NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2026年7月18日4:22

No CVSS レベル
攻撃区分
ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
363551 10.0 HIGH
realnetworks helix_mobile_server
helix_server
helix_server_mobile
Stack-based buffer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote… CWE-119
バッファエラー
CVE-2010-1318 2010-11-24 14:00 2010-04-21 表示 GitHub Exploit DB Packet Storm
363552 6.8 MEDIUM
gnu gzip The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infi… CWE-20
不適切な入力確認
CVE-2009-2624 2010-11-18 15:29 2010-01-30 表示 GitHub Exploit DB Packet Storm
363553 4.3 MEDIUM
sterlitetechnologies sam300_ax_router Cross-site scripting (XSS) vulnerability in Forms/status_statistics_1 in the Sterlite SAM300 AX Router allows remote attackers to inject arbitrary web script or HTML via the Stat_Radio parameter. CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-0607 2010-11-4 13:00 2010-02-12 表示 GitHub Exploit DB Packet Storm
363554 3.5 LOW
osticket osticket Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-0606 2010-11-4 03:16 2010-02-12 表示 GitHub Exploit DB Packet Storm
363555 7.5 HIGH
novaboard novaboard SQL injection vulnerability in header.php in NovaBoard 1.1.2 allows remote attackers to execute arbitrary SQL commands via the nova_name cookie parameter. NOTE: the provenance of this information is… CWE-89
SQLインジェクション
CVE-2010-0609 2010-11-4 02:46 2010-02-12 表示 GitHub Exploit DB Packet Storm
363556 5.0 MEDIUM
ibm websphere_application_server The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers t… CWE-200
情報漏えい
CVE-2010-0563 2010-11-3 13:00 2010-02-9 表示 GitHub Exploit DB Packet Storm
363557 4.3 MEDIUM
opera opera_browser Opera before 10.10 permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers… CWE-200
情報漏えい
CVE-2010-0653 2010-09-21 14:46 2010-02-19 表示 GitHub Exploit DB Packet Storm
363558 4.0 MEDIUM
fujitsu e-pares Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, L20, L30 allows remote attackers to hijack web sessions via unspecified vectors. CWE-287
不適切な認証
CVE-2010-2149 2010-09-21 13:00 2010-06-4 表示 GitHub Exploit DB Packet Storm
363559 7.5 HIGH
php_group php Unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unknown impact and attack vectors related to heap corruption. NVD-CWE-Other
CVE-2006-3018 2010-09-15 13:54 2006-06-15 表示 GitHub Exploit DB Packet Storm
363560 4.3 MEDIUM
mono mono The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as dem… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-1459 2010-09-9 14:41 2010-05-28 表示 GitHub Exploit DB Packet Storm
363561 6.5 MEDIUM
otrs otrs Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 … CWE-89
SQLインジェクション
CVE-2010-0438 2010-09-9 14:39 2010-02-10 表示 GitHub Exploit DB Packet Storm
363562 7.5 HIGH
php php The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended ac… CWE-20
不適切な入力確認
CVE-2010-1129 2010-08-31 14:42 2010-03-27 表示 GitHub Exploit DB Packet Storm
363563 5.0 MEDIUM
uninet statsplus Cross-site scripting (XSS) vulnerability in stat.pl in StatsPlus 1.25 allows remote attackers to inject arbitrary web script or HTML via (1) HTTP_USER_AGENT or (2) HTTP_REFERER, which is written to s… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2002-2330 2010-08-30 13:00 2002-12-31 表示 GitHub Exploit DB Packet Storm
363564 5.0 MEDIUM
squid-cache squid The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (… NVD-CWE-Other
CVE-2010-0639 2010-08-2 13:00 2010-02-16 表示 GitHub Exploit DB Packet Storm
363565 5.0 MEDIUM
squid-cache squid Per: http://cwe.mitre.org/data/definitions/476.html 'NULL Pointer Dereference' NVD-CWE-Other
CVE-2010-0639 2010-08-2 13:00 2010-02-16 表示 GitHub Exploit DB Packet Storm
363566 4.3 MEDIUM
mediawiki mediawiki Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets … CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-1647 2010-07-30 14:48 2010-06-8 表示 GitHub Exploit DB Packet Storm
363567 6.8 MEDIUM
mediawiki mediawiki Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for re… CWE-352
同一生成元ポリシー違反
CVE-2010-1648 2010-07-30 14:48 2010-06-8 表示 GitHub Exploit DB Packet Storm
363568 7.5 HIGH
openx openx Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/in… NVD-CWE-noinfo
CWE-287
不適切な認証
CVE-2009-4830 2010-07-30 13:00 2010-04-28 表示 GitHub Exploit DB Packet Storm
363569 7.8 HIGH
cisco ios Unspecified vulnerability in Cisco IOS 12.4, when NAT SCCP fragmentation support is enabled, allows remote attackers to cause a denial of service (device reload) via crafted Skinny Client Control Pro… NVD-CWE-noinfo
CVE-2010-0584 2010-07-13 14:50 2010-03-26 表示 GitHub Exploit DB Packet Storm
363570 4.3 MEDIUM
frank-karau phpfk_php_forum Cross-site scripting (XSS) vulnerability in search.php in phpFK PHP Forum ohne 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of … CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2009-4677 2010-07-13 14:48 2010-03-9 表示 GitHub Exploit DB Packet Storm
363571 7.2 HIGH
gnome screensaver gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to ac… NVD-CWE-Other
CVE-2009-4641 2010-07-7 13:00 2010-02-12 表示 GitHub Exploit DB Packet Storm
363572 4.3 MEDIUM
tim_lochmueller mydashboard Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboard) extension 0.1.13 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-1011 2010-06-25 13:00 2010-03-20 表示 GitHub Exploit DB Packet Storm
363573 7.5 HIGH
fr.simon_rundell pd_diocesedatabase SQL injection vulnerability in the Diocese of Portsmouth Database (pd_diocesedatabase) extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vect… CWE-89
SQLインジェクション
CVE-2010-1013 2010-06-25 13:00 2010-03-20 表示 GitHub Exploit DB Packet Storm
363574 7.5 HIGH
laurent_foulloy sav_filter_abc SQL injection vulnerability in the SAV Filter Alphabetic (sav_filter_abc) extension before 1.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. CWE-89
SQLインジェクション
CVE-2010-1015 2010-06-24 13:00 2010-03-20 表示 GitHub Exploit DB Packet Storm
363575 7.5 HIGH
enanocms enanocms SQL injection vulnerability in the comment submission interface (includes/comment.php) in Enano CMS before 1.0.6pl1 allows remote attackers to execute arbitrary SQL commands via unspecified parameter… CWE-89
SQLインジェクション
CVE-2010-0471 2010-06-23 13:00 2010-02-3 表示 GitHub Exploit DB Packet Storm
363576 7.5 HIGH
opencart opencart SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remote attackers to execute arbitrary SQL commands via the page parameter. CWE-89
SQLインジェクション
CVE-2010-0956 2010-06-23 13:00 2010-03-11 表示 GitHub Exploit DB Packet Storm
363577 10.0 HIGH
apple safari Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Charlie Miller during a Pwn2Own competition at C… CWE-94
コード・インジェクション
CVE-2010-1120 2010-06-23 13:00 2010-03-26 表示 GitHub Exploit DB Packet Storm
363578 7.5 HIGH
gnudip gnudip SQL injection vulnerability in cgi-bin/gnudip.cgi in GnuDIP 2.1.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from … CWE-89
SQLインジェクション
CVE-2009-4720 2010-06-23 13:00 2010-03-19 表示 GitHub Exploit DB Packet Storm
363579 10.0 HIGH
intersystems cache_database Unspecified vulnerability in the Cache' Server Page (CSP) implementation in InterSystems Cache' 4.0.3 through 5.0.5 allows remote attackers to "gain complete control" of a server. NVD-CWE-noinfo
CVE-2003-1333 2010-06-23 13:00 2003-12-31 表示 GitHub Exploit DB Packet Storm
363580 4.3 MEDIUM
kai_blankenhorn_bitfolge simple_and_nice_index_file Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified … CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2003-1334 2010-06-23 13:00 2003-12-31 表示 GitHub Exploit DB Packet Storm
363581 5.0 MEDIUM
kai_blankenhorn_bitfolge simple_and_nice_index_file Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.5 allows remote attackers to download files from locations above the snif directory. CWE-22
パス・トラバーサル
CVE-2003-1335 2010-06-23 13:00 2003-12-31 表示 GitHub Exploit DB Packet Storm
363582 4.3 MEDIUM
aprelium_technologies abyss_web_server CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to inject arbitrary HTTP headers and possibly conduct HTTP Response Splitting attacks via CRLF sequ… NVD-CWE-Other
CVE-2003-1338 2010-06-23 13:00 2003-12-31 表示 GitHub Exploit DB Packet Storm
363583 4.3 MEDIUM
aprelium_technologies abyss_web_server Per: http://cwe.mitre.org/data/definitions/93.html 'http://cwe.mitre.org/data/definitions/93.html' NVD-CWE-Other
CVE-2003-1338 2010-06-23 13:00 2003-12-31 表示 GitHub Exploit DB Packet Storm
363584 5.0 MEDIUM
apple mac_os_x
mac_os_x_server
Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open… CWE-287
不適切な認証
CVE-2010-0521 2010-06-21 13:00 2010-03-31 表示 GitHub Exploit DB Packet Storm
363585 9.0 HIGH
apple mac_os_x_server Server Admin in Apple Mac OS X Server 10.5.8 does not properly determine the privileges of users who had former membership in the admin group, which allows remote authenticated users to leverage this… CWE-264
認可・権限・アクセス制御
CVE-2010-0522 2010-06-21 13:00 2010-03-31 表示 GitHub Exploit DB Packet Storm
363586 5.0 MEDIUM
apple mac_os_x_server Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types of uploaded files, which allows remote attackers to obtain sensitive information or possibly have unspecified other impact via a … CWE-200
情報漏えい
CVE-2010-0523 2010-06-21 13:00 2010-03-31 表示 GitHub Exploit DB Packet Storm
363587 5.0 MEDIUM
apple mac_os_x_server Per: http://support.apple.com/kb/HT4077 'This issue only affects Mac OS X Server systems, and does not affect versions 10.6 or later.' CWE-200
情報漏えい
CVE-2010-0523 2010-06-21 13:00 2010-03-31 表示 GitHub Exploit DB Packet Storm
363588 5.0 MEDIUM
apple mac_os_x
mac_os_x_server
Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make i… CWE-310
暗号の問題
CVE-2010-0525 2010-06-21 13:00 2010-03-31 表示 GitHub Exploit DB Packet Storm
363589 4.0 MEDIUM
apple mac_os_x
mac_os_x_server
Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the service access control list (SACL) for weblogs during weblog creation, which allows remote authenticated users to publish content… CWE-264
認可・権限・アクセス制御
CVE-2010-0534 2010-06-21 13:00 2010-03-31 表示 GitHub Exploit DB Packet Storm
363590 6.5 MEDIUM
apple mac_os_x
mac_os_x_server
Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenti… CWE-264
認可・権限・アクセス制御
CVE-2010-0535 2010-06-21 13:00 2010-03-31 表示 GitHub Exploit DB Packet Storm
363591 2.6 LOW
apple mac_os_x
mac_os_x_server
DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to… CWE-264
認可・権限・アクセス制御
CVE-2010-0537 2010-06-18 13:00 2010-03-31 表示 GitHub Exploit DB Packet Storm
363592 6.8 MEDIUM
notsopureedit notsopureedit PHP remote file inclusion vulnerability in templates/template.php in notsoPureEdit 1.4.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL… CWE-94
コード・インジェクション
CVE-2010-1216 2010-06-18 13:00 2010-03-31 表示 GitHub Exploit DB Packet Storm
363593 6.8 MEDIUM
realitymedias repairshop2 SQL injection vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prod parameter in a product… CWE-89
SQLインジェクション
CVE-2010-1857 2010-06-14 04:18 2010-05-8 表示 GitHub Exploit DB Packet Storm
363594 7.5 HIGH
xinha
s9y
wysiwyg_editor
serendipity
The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify … CWE-264
認可・権限・アクセス制御
CVE-2010-1916 2010-06-14 04:18 2010-05-12 表示 GitHub Exploit DB Packet Storm
363595 4.3 MEDIUM
zonecheck zonecheck Multiple cross-site scripting (XSS) vulnerabilities in zc/publisher/html.rb in ZoneCheck 2.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) xmlnode.value, … CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-2155 2010-06-14 04:18 2010-06-4 表示 GitHub Exploit DB Packet Storm
363596 9.0 HIGH
cisco mediator_framework Unspecified vulnerability in Cisco Mediator Framework 2.2 before 2.2.1.dev.1 and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator… NVD-CWE-noinfo
CVE-2010-0596 2010-06-14 04:16 2010-05-28 表示 GitHub Exploit DB Packet Storm
363597 9.0 HIGH
cisco mediator_framework Unspecified vulnerability in Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4… NVD-CWE-noinfo
CVE-2010-0597 2010-06-14 04:16 2010-05-28 表示 GitHub Exploit DB Packet Storm
363598 9.3 HIGH
cisco mediator_framework Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Med… CWE-255
証明書・パスワード管理
CVE-2010-0598 2010-06-14 04:16 2010-05-28 表示 GitHub Exploit DB Packet Storm
363599 9.3 HIGH
cisco mediator_framework Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Med… CWE-255
証明書・パスワード管理
CVE-2010-0599 2010-06-14 04:16 2010-05-28 表示 GitHub Exploit DB Packet Storm
363600 10.0 HIGH
cisco mediator_framework Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Med… CWE-264
認可・権限・アクセス制御
CVE-2010-0600 2010-06-14 04:16 2010-05-28 表示 GitHub Exploit DB Packet Storm