NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年9月21日5:56

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
257601	7.5	HIGH	gatesoft	docusafe	SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the ECO_ID parameter. NOTE: some of these details are obtain…	CWE-89 SQLインジェクション	CVE-2010-4736	2011-09-22 12:27	2011-02-16	表示	GitHub Exploit DB Packet Storm

257602	7.5	HIGH	hotwebscripts	hotweb_rentals	SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropResort parameter.	CWE-89 SQLインジェクション	CVE-2010-4737	2011-09-22 12:27	2011-02-16	表示	GitHub Exploit DB Packet Storm

257603	7.5	HIGH	raemedia	real_estate_single_and_multi_agent_system	Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/cit…	CWE-89 SQLインジェクション	CVE-2010-4738	2011-09-22 12:27	2011-02-16	表示	GitHub Exploit DB Packet Storm

257604	9.3	HIGH	scadaengine	bacnet_opc_client	Stack-based buffer overflow in WTclient.dll in SCADA Engine BACnet OPC Client before 1.0.25 allows user-assisted remote attackers to execute arbitrary code via a crafted .csv file, related to a statu…	CWE-119 バッファエラー	CVE-2010-4740	2011-09-22 12:27	2011-02-16	表示	GitHub Exploit DB Packet Storm

257605	4.3	MEDIUM	pmwiki	pmwiki	Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.20 allows remote attackers to inject arbitrary web script or HTML via the from parameter to Main/WikiSandbox. NOTE: some of these…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-4748	2011-09-22 12:27	2011-03-2	表示	GitHub Exploit DB Packet Storm

257606	4.3	MEDIUM	blogcms	blog\	Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1.e, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) body parameter to action.php a…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-4749	2011-09-22 12:27	2011-03-2	表示	GitHub Exploit DB Packet Storm

257607	6.8	MEDIUM	blogcms	blog\	Cross-site request forgery (CSRF) vulnerability in admin/libs/ADMIN.php in BLOG:CMS 4.2.1.e, and possibly earlier, allows remote attackers to hijack the authentication of administrators.	CWE-352 同一生成元ポリシー違反	CVE-2010-4750	2011-09-22 12:27	2011-03-2	表示	GitHub Exploit DB Packet Storm

257608	7.5	HIGH	commodityrentals	dvd_rentals_script	SQL injection vulnerability in index.php in CommodityRentals DVD Rentals Script allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action.	CWE-89 SQLインジェクション	CVE-2010-4770	2011-09-22 12:27	2011-03-24	表示	GitHub Exploit DB Packet Storm

257609	7.5	HIGH	enanocms	enano_cms	SQL injection vulnerability in the check_banlist function in includes/sessions.php in Enano CMS 1.1.7pl1; 1.0.6pl2; and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2 allows remote atta…	CWE-89 SQLインジェクション	CVE-2010-4780	2011-09-22 12:27	2011-04-7	表示	GitHub Exploit DB Packet Storm

257610	5.0	MEDIUM	enanocms	enano_cms	index.php in Enano CMS 1.1.7pl1, and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2, allows remote attackers to obtain sensitive information via a crafted title parameter, which reveals…	CWE-200 情報漏えい	CVE-2010-4781	2011-09-22 12:27	2011-04-7	表示	GitHub Exploit DB Packet Storm

257611	7.5	HIGH	softwebsnepal	ananda_real_estate	Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) stat…	CWE-89 SQLインジェクション	CVE-2010-4782	2011-09-22 12:27	2011-04-7	表示	GitHub Exploit DB Packet Storm

257612	7.5	HIGH	t-dreams	job_career_package	SQL injection vulnerability in Resumes/TD_RESUME_Indlist.asp in Techno Dreams (T-Dreams) Job Career Package 3.0 allows remote attackers to execute arbitrary SQL commands via the z_Residency parameter.	CWE-89 SQLインジェクション	CVE-2010-4830	2011-09-22 12:27	2011-08-24	表示	GitHub Exploit DB Packet Storm

257613	9.3	HIGH	citrix	access_gateway	The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and …	NVD-CWE-noinfo	CVE-2010-4566	2011-09-22 12:26	2011-01-15	表示	GitHub Exploit DB Packet Storm

257614	9.3	HIGH	realnetworks	realplayer realplayer_sp	An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly initialize an unspecified object component during p…	CWE-119 バッファエラー	CVE-2010-3747	2011-09-22 12:25	2010-10-19	表示	GitHub Exploit DB Packet Storm

257615	6.4	MEDIUM	debian	horde horde_groupware	Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files vi…	CWE-22 パス・トラバーサル	CVE-2009-0932	2011-09-22 12:07	2009-03-18	表示	GitHub Exploit DB Packet Storm

257616	5.0	MEDIUM	cogentdatahub	cogent_datahub	Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to cause a denial of service (crash) via a negative or large Content-Length value.	CWE-189 数値処理の問題	CVE-2011-3501	2011-09-21 13:00	2011-09-17	表示	GitHub Exploit DB Packet Storm

257617	9.3	HIGH	novell	iprint_client	Stack-based buffer overflow in an ActiveX control in ienipp.ocx in Novell iPrint Client 5.52 allows remote attackers to execute arbitrary code via a long argument to (1) the GetDriverSettings2 method…	CWE-119 バッファエラー	CVE-2010-4321	2011-09-21 13:00	2010-12-31	表示	GitHub Exploit DB Packet Storm

257618	4.0	MEDIUM	apple freebsd netbsd openbsd	mac_os_x freebsd netbsd openbsd	The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (C…	CWE-399 リソース管理の問題	CVE-2010-4754	2011-09-21 13:00	2011-03-3	表示	GitHub Exploit DB Packet Storm

257619	4.3	MEDIUM	seattle_lab_software	slnet_rf_telnet_server	SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier allows user-assisted remote attackers to cause a denial of service (crash) via unspecified telnet options, which triggers a NULL …	CWE-119 バッファエラー	CVE-2008-0152	2011-09-21 13:00	2008-01-9	表示	GitHub Exploit DB Packet Storm

257620	9.3	HIGH	zenturi	zenturi_programchecker	Multiple buffer overflows in certain ActiveX controls in sasatl.dll in Zenturi ProgramChecker allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the (1) Debu…	CWE-119 バッファエラー	CVE-2007-2987	2011-09-20 13:00	2007-06-1	表示	GitHub Exploit DB Packet Storm

257621	9.3	HIGH	zenturi	zenturi_programchecker	Failed exploit attempts will likely result in denial-of-service condition.	CWE-119 バッファエラー	CVE-2007-2987	2011-09-20 13:00	2007-06-1	表示	GitHub Exploit DB Packet Storm

257622	5.0	MEDIUM	cogentdatahub	cogent_datahub	Directory traversal vulnerability in the web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request.	CWE-22 パス・トラバーサル	CVE-2011-3500	2011-09-19 13:00	2011-09-17	表示	GitHub Exploit DB Packet Storm

257623	5.0	MEDIUM	cogentdatahub	cogent_datahub	The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing (1) space or (2) %2e (encoded dot).	CWE-200 情報漏えい	CVE-2011-3502	2011-09-19 13:00	2011-09-17	表示	GitHub Exploit DB Packet Storm

257624	10.0	HIGH	proftpd	proftpd	Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC esca…	CWE-119 バッファエラー	CVE-2010-4221	2011-09-15 12:18	2010-11-10	表示	GitHub Exploit DB Packet Storm

257625	7.1	HIGH	proftpd	proftpd	Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modi…	CWE-22 パス・トラバーサル	CVE-2010-3867	2011-09-15 12:17	2010-11-10	表示	GitHub Exploit DB Packet Storm

257626	6.9	MEDIUM	banshee-project	banshee	The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse share…	NVD-CWE-Other	CVE-2010-3998	2011-09-15 12:17	2010-11-6	表示	GitHub Exploit DB Packet Storm

257627	6.9	MEDIUM	nick_copeland	bristol	startBristol in Bristol 0.60.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directo…	NVD-CWE-Other	CVE-2010-3351	2011-09-15 12:16	2010-10-21	表示	GitHub Exploit DB Packet Storm

257628	4.9	MEDIUM	kernel linux	linux_kernel	The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of ser…	CWE-119 バッファエラー	CVE-2009-3288	2011-09-15 12:06	2009-09-22	表示	GitHub Exploit DB Packet Storm

257629	4.3	MEDIUM	mark_stosberg	data\	The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass…	CWE-264 認可・権限・アクセス制御	CVE-2011-2201	2011-09-15 01:05	2011-09-15	表示	GitHub Exploit DB Packet Storm

257630	4.3	MEDIUM	sage-mozdev	sage	Cross-site scripting (XSS) vulnerability in the Sage add-on 1.3.10 and earlier for Firefox allows remote attackers to inject arbitrary web script or HTML via a crafted feed, a different vulnerability…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-3384	2011-09-14 13:00	2011-09-9	表示	GitHub Exploit DB Packet Storm

257631	7.5	HIGH	edgetechweb	event_registration	SQL injection vulnerability in the Event Registration plugin 5.32 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the event_id parameter in a register action.	CWE-89 SQLインジェクション	CVE-2010-4839	2011-09-14 13:00	2011-09-14	表示	GitHub Exploit DB Packet Storm

257632	7.1	HIGH	hp	palm_pre_webos	Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, which allows remote attackers to execute arbitrary JavaScript, as demonstrated by reading PalmDatabase.db3.	CWE-94 コード・インジェクション	CVE-2009-5097	2011-09-14 13:00	2011-09-14	表示	GitHub Exploit DB Packet Storm

257633	4.3	MEDIUM	webmin	usermin webmin	Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2)…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-3156	2011-09-13 13:00	2007-06-12	表示	GitHub Exploit DB Packet Storm

257634	4.3	MEDIUM	zwahlen_informatik	online_shop	Multiple cross-site scripting (XSS) vulnerabilities in index.htm in Zwahlen Online Shop Freeware 5.2.2.50, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2006-5534	2011-09-13 13:00	2006-10-27	表示	GitHub Exploit DB Packet Storm

257635	4.3	MEDIUM	spymac	spymac_web_os	Multiple cross-site scripting (XSS) vulnerabilities in Spymac Web OS 4.0 allow remote attackers to inject arbitrary web script or HTML via (a) the blogs module, including the (1) curr parameter in in…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2005-3511	2011-09-13 13:00	2005-11-6	表示	GitHub Exploit DB Packet Storm

257636	3.5	LOW	horde	horde_application_framework	Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demons…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2005-4190	2011-09-13 13:00	2005-12-13	表示	GitHub Exploit DB Packet Storm

257637	4.3	MEDIUM	iatek	projectapp	Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp, (2) searc…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2005-4485	2011-09-13 13:00	2005-12-22	表示	GitHub Exploit DB Packet Storm

257638	4.3	MEDIUM	sitekit_solutions	sitekit_cms	Multiple cross-site scripting (XSS) vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) textonly, (3) locID, and…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2005-4491	2011-09-13 13:00	2005-12-22	表示	GitHub Exploit DB Packet Storm

257639	6.8	MEDIUM	iisworks	aspknowledgebase	Multiple cross-site scripting (XSS) vulnerabilities in ASP-Programmers.com ASPKnowledgebase allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrat…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2005-4658	2011-09-13 13:00	2005-12-31	表示	GitHub Exploit DB Packet Storm

257640	7.5	HIGH	oneplug_solutions	oneplug_cms	Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to execute arbitrary SQL commands via the (1) Press_Release_ID parameter in press/details.asp, (2) Servi…	CWE-89 SQLインジェクション	CVE-2006-0115	2011-09-8 13:00	2006-01-9	表示	GitHub Exploit DB Packet Storm

257641	6.8	MEDIUM	runcms	runcms	Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with register_globals and allow_url_fopen enabled, allow remote attackers to execute arbitrary code via the bbPath[path] pa…	CWE-94 コード・インジェクション	CVE-2006-0659	2011-09-8 13:00	2006-02-13	表示	GitHub Exploit DB Packet Storm

257642	6.8	MEDIUM	runcms	runcms	Successful exploitation requires that both "register_globals" and "allow_url_fopen" are enabled.	CWE-94 コード・インジェクション	CVE-2006-0659	2011-09-8 13:00	2006-02-13	表示	GitHub Exploit DB Packet Storm

257643	7.5	HIGH	joomla	joomla	Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors.	CWE-89 SQLインジェクション	CVE-2006-1049	2011-09-8 13:00	2006-03-7	表示	GitHub Exploit DB Packet Storm

257644	7.5	HIGH	castor	castor	Multiple PHP remote file inclusion vulnerabilities in 2le.net Castor PHP Web Builder 1.1.1 allow remote attackers to execute arbitrary PHP code via the rootpath parameter in (1) lib/code.php, (2) lib…	CWE-94 コード・インジェクション	CVE-2006-5481	2011-09-8 13:00	2006-10-25	表示	GitHub Exploit DB Packet Storm

257645	7.5	HIGH	paristemi	paristemi	Multiple PHP remote file inclusion vulnerabilities in Paristemi 0.8.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the SERVER_DIRECTORY parameter to unspecified scrip…	CWE-94 コード・インジェクション	CVE-2006-6689	2011-09-8 13:00	2006-12-22	表示	GitHub Exploit DB Packet Storm

257646	7.5	HIGH	papoo	papoo	Multiple SQL injection vulnerabilities in Papoo 2.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) menuid parameter to (a) index.php and (b) guestbook.php, and the…	CWE-89 SQLインジェクション	CVE-2005-4478	2011-09-8 13:00	2005-12-22	表示	GitHub Exploit DB Packet Storm

257647	9.3	HIGH	ffmpeg mplayerhq	ffmpeg mplayer	The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPlayer and other products, does not properly restrict read operations, which allows remote attackers to have an unspecified impact …	CWE-20 不適切な入力確認	CVE-2011-2160	2011-09-7 12:17	2011-05-21	表示	GitHub Exploit DB Packet Storm

257648	7.2	HIGH	nrl	opie	Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 and earlier might allow local users to gain privileges via a crafted command line.	CWE-189 数値処理の問題	CVE-2011-2489	2011-09-7 12:17	2011-07-27	表示	GitHub Exploit DB Packet Storm

257649	7.2	HIGH	nrl	opie	opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already …	CWE-20 不適切な入力確認	CVE-2011-2490	2011-09-7 12:17	2011-07-27	表示	GitHub Exploit DB Packet Storm

257650	5.0	MEDIUM	digium	asterisk	chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards…	CWE-200 情報漏えい	CVE-2011-2536	2011-09-7 12:17	2011-07-7	表示	GitHub Exploit DB Packet Storm