NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年9月21日16:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
257351	6.8	MEDIUM	apple	mac_os_x imageio mac_os_x_server	Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image.	CWE-119 バッファエラー	CVE-2011-0204	2011-11-24 12:54	2011-06-25	表示	GitHub Exploit DB Packet Storm

257352	4.3	MEDIUM	jamwiki	jamwiki	Cross-site scripting (XSS) vulnerability in Special:Login in JAMWiki before 0.8.4 allows remote attackers to inject arbitrary web script or HTML via the message parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-5054	2011-11-23 23:56	2011-11-23	表示	GitHub Exploit DB Packet Storm

257353	7.5	HIGH	cisco linksys	linksys_wrt54gx_router_firmware wrt54gx	The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware 2.00.05, when UPnP is enabled, configures the SOAP server to listen on the WAN port, which allows remote attackers to administer…	CWE-16 環境設定	CVE-2011-4500	2011-11-22 20:55	2011-11-22	表示	GitHub Exploit DB Packet Storm

257354	7.5	HIGH	dlink	dir-685	The D-Link DIR-685 router, when certain WPA and WPA2 configurations are used, does not maintain an encrypted wireless network during transfer of a large amount of network traffic, which allows remote…	CWE-310 暗号の問題	CVE-2011-4507	2011-11-22 20:55	2011-11-22	表示	GitHub Exploit DB Packet Storm

257355	6.6	MEDIUM	cisco	unified_ip_phone_7906 unified_ip_phone_7911g unified_ip_phone_7931g unified_ip_phone_7941g unified_ip_phone_7941g-ge unified_ip_phone_7942g unified_ip_phone_7945g unified_ip_phon…	The su utility on Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.0.3 allows local users to gain privileges via unspecified vectors, aka Bug ID CSCtf07426.	CWE-264 認可・権限・アクセス制御	CVE-2011-1602	2011-11-22 12:56	2011-06-3	表示	GitHub Exploit DB Packet Storm

257356	4.3	MEDIUM	novell	identity_manager_roles_based_provisioning_module identity_manager_user_application	Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-1696	2011-11-22 12:56	2011-10-8	表示	GitHub Exploit DB Packet Storm

257357	4.3	MEDIUM	novell	identity_manager_roles_based_provisioning_module identity_manager_user_application	Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-2227	2011-11-22 12:56	2011-10-8	表示	GitHub Exploit DB Packet Storm

257358	10.0	HIGH	njstar	njstar_communicator	Buffer overflow in MiniSmtp 3.0.11818 in NJStar Communicator allows remote attackers to execute arbitrary code via a crafted packet.	CWE-119 バッファエラー	CVE-2011-4040	2011-11-21 20:55	2011-11-21	表示	GitHub Exploit DB Packet Storm

257359	9.3	HIGH	aviosoft	dtv_player	Buffer overflow in Aviosoft DTV Player 1.0.1.2 allows remote attackers to execute arbitrary code via a crafted .plf (aka playlist) file.	CWE-119 バッファエラー	CVE-2011-4496	2011-11-21 20:55	2011-11-21	表示	GitHub Exploit DB Packet Storm

257360	3.3	LOW	asus	rt-n56u_firmware rt-n56u	QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request.	CWE-200 情報漏えい	CVE-2011-4497	2011-11-21 20:55	2011-11-21	表示	GitHub Exploit DB Packet Storm

257361	6.8	MEDIUM	zenprise	zenprise_device_manager	Cross-site request forgery (CSRF) vulnerability in the web console in Zenprise Device Manager 6.x through 6.1.8 allows remote attackers to hijack the authentication of administrators for requests tha…	CWE-352 同一生成元ポリシー違反	CVE-2011-4498	2011-11-21 20:55	2011-11-21	表示	GitHub Exploit DB Packet Storm

257362	4.3	MEDIUM	robert_luberda	man2html	Cross-site scripting (XSS) vulnerability in man2html.cgi.c in man2html 1.6, and possibly other version, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-2770	2011-11-21 14:00	2011-11-18	表示	GitHub Exploit DB Packet Storm

257363	5.0	MEDIUM	phpmyadmin	phpmyadmin	phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation…	CWE-20 不適切な入力確認	CVE-2011-3646	2011-11-21 14:00	2011-11-18	表示	GitHub Exploit DB Packet Storm

257364	5.0	MEDIUM	montala	resourcespace	ResourceSpace before 4.2.2833 does not properly validate access keys, which allows remote attackers to bypass intended resource restrictions via unspecified vectors.	CWE-20 不適切な入力確認	CVE-2011-4311	2011-11-21 14:00	2011-11-19	表示	GitHub Exploit DB Packet Storm

257365	7.6	HIGH	apple	mac_os_x	The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted appl…	CWE-264 認可・権限・アクセス制御	CVE-2008-7303	2011-11-21 14:00	2011-11-16	表示	GitHub Exploit DB Packet Storm

257366	2.6	LOW	owasp-java-html-sanitizer_project	owasp-java-html-sanitizer	OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM eleme…	CWE-200 情報漏えい	CVE-2011-4457	2011-11-18 14:00	2011-11-18	表示	GitHub Exploit DB Packet Storm

257367	10.0	HIGH	ge	intelligent_platforms_proficy_historian	Multiple stack-based buffer overflows in GE Intelligent Platforms Proficy Applications before 4.4.1 SIM 101 and 5.x before 5.0 SIM 43 allow remote attackers to cause a denial of service (daemon crash…	CWE-119 バッファエラー	CVE-2011-1919	2011-11-17 14:00	2011-11-3	表示	GitHub Exploit DB Packet Storm

257368	4.3	MEDIUM	ge	intelligent_platforms_proficy_historian	Cross-site scripting (XSS) vulnerability in the Web Administrator component in GE Intelligent Platforms Proficy Historian 4.x and earlier allows remote attackers to inject arbitrary web script or HTM…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-3320	2011-11-17 14:00	2011-11-3	表示	GitHub Exploit DB Packet Storm

257369	7.5	HIGH	olykit	swoopo_clone_2010	SQL injection vulnerability in index.php in OlyKit Swoopo Clone 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter in a product action.	CWE-89 SQLインジェクション	CVE-2010-4997	2011-11-17 14:00	2011-11-3	表示	GitHub Exploit DB Packet Storm

257370	7.5	HIGH	2daybiz	polls_script	SQL injection vulnerability in searchvote.php in 2daybiz Polls (aka Advanced Poll) Script allows remote attackers to execute arbitrary SQL commands via the category parameter.	CWE-89 SQLインジェクション	CVE-2010-5004	2011-11-17 14:00	2011-11-3	表示	GitHub Exploit DB Packet Storm

257371	4.3	MEDIUM	rayzz	photoz	Cross-site scripting (XSS) vulnerability in members/profileCommentsResponse.php in Rayzz Photoz allows remote attackers to inject arbitrary web script or HTML via the profileCommentTextArea parameter…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-5005	2011-11-17 14:00	2011-11-3	表示	GitHub Exploit DB Packet Storm

257372	4.3	MEDIUM	2daybiz	online_classified_script	Cross-site scripting (XSS) vulnerability in products/classified/headersearch.php in 2daybiz Online Classified Script allows remote attackers to inject arbitrary web script or HTML via the sid paramet…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-5018	2011-11-17 14:00	2011-11-3	表示	GitHub Exploit DB Packet Storm

257373	7.5	HIGH	2daybiz	online_classified_script	SQL injection vulnerability in view_photo.php in 2daybiz Online Classified Script allows remote attackers to execute arbitrary SQL commands via the alb parameter.	CWE-89 SQLインジェクション	CVE-2010-5019	2011-11-17 14:00	2011-11-3	表示	GitHub Exploit DB Packet Storm

257374	7.5	HIGH	harmistechnology	com_jesubmit	SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.	CWE-89 SQLインジェクション	CVE-2010-5022	2011-11-17 14:00	2011-11-3	表示	GitHub Exploit DB Packet Storm

257375	4.3	MEDIUM	pligg	pligg_cms	Cross-site scripting (XSS) vulnerability in Pligg before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-3986	2011-11-16 14:00	2011-11-4	表示	GitHub Exploit DB Packet Storm

257376	5.5	MEDIUM	skyarc	autotagging duplicateentry mailpack mtcms multifileuploader	SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, uses weak…	CWE-264 認可・権限・アクセス制御	CVE-2011-3993	2011-11-16 14:00	2011-11-4	表示	GitHub Exploit DB Packet Storm

257377	6.8	MEDIUM	skyarc	autotagging duplicateentry mailpack mtcms multifileuploader	Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0…	CWE-352 同一生成元ポリシー違反	CVE-2011-3994	2011-11-16 14:00	2011-11-4	表示	GitHub Exploit DB Packet Storm

257378	7.5	HIGH	opengear	opengear_console_server_firmware acm5000_console_server cm4000_console_server im4004-5_console_server im4200_console_server img4000_console_server kcs6000_rackside_console_server	Opengear console servers with firmware before 2.2.1 allow remote attackers to bypass authentication, and modify settings or access connected equipment, via unspecified vectors.	CWE-287 不適切な認証	CVE-2011-3997	2011-11-16 14:00	2011-11-10	表示	GitHub Exploit DB Packet Storm

257379	4.3	MEDIUM	apple	webobjects	Cross-site scripting (XSS) vulnerability in Apple WebObjects 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-3998	2011-11-16 14:00	2011-11-10	表示	GitHub Exploit DB Packet Storm

257380	4.3	MEDIUM	ibc.co.jp	iwate_portal_bar	Cross-site scripting (XSS) vulnerability in the RSS/Atom feed-reader implementation in Iwate Portal Bar allows remote attackers to inject arbitrary web script or HTML via a crafted feed.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-3999	2011-11-16 14:00	2011-11-10	表示	GitHub Exploit DB Packet Storm

257381	4.3	MEDIUM	courseforum	projectforum	Cross-site scripting (XSS) vulnerability in CourseForum ProjectForum 7.0.1.3038 allows remote attackers to inject arbitrary web script or HTML via a crafted name of an object within a more object on …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-4277	2011-11-16 14:00	2011-11-4	表示	GitHub Exploit DB Packet Storm

257382	6.8	MEDIUM	john_bradshaw	np_gallery_plugin	PHP remote file inclusion vulnerability in nucleus/plugins/NP_gallery.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary PHP code via a URL in the DIR_NUCLEUS …	CWE-94 コード・インジェクション	CVE-2010-5040	2011-11-16 14:00	2011-11-3	表示	GitHub Exploit DB Packet Storm

257383	4.3	MEDIUM	mahara	mahara	Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) URI attributes and (2) the External…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-2771	2011-11-15 14:00	2011-11-15	表示	GitHub Exploit DB Packet Storm

257384	6.8	MEDIUM	mahara	mahara	Cross-site request forgery (CSRF) vulnerability in Mahara before 1.4.1 allows remote attackers to hijack the authentication of administrators for requests that add a user to an institution.	CWE-352 同一生成元ポリシー違反	CVE-2011-2773	2011-11-15 14:00	2011-11-15	表示	GitHub Exploit DB Packet Storm

257385	4.0	MEDIUM	mahara	mahara	The "Reply to message" feature in Mahara 1.3.x and 1.4.x before 1.4.1 allows remote authenticated users to read the messages of a different user via a modified replyto parameter.	CWE-200 情報漏えい	CVE-2011-2774	2011-11-15 14:00	2011-11-15	表示	GitHub Exploit DB Packet Storm

257386	1.2	LOW	apple	iphone_os ipad2	The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover dur…	CWE-264 認可・権限・アクセス制御	CVE-2011-3440	2011-11-15 14:00	2011-11-12	表示	GitHub Exploit DB Packet Storm

257387	5.0	MEDIUM	dell	kace_k2000_systems_deployment_appliance	The Dell KACE K2000 System Deployment Appliance stores the recovery account password in cleartext within a PHP script, which allows context-dependent attackers to obtain sensitive information by exam…	CWE-310 暗号の問題	CVE-2011-4046	2011-11-15 14:00	2011-11-12	表示	GitHub Exploit DB Packet Storm

257388	6.0	MEDIUM	mahara	mahara	Mahara before 1.4.1, when MNet (aka the Moodle network feature) is used, allows remote authenticated users to gain privileges via a jump to an XMLRPC target.	CWE-264 認可・権限・アクセス制御	CVE-2011-4118	2011-11-15 14:00	2011-11-15	表示	GitHub Exploit DB Packet Storm

257389	9.3	HIGH	dell	kace_k2000_systems_deployment_appliance	The Dell KACE K2000 System Deployment Appliance allows remote attackers to execute arbitrary commands by leveraging database write access.	CWE-94 コード・インジェクション	CVE-2011-4047	2011-11-14 14:00	2011-11-12	表示	GitHub Exploit DB Packet Storm

257390	3.5	LOW	dell	kace_k2000_systems_deployment_appliance	Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface on the Dell KACE K2000 System Deployment Appliance allow remote attackers to inject arbitrary web script or HTM…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-4436	2011-11-14 14:00	2011-11-12	表示	GitHub Exploit DB Packet Storm

257391	2.6	LOW	plume-cms	plume_cms	Cross-site scripting (XSS) vulnerability in Plume before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-3985	2011-11-10 14:00	2011-11-10	表示	GitHub Exploit DB Packet Storm

257392	7.5	HIGH	plume-cms	plume_cms	Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 and earlier allow remote attackers to execute arbitrary PHP code via the _PX_config[manager_path] parameter to (1) articles.php, …	CWE-94 コード・インジェクション	CVE-2006-4533	2011-11-10 14:00	2006-09-2	表示	GitHub Exploit DB Packet Storm

257393	4.3	MEDIUM	adobe	coldfusion	Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header in an id=- query to a .cfm…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-0733	2011-11-8 13:18	2011-02-2	表示	GitHub Exploit DB Packet Storm

257394	4.3	MEDIUM	adobe	coldfusion	Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via an id parameter containing a JavaScript onLoad event …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-0734	2011-11-8 13:18	2011-02-2	表示	GitHub Exploit DB Packet Storm

257395	4.3	MEDIUM	adobe	coldfusion	Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via vectors involving a "tag script."	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-0735	2011-11-8 13:18	2011-02-2	表示	GitHub Exploit DB Packet Storm

257396	7.8	HIGH	cisco	ios ios_xe unified_communications_manager	Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x through 3.2.x, and Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su4, 8.x before 8.5(1)su2, and 8.6 before 8.…	CWE-399 リソース管理の問題	CVE-2011-2072	2011-11-3 11:58	2011-10-4	表示	GitHub Exploit DB Packet Storm

257397	9.3	HIGH	plone	cmfeditions plone	The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-…	CWE-264 認可・権限・アクセス制御	CVE-2011-4030	2011-10-30 12:39	2011-10-10	表示	GitHub Exploit DB Packet Storm

257398	4.3	MEDIUM	kbs	weblygo	Cross-site scripting (XSS) vulnerability in WeblyGo 5.0 Pro/LE, 5.02 Pro/LE, 5.03 Pro/LE, 5.04 Pro/LE, and 5.10 Pro/LE allows remote attackers to inject arbitrary web script or HTML via unspecified v…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-1330	2011-10-27 12:24	2011-06-23	表示	GitHub Exploit DB Packet Storm

257399	6.6	MEDIUM	cisco	unified_ip_phone_7906 unified_ip_phone_7911g unified_ip_phone_7931g unified_ip_phone_7941g unified_ip_phone_7941g-ge unified_ip_phone_7942g unified_ip_phone_7945g unified_ip_phon…	Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 allow local users to gain privileges via unspecified vectors, aka Bug ID CSCtn65815.	CWE-264 認可・権限・アクセス制御	CVE-2011-1603	2011-10-27 12:24	2011-06-3	表示	GitHub Exploit DB Packet Storm

257400	4.9	MEDIUM	apple	mac_os_x mac_os_x_server	The IPv6 implementation in the kernel in Apple Mac OS X before 10.6.8 allows local users to cause a denial of service (NULL pointer dereference and reboot) via vectors involving socket options.	NVD-CWE-Other	CVE-2011-1132	2011-10-27 12:23	2011-06-25	表示	GitHub Exploit DB Packet Storm