NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2026年7月18日4:22

No CVSS レベル
攻撃区分
ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
363801 4.3 MEDIUM
vpasp vp-asp_shopping_cart Cross-site scripting (XSS) vulnerability in shopsessionsubs.asp in Rocksalt International VP-ASP Shopping Cart 6.50 and earlier might allow remote attackers to inject arbitrary web script or HTML via… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-1590 2010-04-29 13:00 2010-04-29 表示 GitHub Exploit DB Packet Storm
363802 6.9 MEDIUM
sisoftware sandra sandra.sys 15.18.1.1 and earlier in the Sandra Device Driver in SiSoftware Sandra 16.10.2010.1 and earlier allows local users to gain privileges or cause a denial of service (system crash) via unspec… CWE-20
不適切な入力確認
CVE-2010-1592 2010-04-29 13:00 2010-04-29 表示 GitHub Exploit DB Packet Storm
363803 4.3 MEDIUM
vmware server Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server 2.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON error messages. CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-1193 2010-04-28 14:46 2010-04-2 表示 GitHub Exploit DB Packet Storm
363804 5.0 MEDIUM
moinmo moinmoin MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values. CWE-264
認可・権限・アクセス制御
CVE-2010-1238 2010-04-28 14:46 2010-04-6 表示 GitHub Exploit DB Packet Storm
363805 7.5 HIGH
vmware virtualcenter
server
esx_server
WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via uns… CWE-20
不適切な入力確認
CVE-2010-0686 2010-04-28 14:45 2010-04-2 表示 GitHub Exploit DB Packet Storm
363806 7.5 HIGH
martin_hess com_sermonspeaker SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a speakerpopu… CWE-89
SQLインジェクション
CVE-2010-1559 2010-04-28 13:00 2010-04-28 表示 GitHub Exploit DB Packet Storm
363807 5.0 MEDIUM
dlink dir-615 The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, … CWE-287
不適切な認証
CVE-2009-4821 2010-04-28 13:00 2010-04-28 表示 GitHub Exploit DB Packet Storm
363808 2.1 LOW
james_glasgow
john_vandervort
autologout Cross-site scripting (XSS) vulnerability in the Automated Logout module 6.x-1.x before 6.x-1.7 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users with administer autologout privi… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2009-4829 2010-04-28 13:00 2010-04-28 表示 GitHub Exploit DB Packet Storm
363809 6.8 MEDIUM
dragonfrugal dfd_cart Multiple cross-site request forgery (CSRF) vulnerabilities in admin/configure.php in DFD Cart 1.198, 1.197, and earlier allow remote attackers to hijack the authentication of administrators for reque… CWE-352
同一生成元ポリシー違反
CVE-2010-1542 2010-04-28 01:43 2010-04-27 表示 GitHub Exploit DB Packet Storm
363810 2.1 LOW
mearra addthis Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to in… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-1536 2010-04-28 01:04 2010-04-27 表示 GitHub Exploit DB Packet Storm
363811 5.0 MEDIUM
wolfram webmathematica Wolfram Research webMathematica allows remote attackers to obtain sensitive information via a direct request to the MSP script, which reveals the installation path in an error message. CWE-200
情報漏えい
CVE-2009-4812 2010-04-28 00:30 2010-04-28 表示 GitHub Exploit DB Packet Storm
363812 4.3 MEDIUM
mybboard mybb Cross-site scripting (XSS) vulnerability in myps.php in MyBB (aka MyBulletinBoard) 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a donate action. CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2009-4813 2010-04-28 00:30 2010-04-28 表示 GitHub Exploit DB Packet Storm
363813 2.1 LOW
reyero i18n Multiple cross-site scripting (XSS) vulnerabilities in the Internationalization module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with translate interface or administer blocks pr… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-1530 2010-04-27 13:00 2010-04-27 表示 GitHub Exploit DB Packet Storm
363814 5.0 MEDIUM
givesight com_powermail Directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact… CWE-22
パス・トラバーサル
CVE-2010-1532 2010-04-27 13:00 2010-04-27 表示 GitHub Exploit DB Packet Storm
363815 4.3 MEDIUM
dragonfrugal dfd_cart Multiple cross-site scripting (XSS) vulnerabilities in DFD Cart 1.198, 1.197, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) category and (2) list_quantity para… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-1541 2010-04-27 13:00 2010-04-27 表示 GitHub Exploit DB Packet Storm
363816 5.0 MEDIUM
acme
rca
micro_httpd
digital_cable_modem
micro_httpd on the RCA DCM425 cable modem allows remote attackers to cause a denial of service (device reboot) via a long string to TCP port 80. CWE-20
不適切な入力確認
CVE-2010-1544 2010-04-27 13:00 2010-04-27 表示 GitHub Exploit DB Packet Storm
363817 7.5 HIGH
samhain_labs samhain The Secure Remote Password (SRP) implementation in Samhain before 2.5.4 does not check for a certain zero value where required by the protocol, which allows remote attackers to bypass authentication … CWE-20
不適切な入力確認
CVE-2009-4810 2010-04-27 01:17 2010-04-23 表示 GitHub Exploit DB Packet Storm
363818 5.0 MEDIUM
palosanto elastix Directory traversal vulnerability in help/frameRight.php in Elastix 1.6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id_nodo parameter. NOTE: the provenance of this in… CWE-22
パス・トラバーサル
CVE-2010-1492 2010-04-26 13:00 2010-04-23 表示 GitHub Exploit DB Packet Storm
363819 7.5 HIGH
joachim_ruhs flat_manager SQL injection vulnerability in the Flat Manager (flatmgr) extension before 1.9.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. CWE-89
SQLインジェクション
CVE-2009-4802 2010-04-26 13:00 2010-04-23 表示 GitHub Exploit DB Packet Storm
363820 4.3 MEDIUM
phpmyfaq phpmyfaq Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action,… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2009-4780 2010-04-24 13:00 2010-04-21 表示 GitHub Exploit DB Packet Storm
363821 5.0 MEDIUM
ijoomla com_news_portal Directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller paramet… CWE-22
パス・トラバーサル
CVE-2010-1312 2010-04-22 14:42 2010-04-9 表示 GitHub Exploit DB Packet Storm
363822 9.3 HIGH
vmware movie_decoder
workstation
player
server
Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 24645… CWE-119
バッファエラー
CVE-2009-1564 2010-04-22 14:33 2010-04-13 表示 GitHub Exploit DB Packet Storm
363823 9.3 HIGH
vmware movie_decoder
workstation
player
server
vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before … CWE-119
バッファエラー
CVE-2009-1565 2010-04-22 14:33 2010-04-13 表示 GitHub Exploit DB Packet Storm
363824 9.3 HIGH
rim blackberry_enterprise_server
blackberry_professional_software
Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.7 and 5.0.0, an… NVD-CWE-noinfo
CVE-2009-4778 2010-04-22 13:00 2010-04-21 表示 GitHub Exploit DB Packet Storm
363825 9.3 HIGH
rim blackberry_enterprise_server
blackberry_professional_software
Per: http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB19860 'These vulnerabilities could enable a malicious individual to send an email message containing a specially… NVD-CWE-noinfo
CVE-2009-4778 2010-04-22 13:00 2010-04-21 表示 GitHub Exploit DB Packet Storm
363826 4.3 MEDIUM
pligg pligg_cms Multiple cross-site scripting (XSS) vulnerabilities in Pligg before 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to (1) admin/admin_config.php, (2) … CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2009-4786 2010-04-22 13:00 2010-04-21 表示 GitHub Exploit DB Packet Storm
363827 4.0 MEDIUM
sun solaris
opensolaris
Unspecified vulnerability in Sun Solaris 10 and OpenSolaris snv_49 through snv_117, when 64bit mode is used on the Intel x86 platform and a Linux (lx) branded zone is configured, allows local users t… NVD-CWE-noinfo
CVE-2009-4774 2010-04-21 23:30 2010-04-21 表示 GitHub Exploit DB Packet Storm
363828 7.5 HIGH
realnetworks helix_dna_server
helix_server
helix_server_mobile
Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows remote attackers to have an unspecified impact via… CWE-119
バッファエラー
CVE-2010-1317 2010-04-21 13:00 2010-04-21 表示 GitHub Exploit DB Packet Storm
363829 5.0 MEDIUM
gogoritas com_photobattle Directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php. CWE-22
パス・トラバーサル
CVE-2010-1461 2010-04-19 13:00 2010-04-17 表示 GitHub Exploit DB Packet Storm
363830 5.0 MEDIUM
tembria server_monitor Multiple stack-based buffer overflows in Tembria Server Monitor before 5.6.1 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted (1) GE… CWE-119
バッファエラー
CVE-2010-1316 2010-04-16 13:00 2010-04-15 表示 GitHub Exploit DB Packet Storm
363831 9.3 HIGH
justsystems ichitaro Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government 2006 through 2010 allows user-assisted remote attackers to execute arbitrary code via a crafted font file. NVD-CWE-noinfo
CVE-2010-1424 2010-04-16 13:00 2010-04-16 表示 GitHub Exploit DB Packet Storm
363832 5.0 MEDIUM
f-secure anti-virus
f-secure_anti-virus
f-secure_anti-virus_client_security
f-secure_anti-virus_for_citrix_servers
f-secure_anti-virus_for_linux
f-secure_anti-virus_for_microsoft_exchange
f-…
F-Secure Internet Security 2010 and earlier; Anti-Virus for Microsoft Exchange 9 and earlier, and for MIMEsweeper 5.61 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, and for Linux 4.0… NVD-CWE-Other
CVE-2010-1425 2010-04-16 13:00 2010-04-16 表示 GitHub Exploit DB Packet Storm
363833 7.5 HIGH
mhd_zaher_ghaibeh arab_cart SQL injection vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. CWE-89
SQLインジェクション
CVE-2010-0724 2010-04-15 14:41 2010-02-27 表示 GitHub Exploit DB Packet Storm
363834 4.3 MEDIUM
mhd_zaher_ghaibeh arab_cart Cross-site scripting (XSS) vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-0725 2010-04-15 14:41 2010-02-27 表示 GitHub Exploit DB Packet Storm
363835 4.3 MEDIUM
preprojects pre_classified_listings_asp Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classified Listings ASP allows remote attackers to inject arbitrary web script or HTML via the address parameter. CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-1371 2010-04-15 06:03 2010-04-14 表示 GitHub Exploit DB Packet Storm
363836 7.5 HIGH
preprojects pre_classified_listings_asp SQL injection vulnerability in signup.asp in Pre Classified Listings ASP allows remote attackers to execute arbitrary SQL commands via the email parameter. CWE-89
SQLインジェクション
CVE-2010-1369 2010-04-15 05:58 2010-04-14 表示 GitHub Exploit DB Packet Storm
363837 7.5 HIGH
uiga fan_club Multiple SQL injection vulnerabilities in admin/admin_login.php in Uiga Fan Club 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) admin_name and (2) admin_password… CWE-89
SQLインジェクション
CVE-2010-1366 2010-04-15 05:49 2010-04-14 表示 GitHub Exploit DB Packet Storm
363838 7.5 HIGH
uiga personal_portal SQL injection vulnerability in index.php in Uiga Personal Portal, as downloaded on 20100301, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action. NOTE: … CWE-89
SQLインジェクション
CVE-2010-1364 2010-04-15 04:37 2010-04-14 表示 GitHub Exploit DB Packet Storm
363839 2.1 LOW
ben_jeavons ownterm Cross-site scripting (XSS) vulnerability in the Own Term module 6.x-1.0 for Drupal allows remote authenticated users, with "create additional terms" privileges, to inject arbitrary web script or HTML… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-1362 2010-04-14 22:59 2010-04-14 表示 GitHub Exploit DB Packet Storm
363840 5.0 MEDIUM
yasirpro ms-pro_portal_scripti YP Portal MS-Pro Surumu (aka MS-Pro Portal Scripti) 1.0 and 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database … CWE-264
認可・権限・アクセス制御
CVE-2009-4766 2010-04-14 21:44 2010-04-14 表示 GitHub Exploit DB Packet Storm
363841 2.1 LOW
ron_jerome bibliography Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privil… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-1358 2010-04-14 13:00 2010-04-14 表示 GitHub Exploit DB Packet Storm
363842 7.5 HIGH
uiga fan_club SQL injection vulnerability in index.php in Uiga Fan Club, as downloaded on 20100310, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action. CWE-89
SQLインジェクション
CVE-2010-1365 2010-04-14 13:00 2010-04-14 表示 GitHub Exploit DB Packet Storm
363843 4.3 MEDIUM
uiga fan_club Multiple cross-site scripting (XSS) vulnerabilities in admin/admin_login.php in Uiga Fan Club, as downloaded on 20100310, allow remote attackers to inject arbitrary web script or HTML via the (1) adm… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-1367 2010-04-14 13:00 2010-04-14 表示 GitHub Exploit DB Packet Storm
363844 7.5 HIGH
preprojects pre_classified_listings_asp SQL injection vulnerability in detailad.asp in Pre Classified Listings ASP allows remote attackers to execute arbitrary SQL commands via the siteid parameter. CWE-89
SQLインジェクション
CVE-2010-1370 2010-04-14 13:00 2010-04-14 表示 GitHub Exploit DB Packet Storm
363845 5.0 MEDIUM
cnr.somee hikaye_portal CNR Hikaye Portal 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/hikaye.mdb. CWE-264
認可・権限・アクセス制御
CVE-2009-4765 2010-04-14 13:00 2010-04-14 表示 GitHub Exploit DB Packet Storm
363846 5.0 MEDIUM
jooforge com_jukebox Directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller paramete… CWE-22
パス・トラバーサル
CVE-2010-1352 2010-04-14 06:31 2010-04-13 表示 GitHub Exploit DB Packet Storm
363847 7.8 HIGH
cisco ios The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device reload) via a malformed SIP message, aka Bug ID CSCtb93416, the "SIP Message Handling De… NVD-CWE-Other
CVE-2010-0579 2010-04-13 14:43 2010-03-26 表示 GitHub Exploit DB Packet Storm
363848 10.0 HIGH
cisco ios Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz48680, the "SIP Message P… NVD-CWE-noinfo
CVE-2010-0580 2010-04-13 14:43 2010-03-26 表示 GitHub Exploit DB Packet Storm
363849 10.0 HIGH
cisco ios Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz89904, the "SIP Packet Pa… NVD-CWE-noinfo
CVE-2010-0581 2010-04-13 14:43 2010-03-26 表示 GitHub Exploit DB Packet Storm
363850 7.8 HIGH
cisco ios Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote attackers to cause a denial of service (interface queue wedge) via malformed H.323 packets, aka Bug ID CSCta19962. NVD-CWE-noinfo
CVE-2010-0582 2010-04-13 14:43 2010-03-26 表示 GitHub Exploit DB Packet Storm