NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2026年7月18日4:22

No CVSS レベル
攻撃区分
ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
363751 6.8 MEDIUM
openmairie openannuaire Directory traversal vulnerability in scr/soustab.php in OpenMairie openAnnuaire 2.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via direct… CWE-22
パス・トラバーサル
CVE-2010-1920 2010-05-13 13:00 2010-05-13 表示 GitHub Exploit DB Packet Storm
363752 6.8 MEDIUM
openmairie openannuaire Multiple PHP remote file inclusion vulnerabilities in OpenMairie openAnnuaire 2.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om par… CWE-94
コード・インジェクション
CVE-2010-1921 2010-05-13 13:00 2010-05-13 表示 GitHub Exploit DB Packet Storm
363753 7.5 HIGH
rifat_kurban tekno.portal SQL injection vulnerability in makale.php in tekno.Portal 0.1b allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-2817. CWE-89
SQLインジェクション
CVE-2010-1925 2010-05-13 13:00 2010-05-13 表示 GitHub Exploit DB Packet Storm
363754 6.8 MEDIUM
openmairie opencourrier Directory traversal vulnerability in scr/soustab.php in openMairie openCourrier 2.02 and 2.03 beta, when register_globals is enabled, allows remote attackers to include and execute arbitrary local fi… CWE-22
パス・トラバーサル
CVE-2010-1926 2010-05-13 13:00 2010-05-13 表示 GitHub Exploit DB Packet Storm
363755 6.8 MEDIUM
openmairie opencourrier Multiple PHP remote file inclusion vulnerabilities in openMairie openCourrier 2.02 and 2.03 beta, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in t… CWE-94
コード・インジェクション
CVE-2010-1927 2010-05-13 13:00 2010-05-13 表示 GitHub Exploit DB Packet Storm
363756 6.8 MEDIUM
openmairie openplanning Multiple PHP remote file inclusion vulnerabilities in openMairie openPlanning 1.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om par… CWE-94
コード・インジェクション
CVE-2010-1934 2010-05-13 13:00 2010-05-13 表示 GitHub Exploit DB Packet Storm
363757 5.0 MEDIUM
xoops xoops The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative… CWE-264
認可・権限・アクセス制御
CVE-2009-4851 2010-05-13 13:00 2010-05-8 表示 GitHub Exploit DB Packet Storm
363758 7.2 HIGH
gnustep gnustep_base Integer overflow in the load_iface function in Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 might allow context-dependent attackers to execute arbitrary code via a (1) file or (2) socket th… CWE-189
数値処理の問題
CVE-2010-1620 2010-05-13 06:07 2010-05-12 表示 GitHub Exploit DB Packet Storm
363759 7.5 HIGH
efrontlearning efront SQL injection vulnerability in ask_chat.php in eFront 3.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the chatrooms_ID parameter. CWE-89
SQLインジェクション
CVE-2010-1918 2010-05-13 04:36 2010-05-12 表示 GitHub Exploit DB Packet Storm
363760 4.9 MEDIUM
gnustep gnustep_base Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local users to read arbitrary files via a (1) -c or (2) -a option, which prints file contents in an error message. CWE-200
情報漏えい
CVE-2010-1457 2010-05-12 20:46 2010-05-12 表示 GitHub Exploit DB Packet Storm
363761 4.3 MEDIUM
tufat flashcard Cross-site scripting (XSS) vulnerability in cPlayer.php in FlashCard 2.6.5 and 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details … CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-1872 2010-05-12 20:46 2010-05-12 表示 GitHub Exploit DB Packet Storm
363762 9.3 HIGH
abcbackup
internet-soft
abc_backup
urgent_backup
Stack-based buffer overflow in (1) Urgent Backup 3.20, and (2) ABC Backup Pro 5.20 and ABC Backup 5.50, allows user-assisted remote attackers to execute arbitrary code via a crafted ZIP archive. CWE-119
バッファエラー
CVE-2010-1686 2010-05-12 09:41 2010-05-5 表示 GitHub Exploit DB Packet Storm
363763 4.3 MEDIUM
turnkeyforms yahoo-answers-clone Cross-site scripting (XSS) vulnerability in questiondetail.php in Yahoo Answers Clone allows remote attackers to inject arbitrary web script or HTML via the questionid parameter. CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2009-4858 2010-05-11 21:02 2010-05-11 表示 GitHub Exploit DB Packet Storm
363764 4.3 MEDIUM
onlinetechtools.com owos_lite Multiple cross-site scripting (XSS) vulnerabilities in Online Work Order Suite (OWOS) Lite Edition 3.10 allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) def… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2009-4859 2010-05-11 21:02 2010-05-11 表示 GitHub Exploit DB Packet Storm
363765 4.3 MEDIUM
supportpro supportdesk Cross-site scripting (XSS) vulnerability in shownews.php in SupportPRO SupportDesk 3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2009-4861 2010-05-11 21:02 2010-05-11 表示 GitHub Exploit DB Packet Storm
363766 4.3 MEDIUM
hitronsoft answer_me Cross-site scripting (XSS) vulnerability in Hitron Soft Answer Me 1.0 allows remote attackers to inject arbitrary web script or HTML via the q_id parameter to the answers script (aka answers.php). N… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2009-4868 2010-05-11 21:02 2010-05-11 表示 GitHub Exploit DB Packet Storm
363767 4.3 MEDIUM
hitronsoft nasim_guest_book Cross-site scripting (XSS) vulnerability in index.php in Nasim Guest Book 1.2 allows remote attackers to inject arbitrary web script or HTML via the page parameter. CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2009-4869 2010-05-11 21:02 2010-05-11 表示 GitHub Exploit DB Packet Storm
363768 6.5 MEDIUM
openttd openttd OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or … CWE-264
認可・権限・アクセス制御
CVE-2010-0401 2010-05-11 13:00 2010-05-5 表示 GitHub Exploit DB Packet Storm
363769 4.0 MEDIUM
openttd openttd OpenTTD before 1.0.1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and daemon crash) by performing incomplete downloads of the map. CWE-399
リソース管理の問題
CVE-2010-0406 2010-05-11 13:00 2010-05-5 表示 GitHub Exploit DB Packet Storm
363770 9.3 HIGH
adobe photoshop_cs4 Multiple unspecified vulnerabilities in Adobe Photoshop CS4 11.x before 11.0.1 allow user-assisted remote attackers to execute arbitrary code via a crafted TIFF file. CWE-94
コード・インジェクション
CVE-2010-1279 2010-05-11 13:00 2010-05-5 表示 GitHub Exploit DB Packet Storm
363771 4.4 MEDIUM
mytty webapplication_finger_printer Web Application Finger Printer (WAFP) 0.01-26c3 uses fixed pathnames under /tmp for temporary files and directories, which (1) allows local users to cause a denial of service (application outage) by … NVD-CWE-Other
CVE-2010-1438 2010-05-11 13:00 2010-05-6 表示 GitHub Exploit DB Packet Storm
363772 6.8 MEDIUM
zikula zikula_application_framework Cross-site request forgery (CSRF) vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests th… CWE-352
同一生成元ポリシー違反
CVE-2010-1732 2010-05-11 13:00 2010-05-6 表示 GitHub Exploit DB Packet Storm
363773 6.8 MEDIUM
transmissionbt transmission Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute a… CWE-119
バッファエラー
CVE-2010-1853 2010-05-11 13:00 2010-05-8 表示 GitHub Exploit DB Packet Storm
363774 7.5 HIGH
php php The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by … CWE-94
コード・インジェクション
CVE-2010-1868 2010-05-11 13:00 2010-05-8 表示 GitHub Exploit DB Packet Storm
363775 4.3 MEDIUM
mega-nerd libsndfile The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of se… CWE-189
数値処理の問題
CVE-2009-4835 2010-05-11 13:00 2010-05-6 表示 GitHub Exploit DB Packet Storm
363776 4.3 MEDIUM
phpscripte24 pay_per_watch_\&_bid_auktions_system Cross-site scripting (XSS) vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to inject arbitrary web script or HTML via the id_auk parameter, which is not pr… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-1854 2010-05-10 13:00 2010-05-8 表示 GitHub Exploit DB Packet Storm
363777 2.6 LOW
realitymedias repairshop2 Cross-site scripting (XSS) vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the prod para… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-1856 2010-05-10 13:00 2010-05-8 表示 GitHub Exploit DB Packet Storm
363778 6.8 MEDIUM
deluxebb deluxebb SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the membercookie cookie when a… CWE-89
SQLインジェクション
CVE-2010-1859 2010-05-10 13:00 2010-05-8 表示 GitHub Exploit DB Packet Storm
363779 6.4 MEDIUM
php php The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to write to arbitrary memory addresses by using an object's __sleep function to interrupt an … CWE-399
リソース管理の問題
CVE-2010-1861 2010-05-10 13:00 2010-05-8 表示 GitHub Exploit DB Packet Storm
363780 7.5 HIGH
clantiger clantiger SQL injection vulnerability in the shoutbox module (modules/shoutbox.php) in ClanTiger 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the s_email parameter. CWE-89
SQLインジェクション
CVE-2010-1863 2010-05-10 13:00 2010-05-8 表示 GitHub Exploit DB Packet Storm
363781 4.3 MEDIUM
festic semanticscuttle Multiple cross-site scripting (XSS) vulnerabilities in SemanticScuttle before 0.94.1 allow remote attackers to inject arbitrary web script or HTML via the sort parameter to index.php, and other unspe… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2009-4852 2010-05-10 13:00 2010-05-8 表示 GitHub Exploit DB Packet Storm
363782 6.0 MEDIUM
roshan_singh open_direct_connect_hub Stack-based buffer overflow in Open Direct Connect Hub (aka Open DC Hub or OpenDCHub) 0.8.1 allows remote authenticated users to execute arbitrary code via a long MyINFO message. CWE-119
バッファエラー
CVE-2010-1147 2010-05-8 14:57 2010-04-7 表示 GitHub Exploit DB Packet Storm
363783 7.8 HIGH
lexmark 25xxn
c510
c52x
c53x
c540
c543
c544
c546
c73x
c77x
c78x
c920
c935dn
e120
e238
e23x
e240
e240n
e250
e260
e33x
e34x
e350
e360d
e3…
The embedded HTTP server in multiple Lexmark laser and inkjet printers and MarkNet devices, including X94x, W840, T656, N4000, E462, C935dn, 25xxN, and other models, allows remote attackers to cause … CWE-20
不適切な入力確認
CVE-2010-0101 2010-05-7 13:00 2010-05-5 表示 GitHub Exploit DB Packet Storm
363784 6.8 MEDIUM
carlos_eduardo_sotelo_pinto 0.1.0 PHP remote file inclusion vulnerability in core/includes/gfw_smarty.php in Gallo 0.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the confi… CWE-94
コード・インジェクション
CVE-2010-1737 2010-05-7 13:00 2010-05-7 表示 GitHub Exploit DB Packet Storm
363785 5.0 MEDIUM
dolphin dolphin_browser Dolphin Browser 2.5.0 on the HTC Hero allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop. CWE-119
バッファエラー
CVE-2010-1730 2010-05-6 23:53 2010-05-6 表示 GitHub Exploit DB Packet Storm
363786 6.5 MEDIUM
openttd openttd OpenTTD before 1.0.1 does not properly validate index values of certain items, which allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code v… CWE-94
コード・インジェクション
CVE-2010-0402 2010-05-5 22:22 2010-05-5 表示 GitHub Exploit DB Packet Storm
363787 5.0 MEDIUM
mochasoft mocha_w32_lpd Stack-based buffer overflow in lpd.exe in Mocha W32 LPD 1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted "recieve jobs" request. NOT… CWE-119
バッファエラー
CVE-2010-1687 2010-05-5 13:00 2010-05-5 表示 GitHub Exploit DB Packet Storm
363788 6.8 MEDIUM
joomlacomponent.inetlanka com_drawroot Directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified othe… CWE-22
パス・トラバーサル
CVE-2010-1723 2010-05-5 13:00 2010-05-5 表示 GitHub Exploit DB Packet Storm
363789 4.3 MEDIUM
cisco router_and_security_device_manager Cross-site scripting (XSS) vulnerability in Cisco Router and Security Device Manager (SDM) allows remote attackers to inject arbitrary web script or HTML via unknown vectors, aka Bug ID CSCtb38467. CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-0594 2010-05-5 01:00 2010-05-5 表示 GitHub Exploit DB Packet Storm
363790 7.5 HIGH
rocky.nu php_video_battle_script SQL injection vulnerability in browse.html in PHP Video Battle Script allows remote attackers to execute arbitrary SQL commands via the cat parameter. CWE-89
SQLインジェクション
CVE-2010-1701 2010-05-5 01:00 2010-05-5 表示 GitHub Exploit DB Packet Storm
363791 7.5 HIGH
rocky.nu modelbook SQL injection vulnerability in casting_view.php in Modelbook allows remote attackers to execute arbitrary SQL commands via the adnum parameter. CWE-89
SQLインジェクション
CVE-2010-1705 2010-05-5 01:00 2010-05-5 表示 GitHub Exploit DB Packet Storm
363792 4.3 MEDIUM
piwigo piwigo Multiple cross-site scripting (XSS) vulnerabilities in register.php in Piwigo 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) login and (2) mail_address pa… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-1707 2010-05-5 01:00 2010-05-5 表示 GitHub Exploit DB Packet Storm
363793 4.3 MEDIUM
cpanel cpanel Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter. CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2009-4823 2010-05-4 14:49 2010-04-28 表示 GitHub Exploit DB Packet Storm
363794 9.3 HIGH
ffmpeg ffmpeg Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted VP3 file that triggers an out-of-bound… CWE-189
数値処理の問題
CVE-2009-4631 2010-05-4 14:48 2010-02-10 表示 GitHub Exploit DB Packet Storm
363795 4.3 MEDIUM
ffmpeg ffmpeg Integer overflow in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. CWE-189
数値処理の問題
CVE-2009-4638 2010-05-4 14:48 2010-02-10 表示 GitHub Exploit DB Packet Storm
363796 5.0 MEDIUM
helpcenterlive hcl Directory traversal vulnerability in the HelpCenter module in Help Center Live (HCL) 2.0.6 and 2.1.7 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .… CWE-22
パス・トラバーサル
CVE-2010-1652 2010-05-4 00:30 2010-05-3 表示 GitHub Exploit DB Packet Storm
363797 7.5 HIGH
htmlcoderhelper com_graphics Directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (d… CWE-22
パス・トラバーサル
CVE-2010-1653 2010-05-3 22:51 2010-05-3 表示 GitHub Exploit DB Packet Storm
363798 7.5 HIGH
instantrankingseo infocus_real_estate Multiple SQL injection vulnerabilities in system_member_login.php in Infocus Real Estate Enterprise Edition allow remote attackers to execute arbitrary SQL commands via the (1) username (aka login) a… CWE-89
SQLインジェクション
CVE-2010-1654 2010-05-3 22:51 2010-05-3 表示 GitHub Exploit DB Packet Storm
363799 7.5 HIGH
zimbllc com_zimbcomment Directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a ..… CWE-22
パス・トラバーサル
CVE-2010-1602 2010-04-30 13:00 2010-04-30 表示 GitHub Exploit DB Packet Storm
363800 7.5 HIGH
zimbllc com_zimbcore Directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly… CWE-22
パス・トラバーサル
CVE-2010-1603 2010-04-30 13:00 2010-04-30 表示 GitHub Exploit DB Packet Storm