NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年9月29日12:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
258451	7.5	HIGH	simplemachines	smf	The loadUserSettings function in Load.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly handle invalid login attempts, which might make it easier for remote …	CWE-310 暗号の問題	CVE-2011-1128	2011-06-29 13:00	2011-06-21	表示	GitHub Exploit DB Packet Storm

258452	3.5	LOW	simplemachines	smf	Cross-site scripting (XSS) vulnerability in the EditNews function in ManageNews.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, might allow remote authenticated users to inj…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-1129	2011-06-29 13:00	2011-06-21	表示	GitHub Exploit DB Packet Storm

258453	5.0	MEDIUM	simplemachines	smf	The PlushSearch2 function in Search.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, uses certain cached data in a situation where a temporary table has been created, even th…	CWE-200 情報漏えい	CVE-2011-1131	2011-06-28 13:00	2011-06-21	表示	GitHub Exploit DB Packet Storm

258454	5.0	MEDIUM	brad_fitzpatrick	djabberd	DJabberd 0.84 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML documen…	CWE-399 リソース管理の問題	CVE-2011-1757	2011-06-28 13:00	2011-06-21	表示	GitHub Exploit DB Packet Storm

258455	5.5	MEDIUM	brad_fitzpatrick	djabberd	XMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consum…	CWE-399 リソース管理の問題	CVE-2011-2206	2011-06-28 13:00	2011-06-23	表示	GitHub Exploit DB Packet Storm

258456	4.3	MEDIUM	prosody	prosody	Prosody 0.8.x before 0.8.1, when MySQL is used, assigns an incorrect data type to the value column in certain tables, which might allow remote attackers to cause a denial of service (data truncation)…	CWE-399 リソース管理の問題	CVE-2011-2531	2011-06-28 13:00	2011-06-23	表示	GitHub Exploit DB Packet Storm

258457	5.0	MEDIUM	prosody	prosody	The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service (infinite loop) via invalid JSON data, as demonstrated by truncated d…	CWE-399 リソース管理の問題	CVE-2011-2532	2011-06-28 13:00	2011-06-23	表示	GitHub Exploit DB Packet Storm

258458	6.8	MEDIUM	apple	mac_os_x imageio mac_os_x_server	Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XBM image.	CWE-189 数値処理の問題	CVE-2011-0181	2011-06-27 13:00	2011-03-23	表示	GitHub Exploit DB Packet Storm

258459	7.8	HIGH	apple	mac_os_x mac_os_x_server	AirPort in Apple Mac OS X 10.5.8 allows remote attackers to cause a denial of service (out-of-bounds read and reboot) via Wi-Fi frames on the local wireless network.	CWE-399 リソース管理の問題	CVE-2011-0196	2011-06-27 13:00	2011-06-25	表示	GitHub Exploit DB Packet Storm

258460	6.2	MEDIUM	metasploit	metasploit_framework	The installer for Metasploit Framework 3.5.1, when running on Windows, uses weak inherited permissions for the Metasploit installation directory, which allows local users to gain privileges by replac…	CWE-264 認可・権限・アクセス制御	CVE-2011-1056	2011-06-20 13:00	2011-02-22	表示	GitHub Exploit DB Packet Storm

258461	5.0	MEDIUM	wikkawiki	wikkawiki	The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to obtain the names, and possibly revision notes and dates, of private pages via RSS feeds.	CWE-200 情報漏えい	CVE-2007-2552	2011-06-16 13:00	2007-05-9	表示	GitHub Exploit DB Packet Storm

258462	7.5	HIGH	amarok	amarok	The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbi…	CWE-20 不適切な入力確認	CVE-2006-6979	2011-06-16 13:00	2007-02-9	表示	GitHub Exploit DB Packet Storm

258463	5.8	MEDIUM	mediawiki	mediawiki	includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote attackers to bypa…	CWE-287 不適切な認証	CVE-2011-1766	2011-06-16 11:56	2011-05-24	表示	GitHub Exploit DB Packet Storm

258464	5.0	MEDIUM	sybase	easerver	Directory traversal vulnerability in the HTTP Server in Sybase EAServer 6.3.1 Developer Edition allows remote attackers to read arbitrary files via a /.\../\../\ sequence in a path.	CWE-22 パス・トラバーサル	CVE-2011-2474	2011-06-14 13:00	2011-06-10	表示	GitHub Exploit DB Packet Storm

258465	10.0	HIGH	sybase	onebridge_mobile_data_suite	Format string vulnerability in ECTrace.dll in the iMailGateway service in the Internet Mail Gateway in OneBridge Server and DMZ Proxy in Sybase OneBridge Mobile Data Suite 5.5 and 5.6 allows remote a…	CWE-134 書式文字列の問題	CVE-2011-2475	2011-06-14 13:00	2011-06-10	表示	GitHub Exploit DB Packet Storm

258466	5.0	MEDIUM	nlnetlabs	unbound	Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attackers to cause a denial of service (DNSSEC outage) via a crafted query.	CWE-399 リソース管理の問題	CVE-2009-4008	2011-06-14 13:00	2011-06-3	表示	GitHub Exploit DB Packet Storm

258467	5.0	MEDIUM	ibm	websphere_application_server	The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote atta…	CWE-200 情報漏えい	CVE-2006-6637	2011-06-14 13:00	2006-12-20	表示	GitHub Exploit DB Packet Storm

258468	10.0	HIGH	sun	sparc_enterprise_server	The Sun SPARC Enterprise M4000 and M5000 Server, within a certain range of serial numbers, allows remote attackers to use the manufacturing root password, perform a root login to the eXtended System …	CWE-264 認可・権限・アクセス制御	CVE-2009-0171	2011-06-13 13:00	2009-01-17	表示	GitHub Exploit DB Packet Storm

258469	5.0	MEDIUM	isc	dhcpd	The supersede_lease function in memory.c in ISC DHCP (dhcpd) server 2.0pl5 allows remote attackers to cause a denial of service (application crash) via a DHCPDISCOVER packet with a 32 byte client-ide…	CWE-399 リソース管理の問題	CVE-2006-3122	2011-06-13 13:00	2006-08-10	表示	GitHub Exploit DB Packet Storm

258470	5.1	MEDIUM	asbru_software	asbru_web_content_management asbru_website_manager	The spell checking component of (1) Asbru Web Content Management before 6.1.22, (2) Asbru Web Content Editor before 6.0.22, and (3) Asbru Website Manager before 6.0.22 allows remote attackers to exec…	CWE-94 コード・インジェクション	CVE-2006-5258	2011-06-13 13:00	2006-10-13	表示	GitHub Exploit DB Packet Storm

258471	6.6	MEDIUM	apple freebsd	mac_os_x freebsd	The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels allows local users to cause a denial of service (kernel panic) and possibly corrupt other filesystems by mounting a crafted UNIX…	CWE-399 リソース管理の問題	CVE-2007-0267	2011-06-10 13:00	2007-01-17	表示	GitHub Exploit DB Packet Storm

258472	4.3	MEDIUM	apache	struts	Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-2087	2011-06-2 13:00	2011-05-14	表示	GitHub Exploit DB Packet Storm

258473	5.0	MEDIUM	nlnetlabs	unbound	Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.	CWE-399 リソース管理の問題	CVE-2010-0969	2011-06-2 13:00	2010-03-17	表示	GitHub Exploit DB Packet Storm

258474	5.0	MEDIUM	trustwave	webdefend	The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote cons…	CWE-255 証明書・パスワード管理	CVE-2011-0756	2011-05-31 13:00	2011-05-5	表示	GitHub Exploit DB Packet Storm

258475	3.5	LOW	liferay	portal	Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA allows remote authenticated users to inject arbitrary web script or HTML via a blog title.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-1504	2011-05-31 13:00	2011-05-8	表示	GitHub Exploit DB Packet Storm

258476	7.5	HIGH	doctrine-project	doctrine1.2.0 doctrine1.2.1 doctrine1.2.2 doctrine1.2.3 doctrine	Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute a…	CWE-89 SQLインジェクション	CVE-2011-1522	2011-05-31 13:00	2011-05-4	表示	GitHub Exploit DB Packet Storm

258477	10.0	HIGH	indusoft	web_studio	Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 6.1 and 7.x before 7.0+Patch 1 allows remote attackers to execute arbitrary code via an invalid request.	CWE-22 パス・トラバーサル	CVE-2011-1900	2011-05-31 13:00	2011-05-5	表示	GitHub Exploit DB Packet Storm

258478	7.5	HIGH	proofpoint	messaging_security_gateway protection_server	The mail-filter web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attac…	CWE-287 不適切な認証	CVE-2011-1901	2011-05-31 13:00	2011-05-5	表示	GitHub Exploit DB Packet Storm

258479	5.0	MEDIUM	proofpoint	messaging_security_gateway protection_server	Directory traversal vulnerability in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and …	CWE-22 パス・トラバーサル	CVE-2011-1902	2011-05-31 13:00	2011-05-5	表示	GitHub Exploit DB Packet Storm

258480	7.5	HIGH	proofpoint	messaging_security_gateway protection_server	SQL injection vulnerability in an unspecified function in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and …	CWE-89 SQLインジェクション	CVE-2011-1903	2011-05-31 13:00	2011-05-5	表示	GitHub Exploit DB Packet Storm

258481	7.5	HIGH	proofpoint	messaging_security_gateway protection_server	An unspecified function in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allo…	CWE-78 OSコマンド・インジェクション	CVE-2011-1904	2011-05-31 13:00	2011-05-5	表示	GitHub Exploit DB Packet Storm

258482	6.8	MEDIUM	proofpoint	messaging_security_gateway protection_server	Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified administrative modules in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Serv…	CWE-352 同一生成元ポリシー違反	CVE-2011-1905	2011-05-31 13:00	2011-05-5	表示	GitHub Exploit DB Packet Storm

258483	5.0	MEDIUM	trustwave	webdefend	Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via …	CWE-255 証明書・パスワード管理	CVE-2011-1906	2011-05-31 13:00	2011-05-5	表示	GitHub Exploit DB Packet Storm

258484	4.3	MEDIUM	bravenewcode	wptouch	Cross-site scripting (XSS) vulnerability in lib/includes/auth.inc.php in the WPtouch plugin 1.9.19.4 and 1.9.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wp…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-4779	2011-05-31 13:00	2011-04-7	表示	GitHub Exploit DB Packet Storm

258485	4.3	MEDIUM	vmware	vcenter virtualcenter	Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbit…	CWE-22 パス・トラバーサル	CVE-2011-0426	2011-05-27 13:00	2011-05-10	表示	GitHub Exploit DB Packet Storm

258486	7.8	HIGH	yamaha nec	rt100i rt102i rt103i rt105e rt105i rt105p rt107e rt140e rt140f rt140i rt140p rt200i rt250i rt300i rt56v rt57i rt58i rt60w rt80i rta50i rta5…	Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers with firmware 6.x through 10.x, and NEC IP38X series routers with firmware 6.x through 10.x, do not properly handle IP header options, which allo…	CWE-20 不適切な入力確認	CVE-2011-1323	2011-05-27 13:00	2011-05-10	表示	GitHub Exploit DB Packet Storm

258487	5.8	MEDIUM	buffalotech	bbr-4hg_firmware bbr-4mg_firmware bhr-4rv_firmware fs-g54_firmware wer-a54g54_firmware wer-ag54_firmware wer-am54g54_firmware wer-amg54_firmware whr-am54g54_firmware whr-am…	Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware …	CWE-352 同一生成元ポリシー違反	CVE-2011-1324	2011-05-27 13:00	2011-05-10	表示	GitHub Exploit DB Packet Storm

258488	7.5	HIGH	samsung	data_management_server	SQL injection vulnerability in the authentication form in the integrated web server in the Data Management Server (DMS) before 1.4.3 in Samsung Integrated Management System allows remote attackers to…	CWE-89 SQLインジェクション	CVE-2010-4284	2011-05-27 13:00	2011-05-10	表示	GitHub Exploit DB Packet Storm

258489	4.0	MEDIUM	ibm	web_content_manager	The authoring tool in IBM Web Content Manager (WCM) 6.1.5, and 7.0.0.1 before CF003, allows remote authenticated users to bypass intended access restrictions on draft creation by leveraging certain r…	CWE-264 認可・権限・アクセス制御	CVE-2010-4806	2011-05-27 01:55	2011-05-27	表示	GitHub Exploit DB Packet Storm

258490	5.8	MEDIUM	lockon	ec-cube	Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.	CWE-352 同一生成元ポリシー違反	CVE-2011-1325	2011-05-26 13:00	2011-05-14	表示	GitHub Exploit DB Packet Storm

258491	5.0	MEDIUM	vmware	esx esxi vcenter	The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1…	CWE-310 暗号の問題	CVE-2011-1789	2011-05-26 13:00	2011-05-10	表示	GitHub Exploit DB Packet Storm

258492	8.5	HIGH	skype	skype	Unspecified vulnerability in the client in Skype 5.x before 5.1.0.922 on Mac OS X allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via a cr…	NVD-CWE-noinfo	CVE-2011-2074	2011-05-26 13:00	2011-05-11	表示	GitHub Exploit DB Packet Storm

258493	8.5	HIGH	skype	skype	Per: http://blogs.skype.com/security/2011/05/security_vulnerability_in_mac.html 'Please note, Skype's other clients, e.g. Windows and Linux, are not susceptible to this vulnerability.'	NVD-CWE-noinfo	CVE-2011-2074	2011-05-26 13:00	2011-05-11	表示	GitHub Exploit DB Packet Storm

258494	5.0	MEDIUM	adobe	flash_media_server	Adobe Flash Media Server (FMS) before 3.5.6, and 4.x before 4.0.2, allows remote attackers to cause a denial of service (XML data corruption) via unspecified vectors.	CWE-399 リソース管理の問題	CVE-2011-0612	2011-05-25 13:00	2011-05-17	表示	GitHub Exploit DB Packet Storm

258495	4.3	MEDIUM	adobe	robohelp robohelp_server	Multiple cross-site scripting (XSS) vulnerabilities in RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-0613	2011-05-25 13:00	2011-05-17	表示	GitHub Exploit DB Packet Storm

258496	9.3	HIGH	adobe	audition	Multiple buffer overflows in Adobe Audition 3.0.1 and earlier allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data …	CWE-119 バッファエラー	CVE-2011-0615	2011-05-25 13:00	2011-05-17	表示	GitHub Exploit DB Packet Storm

258497	7.2	HIGH	google	chrome_os	Google Chrome OS before R12 0.12.433.38 Beta allows local users to gain privileges by creating a /var/lib/chromeos-aliases.conf file and placing commands in it.	CWE-264 認可・権限・アクセス制御	CVE-2011-2169	2011-05-25 13:00	2011-05-25	表示	GitHub Exploit DB Packet Storm

258498	4.3	MEDIUM	monkeysaudio	monkey\'s_audio	Monkey's Audio before 4.01b2 allows remote attackers to cause a denial of service (application crash) via an APX file that lacks NULL termination.	CWE-399 リソース管理の問題	CVE-2006-7245	2011-05-25 13:00	2011-05-21	表示	GitHub Exploit DB Packet Storm

258499	2.1	LOW	trendmicro	trend_micro_internet_security	The Keystroke Encryption feature in Trend Micro Internet Security 2009 (aka Virus Buster 2009 and PC-cillin 2009) does not completely encrypt passwords, which allows local users to obtain sensitive i…	CWE-310 暗号の問題	CVE-2011-1327	2011-05-24 13:00	2011-05-21	表示	GitHub Exploit DB Packet Storm

258500	10.0	HIGH	adobe	photoshop	Multiple unspecified vulnerabilities in Adobe Photoshop before 12.0.4 have unknown impact and attack vectors.	NVD-CWE-noinfo	CVE-2011-2164	2011-05-24 13:00	2011-05-21	表示	GitHub Exploit DB Packet Storm