NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2026年7月18日4:22

No CVSS レベル
攻撃区分
ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
363601 4.3 MEDIUM
zonecheck zonecheck Cross-site scripting (XSS) vulnerability in zc/publisher/html.rb in ZoneCheck 2.0.4-13 and 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the ns parameter to zc.cgi. CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2009-4882 2010-06-14 04:15 2010-06-3 表示 GitHub Exploit DB Packet Storm
363602 10.0 HIGH
ibm db2_content_manager Unspecified vulnerability in the single sign-on functionality in the Web Services implementation in IBM DB2 Content Manager (CM) Toolkit 8.3 before FP13 on z/OS and DB2 Information Integrator for Con… NVD-CWE-noinfo
CVE-2010-1041 2010-06-11 13:00 2010-03-23 表示 GitHub Exploit DB Packet Storm
363603 7.5 HIGH
focusdev com_mv_restaurantmenumanager SQL injection vulnerability in the Multi-Venue Restaurant Menu Manager (aka MVRMM or com_mv_restaurantmenumanager) component 1.5.2 Stable Update 3 and earlier for Joomla! allows remote attackers to e… CWE-89
SQLインジェクション
CVE-2010-1468 2010-06-11 13:00 2010-04-20 表示 GitHub Exploit DB Packet Storm
363604 6.8 MEDIUM
ternaria com_jprojectmanager Directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspec… CWE-22
パス・トラバーサル
CVE-2010-1469 2010-06-11 13:00 2010-04-20 表示 GitHub Exploit DB Packet Storm
363605 7.5 HIGH
dev.pucit.edu.pk com_webtv Directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in … CWE-22
パス・トラバーサル
CVE-2010-1470 2010-06-11 13:00 2010-04-20 表示 GitHub Exploit DB Packet Storm
363606 7.5 HIGH
b-elektro com_addressbook Directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to in… CWE-22
パス・トラバーサル
CVE-2010-1471 2010-06-11 13:00 2010-04-20 表示 GitHub Exploit DB Packet Storm
363607 7.5 HIGH
kazulah com_horoscope Directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to … CWE-22
パス・トラバーサル
CVE-2010-1472 2010-06-11 13:00 2010-04-20 表示 GitHub Exploit DB Packet Storm
363608 6.8 MEDIUM
johnmccollum com_advertising Directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (… CWE-22
パス・トラバーサル
CVE-2010-1473 2010-06-11 13:00 2010-04-20 表示 GitHub Exploit DB Packet Storm
363609 6.8 MEDIUM
alphaplug com_alphauserpoints Directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact v… CWE-22
パス・トラバーサル
CVE-2010-1476 2010-06-11 13:00 2010-04-20 表示 GitHub Exploit DB Packet Storm
363610 7.5 HIGH
martin_hess com_sermonspeaker SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a latest_serm… CWE-89
SQLインジェクション
CVE-2010-1477 2010-06-11 13:00 2010-04-20 表示 GitHub Exploit DB Packet Storm
363611 6.8 MEDIUM
ternaria com_jfeedback Directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other … CWE-22
パス・トラバーサル
CVE-2010-1478 2010-06-11 13:00 2010-04-20 表示 GitHub Exploit DB Packet Storm
363612 7.5 HIGH
rockettheme com_rokmodule SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.ph… CWE-89
SQLインジェクション
CVE-2010-1479 2010-06-11 13:00 2010-04-20 表示 GitHub Exploit DB Packet Storm
363613 6.8 MEDIUM
pligg pligg_cms Multiple cross-site request forgery (CSRF) vulnerabilities in Pligg before 1.0.3 allow remote attackers to hijack the authentication of administrators for requests that create user accounts or have u… CWE-352
同一生成元ポリシー違反
CVE-2009-4787 2010-06-11 13:00 2010-04-21 表示 GitHub Exploit DB Packet Storm
363614 7.5 HIGH
shape5 bridge_of_hope_template SQL injection vulnerability in the Shape5 Bridge of Hope template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php. CWE-89
SQLインジェクション
CVE-2010-2254 2010-06-10 13:00 2010-06-10 表示 GitHub Exploit DB Packet Storm
363615 7.5 HIGH
tamlyncreative com_bfsurvey_profree
com_bfsurvey_pro
com_bfsurvey_basic
SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) component before 1.3.1, BF Survey Pro Free (com_bfsurvey_profree) component 1.2.6, and BF Survey Basic component before 1.2 for Joo… CWE-89
SQLインジェクション
CVE-2010-2255 2010-06-10 13:00 2010-06-10 表示 GitHub Exploit DB Packet Storm
363616 4.3 MEDIUM
payperviewvideosoftware pay_per_minute_video_chat_script Multiple cross-site scripting (XSS) vulnerabilities in Pay Per Minute Video Chat Script 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/mem… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-2256 2010-06-10 13:00 2010-06-10 表示 GitHub Exploit DB Packet Storm
363617 7.5 HIGH
payperviewvideosoftware pay_per_minute_video_chat_script SQL injection vulnerability in index_ie.php in Pay Per Minute Video Chat Script 2.0 and 2.1 allows remote attackers to execute arbitrary SQL commands via the page parameter. CWE-89
SQLインジェクション
CVE-2010-2257 2010-06-10 13:00 2010-06-10 表示 GitHub Exploit DB Packet Storm
363618 7.5 HIGH
tamlyncreative com_bfsurvey_profree
com_bfsurvey_pro
com_bfsurvey_basic
Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller param… CWE-22
パス・トラバーサル
CVE-2010-2259 2010-06-10 13:00 2010-06-10 表示 GitHub Exploit DB Packet Storm
363619 4.3 MEDIUM
apple safari JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, allows remote attackers to cause a denial of service (application crash) via an HTML document composed of many successive occurren… NVD-CWE-noinfo
CVE-2010-1131 2010-06-8 13:00 2010-03-28 表示 GitHub Exploit DB Packet Storm
363620 7.5 HIGH
rockettheme com_rokmodule SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php. NOTE: some of … CWE-89
SQLインジェクション
CVE-2010-1480 2010-06-8 13:00 2010-04-20 表示 GitHub Exploit DB Packet Storm
363621 2.1 LOW
speedtech storm Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary we… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-2158 2010-06-8 13:00 2010-06-8 表示 GitHub Exploit DB Packet Storm
363622 4.3 MEDIUM
novell netware NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allows user-assisted remote attackers to cause a denial of service (console hang) via a large number of FTP sessions, … NVD-CWE-noinfo
CVE-2003-1591 2010-06-8 13:00 2010-04-6 表示 GitHub Exploit DB Packet Storm
363623 7.5 HIGH
novell netware_ftp_server
netware
NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not properly restrict filesystem use by anonymous users with NFS Gateway home directories, which allows remote attackers to bypass i… CWE-264
認可・権限・アクセス制御
CVE-2003-1596 2010-06-8 13:00 2010-04-6 表示 GitHub Exploit DB Packet Storm
363624 4.0 MEDIUM
novell netware_ftp_server
netware
NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows remote authenticated users to cause a denial of service (abend) via a crafted ABOR command. NVD-CWE-noinfo
CWE-20
不適切な入力確認
CVE-2002-2433 2010-06-8 13:00 2010-04-6 表示 GitHub Exploit DB Packet Storm
363625 5.0 MEDIUM
novell netware_ftp_server
netware
NWFTPD.nlm before 5.02i in the FTP server in Novell NetWare does not properly listen for data connections, which allows remote attackers to cause a denial of service (abend) via multiple FTP sessions. NVD-CWE-noinfo
CVE-2002-2434 2010-06-8 13:00 2010-04-6 表示 GitHub Exploit DB Packet Storm
363626 1.9 LOW
gnu nano GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a … CWE-59
リンク解釈の問題
CVE-2010-1160 2010-06-7 13:00 2010-04-17 表示 GitHub Exploit DB Packet Storm
363627 3.7 LOW
gnu nano Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related… CWE-362
競合状態
CVE-2010-1161 2010-06-7 13:00 2010-04-17 表示 GitHub Exploit DB Packet Storm
363628 9.3 HIGH
emweb wt Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form values and (2) JSignal arguments, which has unspecified impact and remote attack vectors. CWE-20
不適切な入力確認
CVE-2010-1273 2010-06-7 13:00 2010-04-7 表示 GitHub Exploit DB Packet Storm
363629 9.3 HIGH
jasper httpdx Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET re… CWE-134
書式文字列の問題
CVE-2009-4769 2010-06-7 13:00 2010-04-20 表示 GitHub Exploit DB Packet Storm
363630 7.5 HIGH
jasper httpdx The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged acce… CWE-255
証明書・パスワード管理
CVE-2009-4770 2010-06-7 13:00 2010-04-20 表示 GitHub Exploit DB Packet Storm
363631 9.3 HIGH
hitachi ucosminexus\/opentp1_web_web_front-endset
ucosminexus_application_server
ucosminexus_client
ucosminexus_collaboration
ucosminexus_developer
ucosminexus_operator
ucosminexus_service_…
Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C+… CWE-119
バッファエラー
CVE-2009-4776 2010-06-7 13:00 2010-04-21 表示 GitHub Exploit DB Packet Storm
363632 7.5 HIGH
kolab kolab_server Unspecified vulnerability in Kolab Webclient before 1.2.0 in Kolab Server before 2.2.3 allows attackers to have an unspecified impact via vectors related to an "image upload form." NVD-CWE-noinfo
CVE-2009-4824 2010-06-5 14:31 2010-04-28 表示 GitHub Exploit DB Packet Storm
363633 4.3 MEDIUM
zeeways ebay_clone_auction_script Cross-site scripting (XSS) vulnerability in signinform.php in Zeeways eBay Clone Auction Script allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of th… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-2144 2010-06-4 13:00 2010-06-3 表示 GitHub Exploit DB Packet Storm
363634 7.5 HIGH
graviton-mediatech visitor_logger PHP remote file inclusion vulnerability in banned.php in Visitor Logger allows remote attackers to execute arbitrary PHP code via a URL in the VL_include_path parameter. CWE-94
コード・インジェクション
CVE-2010-2146 2010-06-4 13:00 2010-06-3 表示 GitHub Exploit DB Packet Storm
363635 4.3 MEDIUM
fujitsu e-pares Cross-site scripting (XSS) vulnerability Fujitsu e-Pares V01 L01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-2150 2010-06-4 13:00 2010-06-4 表示 GitHub Exploit DB Packet Storm
363636 2.6 LOW
fujitsu e-pares Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify … CWE-352
同一生成元ポリシー違反
CVE-2010-2151 2010-06-4 13:00 2010-06-4 表示 GitHub Exploit DB Packet Storm
363637 6.8 MEDIUM
tecnick tcexam Unrestricted file upload vulnerability in admin/code/tce_functions_tcecode_editor.php in TCExam 10.1.006 and 10.1.007 allows remote attackers to execute arbitrary code by uploading a file with an exe… NVD-CWE-Other
CVE-2010-2153 2010-06-4 13:00 2010-06-4 表示 GitHub Exploit DB Packet Storm
363638 6.8 MEDIUM
tecnick tcexam Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type' NVD-CWE-Other
CVE-2010-2153 2010-06-4 13:00 2010-06-4 表示 GitHub Exploit DB Packet Storm
363639 5.0 MEDIUM
dovecot dovecot Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message. CWE-399
リソース管理の問題
CVE-2010-0745 2010-06-3 14:54 2010-05-21 表示 GitHub Exploit DB Packet Storm
363640 7.5 HIGH
barnowl barnowl Buffer overflow in BarnOwl before 1.5.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted CC: header. CWE-119
バッファエラー
CVE-2010-0793 2010-06-3 14:54 2010-03-17 表示 GitHub Exploit DB Packet Storm
363641 6.8 MEDIUM
typo3 typo3 PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className v… CWE-94
コード・インジェクション
CVE-2010-1153 2010-06-3 13:00 2010-04-21 表示 GitHub Exploit DB Packet Storm
363642 7.5 HIGH
multishopcms multishop_cms SQL injection vulnerability in pages.php in Multishop CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the det… CWE-89
SQLインジェクション
CVE-2010-2139 2010-06-3 13:00 2010-06-3 表示 GitHub Exploit DB Packet Storm
363643 7.5 HIGH
multishopcms multishop_cms SQL injection vulnerability in itemdetail.php in Multishop CMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. NOTE: the provenance of this information is unknown… CWE-89
SQLインジェクション
CVE-2010-2140 2010-06-3 13:00 2010-06-3 表示 GitHub Exploit DB Packet Storm
363644 7.5 HIGH
joaktree com_joaktree SQL injection vulnerability in the Joaktree (com_joaktree) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the treeId parameter to index.php. CWE-89
SQLインジェクション
CVE-2009-4784 2010-06-3 13:00 2010-04-21 表示 GitHub Exploit DB Packet Storm
363645 7.5 HIGH
bhavesh_chauhan com_quicknews SQL injection vulnerability in the Quick News (com_quicknews) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a view_item action to index.p… CWE-89
SQLインジェクション
CVE-2009-4785 2010-06-3 13:00 2010-04-21 表示 GitHub Exploit DB Packet Storm
363646 4.3 MEDIUM
pligg pligg_cms Multiple open redirect vulnerabilities in Pligg 1.0.2 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the (1) return parameter to pligg/lo… CWE-20
不適切な入力確認
CVE-2009-4788 2010-06-3 13:00 2010-04-21 表示 GitHub Exploit DB Packet Storm
363647 7.5 HIGH
mojoblog mojoblog Multiple PHP remote file inclusion vulnerabilities in the MojoBlog component RC 0.15 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path paramete… CWE-94
コード・インジェクション
CVE-2009-4789 2010-06-3 13:00 2010-04-21 表示 GitHub Exploit DB Packet Storm
363648 7.5 HIGH
mojoblog mojoblog Per http://extensions.joomla.org/extensions/3374/details: Editor's note This extension has been unpublished for the following reason: * This extension is not compatible with Joomla! 1.5 CWE-94
コード・インジェクション
CVE-2009-4789 2010-06-3 13:00 2010-04-21 表示 GitHub Exploit DB Packet Storm
363649 9.0 HIGH
sysax multi_server Multiple directory traversal vulnerabilities in Sysax Multi Server 4.5 allow remote authenticated users to read or modify arbitrary files via crafted FTP commands. NOTE: the provenance of this infor… CWE-22
パス・トラバーサル
CVE-2009-4790 2010-06-3 13:00 2010-04-22 表示 GitHub Exploit DB Packet Storm
363650 4.6 MEDIUM
amsn amsn login_screen.tcl in aMSN (aka Alvaro's Messenger) before 0.97.1 saves a password after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation. CWE-255
証明書・パスワード管理
CVE-2008-7255 2010-06-3 13:00 2010-04-21 表示 GitHub Exploit DB Packet Storm