NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2026年7月18日4:22

No CVSS レベル
攻撃区分
ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
363701 4.0 MEDIUM
microsoft dynamics_gp Microsoft Dynamics GP uses a substitution cipher to encrypt the system password field and unspecified other fields, which makes it easier for remote authenticated users to obtain sensitive informatio… CWE-310
暗号の問題
CVE-2010-2011 2010-05-24 13:00 2010-05-22 表示 GitHub Exploit DB Packet Storm
363702 6.8 MEDIUM
scriptsez mini_hosting_panel Cross-site request forgery (CSRF) vulnerability in hosting/admin_ac.php in ScriptsEz Mini Hosting Panel allows remote attackers to hijack the authentication of administrators for requests that alter … CWE-352
同一生成元ポリシー違反
CVE-2009-4826 2010-05-24 13:00 2010-04-28 表示 GitHub Exploit DB Packet Storm
363703 6.8 MEDIUM
scriptez mail_manager_pro Cross-site request forgery (CSRF) vulnerability in admin.php in Mail Manager Pro allows remote attackers to hijack the authentication of administrators for requests that change the admin password via… CWE-352
同一生成元ポリシー違反
CVE-2009-4827 2010-05-24 13:00 2010-04-28 表示 GitHub Exploit DB Packet Storm
363704 6.8 MEDIUM
phpwebscripts ad_manager_pro Cross-site request forgery (CSRF) vulnerability in administration/admins.php in Ad Manager Pro (aka AdManagerPro) 3.0 allows remote attackers to hijack the authentication of administrators for reques… CWE-352
同一生成元ポリシー違反
CVE-2009-4828 2010-05-24 13:00 2010-04-28 表示 GitHub Exploit DB Packet Storm
363705 6.8 MEDIUM
stafford.uklinux libesmtp libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attack… CWE-310
暗号の問題
CVE-2010-1192 2010-05-22 14:46 2010-04-1 表示 GitHub Exploit DB Packet Storm
363706 6.8 MEDIUM
stafford.uklinux libesmtp The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attac… CWE-310
暗号の問題
CVE-2010-1194 2010-05-22 14:46 2010-04-1 表示 GitHub Exploit DB Packet Storm
363707 4.3 MEDIUM
hp insight_control_server_migration_for_windows Multiple cross-site scripting (XSS) vulnerabilities in HP Insight Control Server Migration before 6.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-1557 2010-05-21 14:59 2010-05-15 表示 GitHub Exploit DB Packet Storm
363708 7.8 HIGH
cisco pgw_2200_softswitch The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S11 and 9.7(3)P before 9.7(3)P11 allows remote attackers to cause a denial of service (device crash) via a l… CWE-20
不適切な入力確認
CVE-2010-1561 2010-05-21 14:59 2010-05-15 表示 GitHub Exploit DB Packet Storm
363709 7.8 HIGH
cisco pgw_2200_softswitch The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a mal… CWE-20
不適切な入力確認
CVE-2010-1562 2010-05-21 14:59 2010-05-15 表示 GitHub Exploit DB Packet Storm
363710 7.8 HIGH
cisco pgw_2200_softswitch The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a mal… CWE-20
不適切な入力確認
CVE-2010-1563 2010-05-21 14:59 2010-05-15 表示 GitHub Exploit DB Packet Storm
363711 7.8 HIGH
cisco pgw_2200_softswitch Unspecified vulnerability in the SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of ser… CWE-399
リソース管理の問題
CVE-2010-1565 2010-05-21 14:59 2010-05-15 表示 GitHub Exploit DB Packet Storm
363712 7.8 HIGH
cisco pgw_2200_softswitch The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.8(1)S5 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsz13590. CWE-20
不適切な入力確認
CVE-2010-1567 2010-05-21 14:59 2010-05-15 表示 GitHub Exploit DB Packet Storm
363713 9.3 HIGH
apple mac_os_x
mac_os_x_server
The Accounts Preferences implementation in Apple Mac OS X 10.6 before 10.6.3, when a network account server is used, does not support Login Window access control that is based solely on group members… CWE-264
認可・権限・アクセス制御
CVE-2010-0512 2010-05-21 14:57 2010-03-31 表示 GitHub Exploit DB Packet Storm
363714 9.3 HIGH
apple mac_os_x
mac_os_x_server
Per: http://support.apple.com/kb/HT4077 'This issue only affects systems configured to use a network account server, and does not affect systems prior to Mac OS X v10.6.' CWE-264
認可・権限・アクセス制御
CVE-2010-0512 2010-05-21 14:57 2010-03-31 表示 GitHub Exploit DB Packet Storm
363715 7.5 HIGH
apple mac_os_x
mac_os_x_server
The default configuration of the FreeRADIUS server in Apple Mac OS X Server before 10.6.3 permits EAP-TLS authenticated connections on the basis of an arbitrary client certificate, which allows remot… CWE-264
認可・権限・アクセス制御
CVE-2010-0524 2010-05-21 14:57 2010-03-31 表示 GitHub Exploit DB Packet Storm
363716 7.8 HIGH
cisco pgw_2200_softswitch The MGCP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S11 allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug ID CSCsl391… CWE-20
不適切な入力確認
CVE-2010-0601 2010-05-21 14:57 2010-05-15 表示 GitHub Exploit DB Packet Storm
363717 7.8 HIGH
cisco pgw_2200_softswitch The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S11 allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug ID CSCsk3260… CWE-20
不適切な入力確認
CVE-2010-0602 2010-05-21 14:57 2010-05-15 表示 GitHub Exploit DB Packet Storm
363718 7.8 HIGH
cisco pgw_2200_softswitch Unspecified vulnerability in the SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S10 allows remote attackers to cause a denial of service (device crash) via unknown SIP… NVD-CWE-noinfo
CVE-2010-0604 2010-05-21 14:57 2010-05-15 表示 GitHub Exploit DB Packet Storm
363719 7.5 HIGH
gohigheris com_jwhmcs Directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to … CWE-22
パス・トラバーサル
CVE-2010-1977 2010-05-21 13:00 2010-05-20 表示 GitHub Exploit DB Packet Storm
363720 6.8 MEDIUM
openmairie opencatalogue Directory traversal vulnerability in scr/soustab.php in OpenMairie Opencatalogue 1.024, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via dire… CWE-22
パス・トラバーサル
CVE-2010-1999 2010-05-21 13:00 2010-05-21 表示 GitHub Exploit DB Packet Storm
363721 2.1 LOW
ron_jerome bibliography Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privil… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-2000 2010-05-21 13:00 2010-05-21 表示 GitHub Exploit DB Packet Storm
363722 2.6 LOW
ninjitsuweb civiregister Cross-site scripting (XSS) vulnerability in the CiviRegister module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI. CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-2001 2010-05-21 13:00 2010-05-21 表示 GitHub Exploit DB Packet Storm
363723 2.1 LOW
addison_berry
jeff_warrington
wordfilter Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x before 5.x-1.1 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with "administer words filtered" privileges, … CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-2002 2010-05-21 13:00 2010-05-21 表示 GitHub Exploit DB Packet Storm
363724 4.3 MEDIUM
toutvirtual virtualiq Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual VirtualIQ Pro 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the (1) addNewDept, (2) deptId, or (3… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2009-4842 2010-05-21 13:00 2010-05-8 表示 GitHub Exploit DB Packet Storm
363725 4.3 MEDIUM
sixapart movable_type Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in Six Apart Movable Type 5.0 and 5.01 allow remote attackers to inject arbitrary web script or HTML via unkno… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-1985 2010-05-21 04:47 2010-05-20 表示 GitHub Exploit DB Packet Storm
363726 5.0 MEDIUM
mediawiki mediawiki MediaWiki before 1.15.2 does not prevent wiki editors from linking to images from other web sites in wiki pages, which allows editors to obtain IP addresses and other information of wiki users by add… CWE-20
不適切な入力確認
CVE-2010-1189 2010-05-20 14:49 2010-04-1 表示 GitHub Exploit DB Packet Storm
363727 7.8 HIGH
cisco pgw_2200_softswitch The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S10 allows remote attackers to cause a denial of service (device crash) via a malformed session attribute, aka Bug I… CWE-20
不適切な入力確認
CVE-2010-0603 2010-05-20 14:48 2010-05-15 表示 GitHub Exploit DB Packet Storm
363728 10.0 HIGH
ffmpeg ffmpeg FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow. CWE-119
バッファエラー
CVE-2009-4637 2010-05-20 14:46 2010-02-10 表示 GitHub Exploit DB Packet Storm
363729 4.3 MEDIUM
phpbb phpbb feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check permissions for feeds, which allows remote attackers to bypass intended access restrictions via unspecified attack vectors related to … CWE-264
認可・権限・アクセス制御
CVE-2010-1627 2010-05-20 13:00 2010-05-20 表示 GitHub Exploit DB Packet Storm
363730 7.5 HIGH
phpbb phpbb Unspecified vulnerability in posting.php in phpBB before 3.0.5 has unknown impact and attack vectors related to the use of a "forum id" in circumstances related to a "global announcement." NVD-CWE-noinfo
CVE-2010-1630 2010-05-20 13:00 2010-05-20 表示 GitHub Exploit DB Packet Storm
363731 5.0 MEDIUM
joomlart com_javoice Directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. CWE-22
パス・トラバーサル
CVE-2010-1982 2010-05-20 13:00 2010-05-20 表示 GitHub Exploit DB Packet Storm
363732 7.8 HIGH
nec bladesystemcenter
expresssystemcenter
sigmasystemcenter
virtualpccenter
websam_deploymentmanager
Unspecified vulnerability in NEC WebSAM DeploymentManager 5.13 and earlier, as used in SigmaSystemCenter 2.1 Update2 and earlier, BladeSystemCenter, ExpressSystemCenter, and VirtualPCCenter 2.2 and e… NVD-CWE-noinfo
CVE-2010-1941 2010-05-19 21:08 2010-05-19 表示 GitHub Exploit DB Packet Storm
363733 7.8 HIGH
nec capsuite_patchmeister Unspecified vulnerability in NEC CapsSuite Small Edition PatchMeister 2.0 Update2 and earlier allows remote attackers to cause a denial of service (OS shutdown or restart) via vectors related to Clie… NVD-CWE-noinfo
CVE-2010-1943 2010-05-19 21:08 2010-05-19 表示 GitHub Exploit DB Packet Storm
363734 6.8 MEDIUM
openmairie openfoncier Multiple PHP remote file inclusion vulnerabilities in openMairie Openfoncier 2.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om para… CWE-94
コード・インジェクション
CVE-2010-1945 2010-05-19 21:07 2010-05-19 表示 GitHub Exploit DB Packet Storm
363735 6.8 MEDIUM
openmairie openregistrecil Directory traversal vulnerability in scr/soustab.php in openMairie Openregistrecil 1.02, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via dir… CWE-22
パス・トラバーサル
CVE-2010-1947 2010-05-19 21:07 2010-05-19 表示 GitHub Exploit DB Packet Storm
363736 6.8 MEDIUM
openmairie openfoncier Directory traversal vulnerability in scr/soustab.php in openMairie Openfoncier 2.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directo… CWE-22
パス・トラバーサル
CVE-2010-1948 2010-05-19 21:07 2010-05-19 表示 GitHub Exploit DB Packet Storm
363737 6.8 MEDIUM
openmairie openregistrecil Multiple PHP remote file inclusion vulnerabilities in openMairie Openregistrecil 1.02, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om … CWE-94
コード・インジェクション
CVE-2010-1946 2010-05-19 21:07 2010-05-19 表示 GitHub Exploit DB Packet Storm
363738 7.5 HIGH
emultisoft com_jnewspaper SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. N… CWE-89
SQLインジェクション
CVE-2010-1949 2010-05-19 21:07 2010-05-19 表示 GitHub Exploit DB Packet Storm
363739 6.8 MEDIUM
emultisoft com_jnewspaper SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands v… CWE-89
SQLインジェクション
CVE-2010-1950 2010-05-19 21:07 2010-05-19 表示 GitHub Exploit DB Packet Storm
363740 7.5 HIGH
joomlacomponent.inetlanka com_multimap Directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter… CWE-22
パス・トラバーサル
CVE-2010-1953 2010-05-19 21:07 2010-05-19 表示 GitHub Exploit DB Packet Storm
363741 7.5 HIGH
joomlacomponent.inetlanka com_multiroot Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller… CWE-22
パス・トラバーサル
CVE-2010-1954 2010-05-19 21:07 2010-05-19 表示 GitHub Exploit DB Packet Storm
363742 5.0 MEDIUM
cisco ironport_desktop_flag_plugin_for_outlook The Send Secure functionality in the Cisco IronPort Desktop Flag Plug-in for Outlook before 6.5.0-006 does not properly handle simultaneously composed messages, which might allow remote attackers to … CWE-310
暗号の問題
CVE-2010-1568 2010-05-17 13:00 2010-05-15 表示 GitHub Exploit DB Packet Storm
363743 5.8 MEDIUM
alvaro alvaros_messenger aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Nam… CWE-287
不適切な認証
CVE-2010-0744 2010-05-14 14:49 2010-04-21 表示 GitHub Exploit DB Packet Storm
363744 4.3 MEDIUM
adobe coldfusion Cross-site scripting (XSS) vulnerability in the Administrator page in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-1293 2010-05-14 13:00 2010-05-14 表示 GitHub Exploit DB Packet Storm
363745 4.3 MEDIUM
adobe coldfusion Per: http://www.adobe.com/support/security/bulletins/apsb10-11.html 'Affected software versions ColdFusion 8.0, 8.0.1, 9.0 and earlier versions for Windows, Macintosh and UNIX' CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-1293 2010-05-14 13:00 2010-05-14 表示 GitHub Exploit DB Packet Storm
363746 2.1 LOW
adobe coldfusion Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows local users to obtain sensitive information via unknown vectors. NVD-CWE-noinfo
CWE-200
情報漏えい
CVE-2010-1294 2010-05-14 13:00 2010-05-14 表示 GitHub Exploit DB Packet Storm
363747 2.1 LOW
adobe coldfusion Per: http://www.adobe.com/support/security/bulletins/apsb10-11.html 'Affected software versions ColdFusion 8.0, 8.0.1, 9.0 and earlier versions for Windows, Macintosh and UNIX' NVD-CWE-noinfo
CWE-200
情報漏えい
CVE-2010-1294 2010-05-14 13:00 2010-05-14 表示 GitHub Exploit DB Packet Storm
363748 4.3 MEDIUM
adobe coldfusion Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2009-3467 2010-05-14 13:00 2010-05-14 表示 GitHub Exploit DB Packet Storm
363749 4.3 MEDIUM
adobe coldfusion Per: http://www.adobe.com/support/security/bulletins/apsb10-11.html 'Affected software versions ColdFusion 8.0, 8.0.1, 9.0 and earlier versions for Windows, Macintosh and UNIX' CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2009-3467 2010-05-14 13:00 2010-05-14 表示 GitHub Exploit DB Packet Storm
363750 4.3 MEDIUM
cmsmadesimple cms_made_simple Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the date… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-1482 2010-05-13 13:00 2010-05-13 表示 GitHub Exploit DB Packet Storm