NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年9月21日20:15

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
257301	10.0	HIGH	schneider-electric	quantum_ethernet_module_140noe77100 quantum_ethernet_module_140noe77101 quantum_ethernet_module_140noe77111	The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the password for the fwupgrade account by performing…	CWE-287 不適切な認証	CVE-2011-4860	2011-12-20 04:03	2011-12-17	表示	GitHub Exploit DB Packet Storm

257302	4.3	MEDIUM	smartertools	smarterstats	Multiple cross-site scripting (XSS) vulnerabilities in SmarterTools SmarterStats 6.2.4100 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstra…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-4750	2011-12-16 20:55	2011-12-16	表示	GitHub Exploit DB Packet Storm

257303	10.0	HIGH	parallels	parallels_plesk_small_business_panel	The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to…	NVD-CWE-Other	CVE-2011-4768	2011-12-16 20:55	2011-12-16	表示	GitHub Exploit DB Packet Storm

257304	4.3	MEDIUM	parallels	parallels_plesk_panel	The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potenti…	CWE-200 情報漏えい	CVE-2011-4850	2011-12-16 20:55	2011-12-16	表示	GitHub Exploit DB Packet Storm

257305	4.3	MEDIUM	homeseer	homeseer_hs2	Cross-site scripting (XSS) vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to inject arbitrary web script or HTML via a request for a crafted URI.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-4836	2011-12-16 04:54	2011-12-15	表示	GitHub Exploit DB Packet Storm

257306	7.5	HIGH	homeseer	homeseer_hs2	Directory traversal vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to access arbitrary files via unspecified vectors.	CWE-22 パス・トラバーサル	CVE-2011-4835	2011-12-16 04:53	2011-12-15	表示	GitHub Exploit DB Packet Storm

257307	3.5	LOW	barter-sites	com_listing	Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-4830	2011-12-16 04:01	2011-12-15	表示	GitHub Exploit DB Packet Storm

257308	7.5	HIGH	barter-sites	com_listing	SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php.	CWE-89 SQLインジェクション	CVE-2011-4829	2011-12-16 03:56	2011-12-15	表示	GitHub Exploit DB Packet Storm

257309	7.5	HIGH	phpletter phpmyfaq tinymce	ajax_file_and_image_manager phpmyfaq tinymce	Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly …	CWE-94 コード・インジェクション	CVE-2011-4825	2011-12-16 03:03	2011-12-15	表示	GitHub Exploit DB Packet Storm

257310	3.6	LOW	artsoft	rocks\'n\'diamonds	Artsoft Entertainment Rocks'n'Diamonds (aka rocksndiamonds) 3.3.0.1 allows local users to overwrite arbitrary files via a symlink attack on .rocksndiamonds/cache/artworkinfo.cache under a user's home…	CWE-264 認可・権限・アクセス制御	CVE-2011-4606	2011-12-16 01:32	2011-12-15	表示	GitHub Exploit DB Packet Storm

257311	7.5	HIGH	autosectools	v-cms	Unrestricted file upload vulnerability in includes/inline_image_upload.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extensio…	CWE-94 コード・インジェクション	CVE-2011-4828	2011-12-15 14:00	2011-12-15	表示	GitHub Exploit DB Packet Storm

257312	6.8	MEDIUM	homeseer	homeseer_hs2	Cross-site request forgery (CSRF) vulnerability in /ctrl in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to hijack the authentication of admins for requests that execute arbitra…	CWE-352 同一生成元ポリシー違反	CVE-2011-4837	2011-12-15 14:00	2011-12-15	表示	GitHub Exploit DB Packet Storm

257313	4.3	MEDIUM	phpmyadmin	phpmyadmin	Cross-site scripting (XSS) vulnerability in the setup interface in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-4064	2011-12-15 12:57	2011-11-2	表示	GitHub Exploit DB Packet Storm

257314	5.5	MEDIUM	oracle	linux	Unspecified vulnerability in Oracle Linux 4 and 5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to "Oracle validated."	NVD-CWE-noinfo	CVE-2011-2306	2011-12-15 12:54	2011-10-19	表示	GitHub Exploit DB Packet Storm

257315	7.5	HIGH	mawashimono	nikki	Directory traversal vulnerability in HP no Mawashimono Nikki 6.6 and earlier allows remote attackers to read and modify arbitrary files via unspecified vectors.	CWE-22 パス・トラバーサル	CVE-2011-4001	2011-12-14 14:00	2011-12-1	表示	GitHub Exploit DB Packet Storm

257316	7.5	HIGH	mawashimono	nikki	HP no Mawashimono Nikki 6.6 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability."	CWE-78 OSコマンド・インジェクション	CVE-2011-4002	2011-12-14 14:00	2011-11-30	表示	GitHub Exploit DB Packet Storm

257317	10.0	HIGH	urs_maag	maag_randomimage	Unspecified vulnerability in the Random Images (maag_randomimage) extension 1.6.4 and earlier for TYPO3 allows remote attackers to execute arbitrary shell commands via unspecified vectors.	NVD-CWE-noinfo	CVE-2009-3819	2011-12-14 14:00	2009-10-28	表示	GitHub Exploit DB Packet Storm

257318	7.5	HIGH	flagbit	fb_filebase	SQL injection vulnerability in the Flagbit Filebase (fb_filebase) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.	CWE-89 SQLインジェクション	CVE-2009-3820	2011-12-14 14:00	2009-10-28	表示	GitHub Exploit DB Packet Storm

257319	4.3	MEDIUM	apache	solr	Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-3821	2011-12-14 14:00	2009-10-28	表示	GitHub Exploit DB Packet Storm

257320	7.2	HIGH	restorepoint	restorepoint	The Tadasoft Restorepoint 3.2 evaluation image uses weak permissions (www write access) for unspecified scripts, which allows local users to gain privileges by modifying a script file.	CWE-264 認可・権限・アクセス制御	CVE-2011-4202	2011-12-13 23:57	2011-12-13	表示	GitHub Exploit DB Packet Storm

257321	9.3	HIGH	restorepoint	restorepoint	remote_support.cgi in the Tadasoft Restorepoint 3.2 evaluation image allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) pid1 or (2) pid2 parameter in a stop_rem…	CWE-94 コード・インジェクション	CVE-2011-4201	2011-12-13 20:55	2011-12-13	表示	GitHub Exploit DB Packet Storm

257322	7.2	HIGH	freebsd	freebsd	Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service (panic) or possibly gain privileges via a bind system call with a long pathname for a UNIX…	CWE-119 バッファエラー	CVE-2011-4062	2011-12-13 13:09	2011-10-18	表示	GitHub Exploit DB Packet Storm

257323	5.0	MEDIUM	vmware	vcenter_update_manager	The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directo…	CWE-16 環境設定	CVE-2011-4404	2011-12-13 13:09	2011-11-19	表示	GitHub Exploit DB Packet Storm

257324	5.0	MEDIUM	ibm	db2_tools_for_z\/os	The web-server component in the Consolidation and Analysis Engine (CAE) Server in DB2 Query Monitor in IBM DB2 Tools 2.3.0 for z/OS does not prevent directory browsing, which allows remote attackers …	CWE-264 認可・権限・アクセス制御	CVE-2011-4435	2011-12-13 13:09	2011-11-12	表示	GitHub Exploit DB Packet Storm

257325	5.0	MEDIUM	prestashop	prestashop	CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the name paramete…	CWE-94 コード・インジェクション	CVE-2011-4545	2011-12-13 13:09	2011-12-2	表示	GitHub Exploit DB Packet Storm

257326	4.3	MEDIUM	prestashop	prestashop	Multiple cross-site scripting (XSS) vulnerabilities in Prestashop before 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) address or (2) relativ_base_dir parameter to mod…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-4544	2011-12-13 13:09	2011-12-2	表示	GitHub Exploit DB Packet Storm

257327	7.5	HIGH	adrotateplugin	adrotate	SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the…	CWE-89 SQLインジェクション	CVE-2011-4671	2011-12-13 13:09	2011-12-3	表示	GitHub Exploit DB Packet Storm

257328	4.6	MEDIUM	freedesktop	colord	Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices a…	CWE-89 SQLインジェクション	CVE-2011-4349	2011-12-12 14:00	2011-12-11	表示	GitHub Exploit DB Packet Storm

257329	7.5	HIGH	mambo-foundation	mambo	SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter.	CWE-89 SQLインジェクション	CVE-2011-2917	2011-12-9 14:00	2011-12-9	表示	GitHub Exploit DB Packet Storm

257330	5.0	MEDIUM	oscss	oscss	Directory traversal vulnerability in catalog/content.php in osCSS2 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the _ID parameter to (1) catalog/shopping_ca…	CWE-22 パス・トラバーサル	CVE-2011-4713	2011-12-9 14:00	2011-12-9	表示	GitHub Exploit DB Packet Storm

257331	4.3	MEDIUM	apc	powerchute	Cross-site scripting (XSS) vulnerability in Schneider Electric PowerChute Business Edition before 8.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-4263	2011-12-8 23:59	2011-12-8	表示	GitHub Exploit DB Packet Storm

257332	10.0	HIGH	indusoft	web_studio	CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vecto…	CWE-287 不適切な認証	CVE-2011-4051	2011-12-8 14:00	2011-12-5	表示	GitHub Exploit DB Packet Storm

257333	9.0	HIGH	proftpd	proftpd	Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data tran…	CWE-399 リソース管理の問題	CVE-2011-4130	2011-12-8 14:00	2011-12-6	表示	GitHub Exploit DB Packet Storm

257334	4.3	MEDIUM	oneclickorgs	one_click_orgs	Multiple cross-site scripting (XSS) vulnerabilities in One Click Orgs before 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the description field of (1) a new vote or (2) the…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-4552	2011-12-8 14:00	2011-12-6	表示	GitHub Exploit DB Packet Storm

257335	5.8	MEDIUM	oneclickorgs	one_click_orgs	Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3 allow (1) remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the return_to parameter, and…	CWE-20 不適切な入力確認	CVE-2011-4553	2011-12-8 14:00	2011-12-6	表示	GitHub Exploit DB Packet Storm

257336	5.5	MEDIUM	oneclickorgs	one_click_orgs	One Click Orgs before 1.2.3 allows remote authenticated users to trigger crafted SMTP traffic via (1) " (double quote) and newline characters in an org name or (2) " (double quote) characters in an e…	CWE-20 不適切な入力確認	CVE-2011-4554	2011-12-8 14:00	2011-12-6	表示	GitHub Exploit DB Packet Storm

257337	4.0	MEDIUM	oneclickorgs	one_click_orgs	One Click Orgs before 1.2.3 does not require unique e-mail addresses for user accounts, which allows remote authenticated users to cause a denial of service (login disruption) or spoof votes or comme…	CWE-255 証明書・パスワード管理	CVE-2011-4555	2011-12-8 14:00	2011-12-6	表示	GitHub Exploit DB Packet Storm

257338	5.0	MEDIUM	oneclickorgs	one_click_orgs	The password reset feature in One Click Orgs before 1.2.3 generates different error messages for failed reset attempts depending on whether the e-mail address is registered, which allows remote attac…	CWE-255 証明書・パスワード管理	CVE-2011-4678	2011-12-8 14:00	2011-12-6	表示	GitHub Exploit DB Packet Storm

257339	7.5	HIGH	etomite	etomite	SQL injection vulnerability in Etomite Content Management System (CMS) before 0.6.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.	CWE-89 SQLインジェクション	CVE-2006-5242	2011-12-8 14:00	2006-10-12	表示	GitHub Exploit DB Packet Storm

257340	7.5	HIGH	etomite	etomite	This vulnerability is addressed in the following product release: Etomite, Etomite Content Management System, 0.6.1.1	CWE-89 SQLインジェクション	CVE-2006-5242	2011-12-8 14:00	2006-10-12	表示	GitHub Exploit DB Packet Storm

257341	7.5	HIGH	oneclickorgs	one_click_orgs	One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.	CWE-287 不適切な認証	CVE-2011-4677	2011-12-6 20:55	2011-12-6	表示	GitHub Exploit DB Packet Storm

257342	4.3	MEDIUM	schneider-electric	vijeo_historian citecthistorian citectscada_reports	Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allo…	CWE-119 バッファエラー	CVE-2011-4033	2011-12-2 20:55	2011-12-2	表示	GitHub Exploit DB Packet Storm

257343	5.0	MEDIUM	schneider-electric	vijeo_historian citecthistorian citectscada_reports	Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arb…	CWE-22 パス・トラバーサル	CVE-2011-4036	2011-12-2 20:55	2011-12-2	表示	GitHub Exploit DB Packet Storm

257344	4.3	MEDIUM	adjam	rekonq	Rekonq 0.7.0 and earlier does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.	CWE-20 不適切な入力確認	CVE-2011-3366	2011-12-1 14:00	2011-11-30	表示	GitHub Exploit DB Packet Storm

257345	6.0	MEDIUM	lesterchan	wp-postratings	SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role…	CWE-94 コード・インジェクション	CVE-2011-4646	2011-12-1 14:00	2011-12-1	表示	GitHub Exploit DB Packet Storm

257346	4.3	MEDIUM	geeklog	geeklog	Multiple cross-site scripting (XSS) vulnerabilities in the story creation feature in Geeklog 1.8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) code or (2) raw BBcode tag…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-4647	2011-12-1 14:00	2011-12-1	表示	GitHub Exploit DB Packet Storm

257347	7.5	HIGH	novell	netware	Stack-based buffer overflow in the xdrDecodeString function in XNFS.NLM in Novell NetWare 6.5 SP8 allows remote attackers to execute arbitrary code or cause a denial of service (abend or NFS outage) …	CWE-119 バッファエラー	CVE-2011-4191	2011-12-1 03:51	2011-11-30	表示	GitHub Exploit DB Packet Storm

257348	7.5	HIGH	novell	iprint_open_enterprise_server_2	Stack-based buffer overflow in the GetDriverSettings function in nipplib.dll in the iPrint client in Novell Open Enterprise Server 2 (aka OES2) SP3 allows remote attackers to execute arbitrary code v…	CWE-119 バッファエラー	CVE-2011-3173	2011-12-1 02:52	2011-11-30	表示	GitHub Exploit DB Packet Storm

257349	5.0	MEDIUM	arora-browser	arora	Arora, possibly 0.11 and other versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certifica…	CWE-20 不適切な入力確認	CVE-2011-3367	2011-12-1 00:51	2011-11-30	表示	GitHub Exploit DB Packet Storm

257350	4.3	MEDIUM	foliovision	fv_wordpress_flowplayer_plugin	Cross-site scripting (XSS) vulnerability in view/frontend-head.php in the Flowplayer plugin before 1.2.12 for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-4568	2011-11-30 14:00	2011-11-29	表示	GitHub Exploit DB Packet Storm