVE-2011-4866 2012-01-26 04:45 2012-01-25 表示 GitHub Exploit DB Packet Storm
257182 6.4 MEDIUM
ubermedia twidroyd_legacy The Ubermedia Twidroyd Legacy (com.twidroydlegacy) application 4.3.11 for Android does not properly protect data, which allows remote attackers to read or modify Twitter information via a crafted app… CWE-200
情報漏えい 		CVE-2011-4699 2012-01-26 04:43 2012-01-25 表示 GitHub Exploit DB Packet Storm
257183 6.4 MEDIUM
androidapptools easy_filter The AndroidAppTools Easy Filter (com.phoneblocker.android) application 1.1 and 1.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and call re… CWE-200
情報漏えい 		CVE-2011-4698 2012-01-26 04:41 2012-01-25 表示 GitHub Exploit DB Packet Storm
257184 9.3 HIGH
renren renren_talk Heap-based buffer overflow in RenRen Talk 2.9 allows remote attackers to execute arbitrary code via a crafted image in a chat message, as demonstrated using a PNG file. CWE-119
バッファエラー 		CVE-2012-0916 2012-01-26 03:48 2012-01-25 表示 GitHub Exploit DB Packet Storm
257185 4.3 MEDIUM
oetiker smokeping Cross-site scripting (XSS) vulnerability in smokeping_cgi in Smokeping 2.4.2, 2.6.6, and other versions before 2.6.7 allows remote attackers to inject arbitrary web script or HTML via the displaymode… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-0790 2012-01-25 14:00 2012-01-25 表示 GitHub Exploit DB Packet Storm
257186 9.3 HIGH
renren renren_talk Integer signedness error in RenRen Talk 2.9 allows remote attackers to execute arbitrary code via crafted dimensions of a skin file, leading to a heap-based buffer overflow, as demonstrated using a B… CWE-189
数値処理の問題 		CVE-2012-0915 2012-01-25 14:00 2012-01-25 表示 GitHub Exploit DB Packet Storm
257187 6.4 MEDIUM
xiaomi mitalk_messenger The Xiaomi MiTalk Messenger (com.xiaomi.channel) application before 2.1.320 for Android does not properly protect data, which allows remote attackers to read or modify messaging information via a cra… CWE-200
情報漏えい 		CVE-2011-4697 2012-01-25 14:00 2012-01-25 表示 GitHub Exploit DB Packet Storm
257188 5.8 MEDIUM
hatena callconfirm The CallConfirm (jp.gr.java_conf.ofnhwx.callconfirm) application 2.0.0 for Android does not properly protect data, which allows remote attackers to read or modify allow/block lists via a crafted appl… CWE-264
認可・権限・アクセス制御 		CVE-2011-4701 2012-01-25 14:00 2012-01-25 表示 GitHub Exploit DB Packet Storm
257189 5.8 MEDIUM
nimbuzz nimbuzz The Nimbuzz (com.nimbuzz) application 2.0.8 and 2.0.10 for Android does not properly protect data, which allows remote attackers to read or modify a contact list via a crafted application. CWE-264
認可・権限・アクセス制御 		CVE-2011-4702 2012-01-25 14:00 2012-01-25 表示 GitHub Exploit DB Packet Storm
257190 5.8 MEDIUM
voxofon voxofon The Voxofon (com.voxofon) application before 2.5.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS information via a crafted application. CWE-264
認可・権限・アクセス制御 		CVE-2011-4704 2012-01-25 14:00 2012-01-25 表示 GitHub Exploit DB Packet Storm
257191 5.8 MEDIUM
ming blacklist_free The Ming Blacklist Free (vc.software.blacklist) application 1.8.1 and 1.9.2.1 for Android does not properly protect data, which allows remote attackers to read or modify blacklists and a contact list… CWE-264
認可・権限・アクセス制御 		CVE-2011-4705 2012-01-25 14:00 2012-01-25 表示 GitHub Exploit DB Packet Storm
257192 7.5 HIGH
stone-ware webnetwork SQL injection vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. CWE-89
SQLインジェクション 		CVE-2012-0912 2012-01-25 01:56 2012-01-25 表示 GitHub Exploit DB Packet Storm
257193 6.8 MEDIUM
stone-ware webnetwork Cross-site request forgery (CSRF) vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to hijack the authentication of unspecified victims for requests that modify user accoun… CWE-352
同一生成元ポリシー違反 		CVE-2012-0286 2012-01-25 01:53 2012-01-25 表示 GitHub Exploit DB Packet Storm
257194 4.3 MEDIUM
stone-ware webnetwork Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNetwork before 6.0.8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-0285 2012-01-25 00:55 2012-01-25 表示 GitHub Exploit DB Packet Storm
257195 4.3 MEDIUM
glucose glucose_2 Cross-site scripting (XSS) vulnerability in glucose 2 before stage 6.2 allows remote attackers to inject arbitrary web script or HTML via an RSS feed. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-0313 2012-01-24 14:00 2012-01-24 表示 GitHub Exploit DB Packet Storm
257196 6.8 MEDIUM
emc rsa_adaptive_authentication_on-premise EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly implement Device Recovery and Device Identification, which might allow … CWE-264
認可・権限・アクセス制御 		CVE-2011-2741 2012-01-24 13:00 2011-12-14 表示 GitHub Exploit DB Packet Storm
257197 6.8 MEDIUM
emc rsa_adaptive_authentication_on-premise EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly perform forensic evaluation upon receipt of device tokens from mobile a… CWE-264
認可・権限・アクセス制御 		CVE-2011-2742 2012-01-24 13:00 2011-12-14 表示 GitHub Exploit DB Packet Storm
257198 5.1 MEDIUM
yahoo messenger Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafte… CWE-189
数値処理の問題 		CVE-2012-0268 2012-01-23 14:00 2012-01-20 表示 GitHub Exploit DB Packet Storm
257199 9.3 HIGH
7t igss Untrusted search path vulnerability in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) before 9.0.0.11291 allows local users to gain privileges via a Trojan horse DLL in the current wor… NVD-CWE-Other
CVE-2011-4053 2012-01-23 14:00 2012-01-20 表示 GitHub Exploit DB Packet Storm
257200 9.3 HIGH
7t igss Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path' NVD-CWE-Other
CVE-2011-4053 2012-01-23 14:00 2012-01-20 表示 GitHub Exploit DB Packet Storm