NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2026年6月24日4:00

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
355051 6.8 MEDIUM
aspcodecms aspcode_cms Cross-site request forgery (CSRF) vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to hijack the authentication of an administr… CWE-352
同一生成元ポリシー違反 		CVE-2010-0711 2013-07-20 15:53 2010-02-26 表示 GitHub Exploit DB Packet Storm
355052 2.1 LOW
sun solaris Unknown vulnerability in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors related to the "/proc" filesystem, which trigger a null dereference. NVD-CWE-Other
CVE-2005-3250 2013-07-20 14:20 2005-10-18 表示 GitHub Exploit DB Packet Storm
355053 6.8 MEDIUM
iatek portalapp Cross-site scripting (XSS) vulnerability in login.asp in PortalApp 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the ret_page parameter. NVD-CWE-Other
CVE-2005-4482 2013-07-18 22:37 2005-12-22 表示 GitHub Exploit DB Packet Storm
355054 6.8 MEDIUM
speartek speartek Cross-site scripting (XSS) vulnerability in SpearTek 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. NVD-CWE-Other
CVE-2005-4493 2013-07-17 23:41 2005-12-22 表示 GitHub Exploit DB Packet Storm
355055 6.8 MEDIUM
osticket osticket Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to … NVD-CWE-Other
CVE-2005-1436 2013-07-14 13:38 2005-05-3 表示 GitHub Exploit DB Packet Storm
355056 7.5 HIGH
symantec discovery
on_command_discovery 		The installation of ON Symantec Discovery 4.5.x and Symantec Discovery 6.0 creates the (1) DiscoveryWeb and (2) DiscoveryRO database accounts with null passwords, which could allow attackers to gain … NVD-CWE-Other
CVE-2005-3316 2013-07-7 13:45 2005-10-27 表示 GitHub Exploit DB Packet Storm
355057 7.5 HIGH
onlinetechtools.com owos_lite SQL injection vulnerability in search.asp in Online Work Order Suite (OWOS) Lite Edition for ASP 3.0 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. NVD-CWE-Other
CVE-2005-3852 2013-07-3 23:48 2005-11-27 表示 GitHub Exploit DB Packet Storm
355058 5.0 MEDIUM
vmware workstation
player
ace
server
fusion 		The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Pl… CWE-200
情報漏えい 		CVE-2010-1138 2013-05-15 12:07 2010-04-13 表示 GitHub Exploit DB Packet Storm
355059 7.2 HIGH
vmware workstation
player
server
fusion
vix_api 		Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VM… CWE-134
書式文字列の問題 		CVE-2010-1139 2013-05-15 12:07 2010-04-13 表示 GitHub Exploit DB Packet Storm
355060 6.9 MEDIUM
vmware workstation
player 		The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 and VMware Player 3.0 before 3.0.1 build 227600 on Windows might allow host OS users to gain privileges by placing a Trojan horse p… CWE-264
認可・権限・アクセス制御 		CVE-2010-1140 2013-05-15 12:07 2010-04-13 表示 GitHub Exploit DB Packet Storm
355061 8.5 HIGH
vmware workstation
player
ace
server
fusion
esxi
esx 		VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203… CWE-264
認可・権限・アクセス制御 		CVE-2010-1142 2013-05-15 12:07 2010-04-13 表示 GitHub Exploit DB Packet Storm
355062 6.9 MEDIUM
apple cups The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, w… CWE-264
認可・権限・アクセス制御 		CVE-2010-0393 2013-05-15 12:06 2010-03-6 表示 GitHub Exploit DB Packet Storm
355063 6.8 MEDIUM
oracle sun_products_suite Unspecified vulnerability in the Sun Java System Communications Express component in Oracle Sun Product Suite 6 2005Q4 (6.2) and and 6.3 allows remote authenticated users to affect confidentiality vi… NVD-CWE-noinfo
CVE-2010-0885 2013-02-8 14:00 2010-04-14 表示 GitHub Exploit DB Packet Storm
355064 10.0 HIGH
ibm
symantec 		lotus_notes
brightmail_gateway
data_loss_prevention_detection_servers
data_loss_prevention_endpoint_agents
im_manager_2007
mail_security 		Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail Security for Microsoft Exchange 5.0.10 through 5.0.13, and o… CWE-189
数値処理の問題 		CVE-2009-3032 2013-02-7 13:21 2010-03-6 表示 GitHub Exploit DB Packet Storm
355065 4.3 MEDIUM
symantec im_manager Cross-site scripting (XSS) vulnerability in the console in Symantec IM Manager 8.3 and 8.4 before 8.4.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-3036 2013-02-7 13:21 2010-02-24 表示 GitHub Exploit DB Packet Storm
355066 4.3 MEDIUM
oracle mojarra Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers t… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-2087 2013-01-28 14:00 2010-05-28 表示 GitHub Exploit DB Packet Storm
355067 10.0 HIGH
mybb mybb Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php,… NVD-CWE-noinfo
CVE-2006-0218 2013-01-3 14:00 2006-01-17 表示 GitHub Exploit DB Packet Storm
355068 6.4 MEDIUM
invisionpower invision_power_board The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to … CWE-287
不適切な認証 		CVE-2006-0633 2013-01-3 14:00 2006-02-10 表示 GitHub Exploit DB Packet Storm
355069 10.0 HIGH
zen-cart zen_cart Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests. CWE-264
認可・権限・アクセス制御 		CVE-2006-0697 2013-01-3 14:00 2006-02-15 表示 GitHub Exploit DB Packet Storm
355070 7.5 HIGH
e107 e107 Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter. NVD-CWE-Other
CVE-2010-2098 2012-12-13 13:00 2010-05-28 表示 GitHub Exploit DB Packet Storm
355071 7.5 HIGH
e107 e107 Per: http://cwe.mitre.org/data/definitions/184.html 'CWE-184: Incomplete Blacklist' NVD-CWE-Other
CVE-2010-2098 2012-12-13 13:00 2010-05-28 表示 GitHub Exploit DB Packet Storm
355072 2.1 LOW
kerio personal_firewall
serverfirewall 		The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1.1.1 allows local users to cause a denial of service (crash) by setting the PAGE_NOACCESS or PAGE_GUARD protection on the Page Env… NVD-CWE-Other
CVE-2005-3286 2012-12-13 11:43 2005-10-23 表示 GitHub Exploit DB Packet Storm
355073 6.9 MEDIUM
freebsd freebsd sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD 7.2 through 8.1-PRERELEASE, when vfs.usermount is enabled, does not validate the length of a certain fhsize parameter, which allo… CWE-20
不適切な入力確認 		CVE-2010-2020 2012-11-6 13:41 2010-05-29 表示 GitHub Exploit DB Packet Storm
355074 7.5 HIGH
tiki tikiwiki_cms\/groupware TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulne… CWE-20
不適切な入力確認 		CVE-2005-0200 2012-10-24 13:00 2005-05-2 表示 GitHub Exploit DB Packet Storm
355075 4.3 MEDIUM
tiki tikiwiki_cms\/groupware Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2005-3283 2012-10-24 13:00 2005-10-23 表示 GitHub Exploit DB Packet Storm
355076 4.0 MEDIUM
oracle database_server Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality via unknown vectors. NVD-CWE-noinfo
CVE-2010-0851 2012-10-23 12:20 2010-04-14 表示 GitHub Exploit DB Packet Storm
355077 5.5 MEDIUM
oracle database_server Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown v… NVD-CWE-noinfo
CVE-2010-0852 2012-10-23 12:20 2010-04-14 表示 GitHub Exploit DB Packet Storm
355078 7.5 HIGH
oracle fusion_middleware
database_server 		Unspecified vulnerability in the Oracle Internet Directory component in Oracle Database 9.2.0.8, 9.2.0.8, and DV; and Oracle Fusion Middleware 10.1.2.3 and 10.1.4.0.1; allows remote attackers to affe… NVD-CWE-noinfo
CVE-2010-0853 2012-10-23 12:20 2010-04-14 表示 GitHub Exploit DB Packet Storm
355079 2.1 LOW
oracle database_server Unspecified vulnerability in the Audit component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect integrity, related to "SELECT, INS… NVD-CWE-noinfo
CVE-2010-0854 2012-10-23 12:20 2010-04-14 表示 GitHub Exploit DB Packet Storm
355080 5.0 MEDIUM
oracle fusion_middleware Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.2 allows remote attackers to affect availability via unknown vectors. NVD-CWE-noinfo
CVE-2010-0856 2012-10-23 12:20 2010-04-14 表示 GitHub Exploit DB Packet Storm
355081 3.5 LOW
oracle e-business_suite Unspecified vulnerability in the Oracle Workflow Cartridge component in Oracle E-Business Suite 11.5.10.2 allows remote authenticated users to affect integrity via unknown vectors. NVD-CWE-noinfo
CVE-2010-0857 2012-10-23 12:20 2010-04-14 表示 GitHub Exploit DB Packet Storm
355082 3.5 LOW
oracle e-business_suite Unspecified vulnerability in the E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect integrity via unknown vectors. NVD-CWE-noinfo
CVE-2010-0858 2012-10-23 12:20 2010-04-14 表示 GitHub Exploit DB Packet Storm
355083 6.4 MEDIUM
oracle e-business_suite Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 ATG RUP6 allows remote attackers to affect confidentiality and integrity via unknown … NVD-CWE-noinfo
CVE-2010-0859 2012-10-23 12:20 2010-04-14 表示 GitHub Exploit DB Packet Storm
355084 7.1 HIGH
oracle database_server Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, a… NVD-CWE-noinfo
CVE-2010-0860 2012-10-23 12:20 2010-04-14 表示 GitHub Exploit DB Packet Storm
355085 5.0 MEDIUM
oracle e-business_suite Unspecified vulnerability in the Oracle HRMS (Self Service) component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect confidentiality via unknown vectors. NVD-CWE-noinfo
CVE-2010-0861 2012-10-23 12:20 2010-04-14 表示 GitHub Exploit DB Packet Storm
355086 4.3 MEDIUM
oracle e-business_suite Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle E-Business Suite 6.1.1.0 allows remote attackers to affect confidentiality via unknown vectors. NVD-CWE-noinfo
CVE-2010-0865 2012-10-23 12:20 2010-04-14 表示 GitHub Exploit DB Packet Storm
355087 6.5 MEDIUM
oracle database_server Unspecified vulnerability in the JavaVM component in Oracle Database 11.1.0.7 and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. NVD-CWE-noinfo
CVE-2010-0866 2012-10-23 12:20 2010-04-14 表示 GitHub Exploit DB Packet Storm
355088 4.0 MEDIUM
oracle database_server Unspecified vulnerability in the JavaVM component in Oracle Database 10.2.0.4, 11.1.0.7, and 11.2.0.1.0 allows remote authenticated users to affect integrity via unknown vectors. NVD-CWE-noinfo
CVE-2010-0867 2012-10-23 12:20 2010-04-14 表示 GitHub Exploit DB Packet Storm
355089 5.8 MEDIUM
oracle e-business_suite Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. NVD-CWE-noinfo
CVE-2010-0868 2012-10-23 12:20 2010-04-14 表示 GitHub Exploit DB Packet Storm
355090 4.3 MEDIUM
oracle e-business_suite Unspecified vulnerability in the Oracle Transportation Management component in Oracle E-Business Suite 5.5.05.07, 5.5.06.00, and 6.0.03 allows remote attackers to affect confidentiality via unknown v… NVD-CWE-noinfo
CVE-2010-0869 2012-10-23 12:20 2010-04-14 表示 GitHub Exploit DB Packet Storm
355091 3.6 LOW
oracle database_server Unspecified vulnerability in the Change Data Capture component in Oracle Database 9.2.0.8 and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_… NVD-CWE-noinfo
CVE-2010-0870 2012-10-23 12:20 2010-04-14 表示 GitHub Exploit DB Packet Storm
355092 4.3 MEDIUM
oracle e-business_suite Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect integrity via unknown vectors. NVD-CWE-noinfo
CVE-2010-0871 2012-10-23 12:20 2010-04-14 表示 GitHub Exploit DB Packet Storm
355093 5.0 MEDIUM
oracle fusion_middleware Unspecified vulnerability in the Oracle Internet Directory component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.3 allows remote attackers to affect availability via unknown vectors. NVD-CWE-noinfo
CVE-2010-0872 2012-10-23 12:20 2010-04-14 表示 GitHub Exploit DB Packet Storm
355094 4.3 MEDIUM
oracle industry_product_suite Unspecified vulnerability in the Communications - Oracle Communications Unified Inventory Management component in Oracle Industry Product Suite 7.1 allows remote attackers to affect integrity via unk… NVD-CWE-noinfo
CVE-2010-0874 2012-10-23 12:20 2010-04-14 表示 GitHub Exploit DB Packet Storm
355095 4.3 MEDIUM
oracle industry_product_suite Unspecified vulnerability in the Life Sciences - Oracle Thesaurus Management System component in Oracle Industry Product Suite 4.5.2, 4.6, and 4.6.1 allows remote attackers to affect integrity, relat… NVD-CWE-noinfo
CVE-2010-0875 2012-10-23 12:20 2010-04-14 表示 GitHub Exploit DB Packet Storm
355096 4.3 MEDIUM
oracle industry_product_suite Unspecified vulnerability in the Life Sciences - Oracle Clinical Remote Data Capture Option component in Oracle Industry Product Suite 4.5.3 and 4.6 allows remote attackers to affect integrity, relat… NVD-CWE-noinfo
CVE-2010-0876 2012-10-23 12:20 2010-04-14 表示 GitHub Exploit DB Packet Storm
355097 4.3 MEDIUM
oracle collaboration_suite Unspecified vulnerability in the User Interface Components in Oracle Collaboration Suite 10.1.2.4 allows remote attackers to affect integrity via unknown vectors. NVD-CWE-noinfo
CVE-2010-0881 2012-10-23 12:20 2010-04-15 表示 GitHub Exploit DB Packet Storm
355098 10.0 HIGH
oracle database_server Unspecified vulnerability in the Advanced Queuing component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.6, 10.1.0.3 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB01. NVD-CWE-noinfo
CVE-2006-0256 2012-10-23 10:56 2006-01-18 表示 GitHub Exploit DB Packet Storm
355099 10.0 HIGH
oracle database_server Unspecified vulnerability in the PL/SQL component in Oracle Database Server 9i up to 10.1.0.4 has unknown impact and attack vectors, aka Oracle Vuln# DB01. NVD-CWE-Other
CVE-2005-3437 2012-10-23 10:51 2005-11-2 表示 GitHub Exploit DB Packet Storm
355100 10.0 HIGH
oracle database_server Multiple unspecified vulnerabilities in Oracle Database Server 9i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 in Change Data Capture; (2) DB06 in Data Guard Log… NVD-CWE-Other
CVE-2005-3438 2012-10-23 10:51 2005-11-2 表示 GitHub Exploit DB Packet Storm