NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年9月29日12:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
258501	4.3	MEDIUM	monkeysaudio	monkey\'s_audio	Monkey's Audio before 4.02 allows remote attackers to cause a denial of service (application crash) via a malformed APE file.	CWE-399 リソース管理の問題	CVE-2009-5075	2011-05-24 13:00	2011-05-21	表示	GitHub Exploit DB Packet Storm

258502	5.0	MEDIUM	php	php	The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archi…	CWE-264 認可・権限・アクセス制御	CVE-2007-1460	2011-05-24 13:00	2007-03-15	表示	GitHub Exploit DB Packet Storm

258503	10.0	HIGH	ffmpeg mplayerhq mandriva	ffmpeg mplayer corporate_server enterprise_server linux	Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mand…	NVD-CWE-noinfo	CVE-2011-2162	2011-05-23 13:00	2011-05-21	表示	GitHub Exploit DB Packet Storm

258504	7.8	HIGH	trend_micro	serverprotect_earthagent	Trend Micro ServerProtect EarthAgent for Windows Management Console 5.58 and possibly earlier versions, when running with Trend Micro Control Manager 2.5 and 3.0, and Damage Cleanup Server 1.1, allow…	CWE-399 リソース管理の問題	CVE-2005-1928	2011-05-20 13:00	2005-12-15	表示	GitHub Exploit DB Packet Storm

258505	7.5	HIGH	eric_fichot	downfile	DownFile 1.3 allows remote attackers to gain administrator privileges via a direct request to (1) update.php, (2) del.php, and (3) add_form.php.	CWE-264 認可・権限・アクセス制御	CVE-2005-2819	2011-05-19 13:00	2005-09-8	表示	GitHub Exploit DB Packet Storm

258506	7.2	HIGH	realnetworks	realone_player realplayer	Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might…	CWE-264 認可・権限・アクセス制御	CVE-2005-2936	2011-05-19 13:00	2005-11-18	表示	GitHub Exploit DB Packet Storm

258507	4.3	MEDIUM	horde	horde	Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages".	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2005-3570	2011-05-19 13:00	2005-11-16	表示	GitHub Exploit DB Packet Storm

258508	7.5	HIGH	sun	java_communications_services_delegated_administrator	Unspecified vulnerability in System Communications Services 6 Delegated Administrator 2005Q1 in Sun Java System Messaging Server 2005Q1 allows remote attackers to obtain the Top-Level Administrator (…	NVD-CWE-noinfo	CVE-2005-4045	2011-05-19 13:00	2005-12-7	表示	GitHub Exploit DB Packet Storm

258509	9.3	HIGH	apple	quicktime	Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-define…	CWE-264 認可・権限・アクセス制御	CVE-2007-2388	2011-05-18 13:00	2007-05-30	表示	GitHub Exploit DB Packet Storm

258510	5.0	MEDIUM	cisco	cli cbos ids ios ios_xr	Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions…	NVD-CWE-noinfo CWE-20 不適切な入力確認	CVE-2007-4430	2011-05-18 13:00	2007-08-21	表示	GitHub Exploit DB Packet Storm

258511	10.0	HIGH	aertherwide	exiftags	Unspecified vulnerability in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow" that triggers an "illegal memory access," a different vulnerability t…	NVD-CWE-noinfo	CVE-2007-6354	2011-05-13 13:00	2007-12-19	表示	GitHub Exploit DB Packet Storm

258512	10.0	HIGH	aertherwide	exiftags	Integer overflow in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow" that triggers an "illegal memory access," a different vulnerability than CVE-2…	NVD-CWE-noinfo CWE-189 数値処理の問題	CVE-2007-6355	2011-05-13 13:00	2007-12-19	表示	GitHub Exploit DB Packet Storm

258513	6.5	MEDIUM	oracle	database_server warehouse_builder	Unspecified vulnerability in the Oracle Warehouse Builder component in Oracle Database Server 10.2.0.5 (OWB) and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and a…	NVD-CWE-noinfo	CVE-2011-0792	2011-05-12 13:00	2011-04-20	表示	GitHub Exploit DB Packet Storm

258514	7.8	HIGH	ibm	db2	IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger …	CWE-119 バッファエラー	CVE-2007-5652	2011-05-12 13:00	2007-10-24	表示	GitHub Exploit DB Packet Storm

258515	2.1	LOW	skype	skype_for_android	Skype for Android stores sensitive user data without encryption in sqlite3 databases that have weak permissions, which allows local applications to read user IDs, contacts, phone numbers, date of bir…	CWE-264 認可・権限・アクセス制御	CVE-2011-1717	2011-05-12 04:25	2011-04-19	表示	GitHub Exploit DB Packet Storm

258516	5.0	MEDIUM	fedoraproject	389_directory_server	Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via "badly behaved application…	CWE-399 リソース管理の問題	CVE-2010-4746	2011-05-11 13:00	2011-02-24	表示	GitHub Exploit DB Packet Storm

258517	5.0	MEDIUM	zeus	zeus_web_server	Zeus Web Server before 4.3r5 does not use random transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses.	CWE-310 暗号の問題	CVE-2010-0362	2011-05-6 13:00	2010-01-21	表示	GitHub Exploit DB Packet Storm

258518	5.0	MEDIUM	scottmac	libmbfl	The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (a…	CWE-20 不適切な入力確認	CVE-2010-4156	2011-05-4 11:52	2010-11-10	表示	GitHub Exploit DB Packet Storm

258519	6.8	MEDIUM	php	php	Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbi…	CWE-134 書式文字列の問題	CVE-2010-2950	2011-05-4 11:49	2010-09-29	表示	GitHub Exploit DB Packet Storm

258520	7.5	HIGH	arco_van_geest	goof_fotoboek	Directory traversal vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 has unknown impact and remote attack vectors.	CWE-22 パス・トラバーサル	CVE-2010-0350	2011-05-2 13:00	2010-01-16	表示	GitHub Exploit DB Packet Storm

258521	5.0	MEDIUM	typo3	kiddog_mysqldumper	Unspecified vulnerability in the kiddog_mysqldumper (kiddog_mysqldumper) extension 0.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors.	NVD-CWE-noinfo	CVE-2010-0336	2011-04-29 13:00	2010-01-16	表示	GitHub Exploit DB Packet Storm

258522	7.5	HIGH	typo3	dl3_tt_news_alerts	SQL injection vulnerability in the tt_news Mail alert (dl3_tt_news_alerts) extension 0.2.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.	CWE-89 SQLインジェクション	CVE-2010-0337	2011-04-29 13:00	2010-01-16	表示	GitHub Exploit DB Packet Storm

258523	7.5	HIGH	typo3	vm19_userlinks	SQL injection vulnerability in the User Links (vm19_userlinks) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.	CWE-89 SQLインジェクション	CVE-2010-0339	2011-04-29 13:00	2010-01-16	表示	GitHub Exploit DB Packet Storm

258524	7.5	HIGH	typo3	mjseventpro	SQL injection vulnerability in the MJS Event Pro (mjseventpro) extension 0.2.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.	CWE-89 SQLインジェクション	CVE-2010-0340	2011-04-29 13:00	2010-01-16	表示	GitHub Exploit DB Packet Storm

258525	7.5	HIGH	typo3	bb_simplejobs	SQL injection vulnerability in the BB Simple Jobs (bb_simplejobs) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.	CWE-89 SQLインジェクション	CVE-2010-0341	2011-04-29 13:00	2010-01-16	表示	GitHub Exploit DB Packet Storm

258526	7.5	HIGH	typo3	job_reports	SQL injection vulnerability in the Reports for Job (job_reports) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.	CWE-89 SQLインジェクション	CVE-2010-0342	2011-04-29 13:00	2010-01-16	表示	GitHub Exploit DB Packet Storm

258527	7.5	HIGH	typo3	pb_clanlist	SQL injection vulnerability in the Clan Users List (pb_clanlist) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.	CWE-89 SQLインジェクション	CVE-2010-0343	2011-04-29 13:00	2010-01-16	表示	GitHub Exploit DB Packet Storm

258528	7.5	HIGH	typo3	zak_store_management	SQL injection vulnerability in the zak_store_management extension 1.0.0 and earlier TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.	CWE-89 SQLインジェクション	CVE-2010-0344	2011-04-29 13:00	2010-01-16	表示	GitHub Exploit DB Packet Storm

258529	4.3	MEDIUM	typo3	mimi_tipfriends	Cross-site scripting (XSS) vulnerability in the Tip many friends (mimi_tipfriends) extension 0.0.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-0346	2011-04-29 13:00	2010-01-16	表示	GitHub Exploit DB Packet Storm

258530	4.3	MEDIUM	typo3	vd_gemomap	Cross-site scripting (XSS) vulnerability in the VD / Geomap (vd_geomap) extension 0.3.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-0347	2011-04-29 13:00	2010-01-16	表示	GitHub Exploit DB Packet Storm

258531	5.0	MEDIUM	c-3.co.jp	webcalenderc3	Directory traversal vulnerability in C3 Corp. WebCalenderC3 0.32 and earlier allows remote attackers to read arbitrary files via unknown vectors.	CWE-22 パス・トラバーサル	CVE-2010-0348	2011-04-29 13:00	2010-01-16	表示	GitHub Exploit DB Packet Storm

258532	4.3	MEDIUM	c-3.co.jp	webcalenderc3	Cross-site scripting (XSS) vulnerability in C3 Corp. WebCalenderC3 0.32 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: this issue could not be …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-0349	2011-04-29 13:00	2010-01-16	表示	GitHub Exploit DB Packet Storm

258533	7.8	HIGH	juniper	junos	Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows remote attackers to cause a denial of service (crash) via malformed BGP packets, possibly BGP UPDATE packets that trigger session fla…	CWE-20 不適切な入力確認	CVE-2007-6372	2011-04-29 13:00	2007-12-15	表示	GitHub Exploit DB Packet Storm

258534	6.9	MEDIUM	apple	mac_os_x	Apple Mac OS X does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via c…	CWE-16 環境設定	CVE-2011-0639	2011-04-28 13:00	2011-01-25	表示	GitHub Exploit DB Packet Storm

258535	7.5	HIGH	suse	opensuse suse_linux	SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.	CWE-264 認可・権限・アクセス制御	CVE-2010-0230	2011-04-28 13:00	2010-01-23	表示	GitHub Exploit DB Packet Storm

258536	10.0	HIGH	ibm	lotus_domino	Heap-based buffer overflow in the server in IBM Lotus Domino 7 and 8.5 FP1 allows remote attackers to cause a denial of service (daemon exit) and possibly have unspecified other impact via a long str…	CWE-119 バッファエラー	CVE-2010-0358	2011-04-28 13:00	2010-01-21	表示	GitHub Exploit DB Packet Storm

258537	10.0	HIGH	sun	java_system_web_server	Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request…	CWE-20 不適切な入力確認	CVE-2010-0360	2011-04-28 13:00	2010-01-21	表示	GitHub Exploit DB Packet Storm

258538	10.0	HIGH	sun	java_system_web_server	Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and poss…	CWE-119 バッファエラー	CVE-2010-0361	2011-04-28 13:00	2010-01-21	表示	GitHub Exploit DB Packet Storm

258539	2.1	LOW	tor	tor	Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory mirror, does not prevent logging of the client IP address upon detection of erroneous client behavior, which might make it easier for…	CWE-200 情報漏えい	CVE-2010-0384	2011-04-27 13:00	2010-01-26	表示	GitHub Exploit DB Packet Storm

258540	6.8	MEDIUM	fetchmail	fetchmail	The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service (applic…	CWE-119 バッファエラー	CVE-2010-0562	2011-04-27 13:00	2010-02-9	表示	GitHub Exploit DB Packet Storm

258541	10.0	HIGH	hp	palm_pre_webos	Unspecified vulnerability in Palm Pre WebOS before 1.2.1 has unknown impact and attack vectors related to an "included contact template file."	NVD-CWE-noinfo	CVE-2009-5071	2011-04-27 13:00	2011-04-20	表示	GitHub Exploit DB Packet Storm

258542	10.0	HIGH	novell	groupwise	Double free vulnerability in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in …	CWE-399 リソース管理の問題	CVE-2010-4711	2011-04-27 05:54	2011-02-1	表示	GitHub Exploit DB Packet Storm

258543	10.0	HIGH	novell	groupwise	Multiple stack-based buffer overflows in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a Content-Type header conta…	CWE-119 バッファエラー	CVE-2010-4712	2011-04-27 05:16	2011-02-1	表示	GitHub Exploit DB Packet Storm

258544	10.0	HIGH	novell	groupwise	Integer signedness error in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a signed integer value in the Content-T…	CWE-189 数値処理の問題	CVE-2010-4713	2011-04-26 13:00	2011-02-1	表示	GitHub Exploit DB Packet Storm

258545	10.0	HIGH	novell	groupwise	Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) gwpoa.exe in the Post Office Agent, (2) gwm…	CWE-119 バッファエラー	CVE-2010-4714	2011-04-26 13:00	2011-02-1	表示	GitHub Exploit DB Packet Storm

258546	9.3	HIGH	moxa	device_manager mdm_tool	Stack-based buffer overflow in MDMUtil.dll in MDMTool.exe in MDM Tool before 2.3 in Moxa Device Manager allows remote MDM Gateways to execute arbitrary code via crafted data in a session on TCP port …	CWE-119 バッファエラー	CVE-2010-4741	2011-04-26 13:00	2011-02-19	表示	GitHub Exploit DB Packet Storm

258547	10.0	HIGH	moxa	activex_sdk	Stack-based buffer overflow in a certain ActiveX control in MediaDBPlayback.DLL 2.2.0.5 in the Moxa ActiveX SDK allows remote attackers to execute arbitrary code via a long PlayFileName property valu…	CWE-119 バッファエラー	CVE-2010-4742	2011-04-26 13:00	2011-02-19	表示	GitHub Exploit DB Packet Storm

258548	4.3	MEDIUM	novell	opensuse_build_service	Multiple cross-site scripting (XSS) vulnerabilities in the login page in the webui component in SUSE openSUSE Build Service (OBS) before 2.1.6 allow remote attackers to inject arbitrary web script or…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-0462	2011-04-22 13:00	2011-04-10	表示	GitHub Exploit DB Packet Storm

258549	4.0	MEDIUM	ibm	tivoli_directory_server	IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010 on Windows allows remote authenticated users to cause a denial of service (daemon hang) via a cn=changelog search.	CWE-399 リソース管理の問題	CVE-2011-1821	2011-04-21 19:55	2011-04-21	表示	GitHub Exploit DB Packet Storm

258550	2.1	LOW	ibm	tivoli_directory_server	The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0009 stores a cleartext SHA password in the change log, which might allow local users to obtain sensitiv…	CWE-255 証明書・パスワード管理	CVE-2011-1822	2011-04-21 19:55	2011-04-21	表示	GitHub Exploit DB Packet Storm