NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2026年7月18日4:22

No CVSS レベル
攻撃区分
ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
363851 2.1 LOW
freedesktop udisks probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TARGETS_PARAMS information to udev even for a crypt UDISKS_DM_TARGETS_TYPE, which allows local users to discover encryption keys by… CWE-200
情報漏えい
CVE-2010-1149 2010-04-13 13:00 2010-04-13 表示 GitHub Exploit DB Packet Storm
363852 6.0 MEDIUM
pulsecms pulse_cms Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extensi… NVD-CWE-Other
CVE-2010-1334 2010-04-12 13:00 2010-04-10 表示 GitHub Exploit DB Packet Storm
363853 6.0 MEDIUM
pulsecms pulse_cms Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type' NVD-CWE-Other
CVE-2010-1334 2010-04-12 13:00 2010-04-10 表示 GitHub Exploit DB Packet Storm
363854 4.3 MEDIUM
robertotto teamsite_hack_plugin Cross-site scripting (XSS) vulnerability in ts_other.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to inject arbitrary web script or HTML via the u… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-1339 2010-04-12 13:00 2010-04-10 表示 GitHub Exploit DB Packet Storm
363855 6.8 MEDIUM
directnews direct_news Multiple PHP remote file inclusion vulnerabilities in Direct News 4.10.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to… CWE-94
コード・インジェクション
CVE-2010-1342 2010-04-12 13:00 2010-04-10 表示 GitHub Exploit DB Packet Storm
363856 5.0 MEDIUM
cookex com_ckforms Directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter… CWE-22
パス・トラバーサル
CVE-2010-1345 2010-04-12 13:00 2010-04-10 表示 GitHub Exploit DB Packet Storm
363857 5.0 MEDIUM
opera opera_browser Opera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, which cause Opera to return cached contents of other pages. CWE-200
情報漏えい
CVE-2010-1310 2010-04-10 02:01 2010-04-9 表示 GitHub Exploit DB Packet Storm
363858 6.8 MEDIUM
apple mac_os_x
mac_os_x_server
Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PostScrip… CWE-119
バッファエラー
CVE-2010-0513 2010-04-9 14:42 2010-03-31 表示 GitHub Exploit DB Packet Storm
363859 6.8 MEDIUM
apple mac_os_x
mac_os_x_server
Per: http://support.apple.com/kb/HT4077 'On Mac OS X v10.6 systems this issue is mitigated by the -fstack-protector compiler flag.' CWE-119
バッファエラー
CVE-2010-0513 2010-04-9 14:42 2010-03-31 表示 GitHub Exploit DB Packet Storm
363860 5.0 MEDIUM
la-souris-verte com_svmap Directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. CWE-22
パス・トラバーサル
CVE-2010-1308 2010-04-9 13:00 2010-04-9 表示 GitHub Exploit DB Packet Storm
363861 5.0 MEDIUM
ermenegildo_fiorito irmin_cms Directory traversal vulnerability in Irmin CMS (formerly Pepsi CMS) 0.6 BETA2 allows remote attackers to read arbitrary files via a .. (dot dot) in the w parameter to index.php. CWE-22
パス・トラバーサル
CVE-2010-1309 2010-04-9 13:00 2010-04-9 表示 GitHub Exploit DB Packet Storm
363862 4.3 MEDIUM
seber com_sebercart Directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via… CWE-22
パス・トラバーサル
CVE-2010-1313 2010-04-9 13:00 2010-04-9 表示 GitHub Exploit DB Packet Storm
363863 5.0 MEDIUM
joomlanook com_hsconfig Directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter… CWE-22
パス・トラバーサル
CVE-2010-1314 2010-04-9 13:00 2010-04-9 表示 GitHub Exploit DB Packet Storm
363864 7.5 HIGH
mahara mahara SQL injection vulnerability in lib/user.php in mahara 1.0.4 allows remote attackers to execute arbitrary SQL commands via a username. CWE-89
SQLインジェクション
CVE-2010-0400 2010-04-8 22:25 2010-04-8 表示 GitHub Exploit DB Packet Storm
363865 5.0 MEDIUM
decryptweb com_dwgraphs Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequence… CWE-22
パス・トラバーサル
CVE-2010-1302 2010-04-8 13:00 2010-04-8 表示 GitHub Exploit DB Packet Storm
363866 6.8 MEDIUM
ermenegildo_fiorito irmin_cms Directory traversal vulnerability in includes/template-loader.php in Irmin CMS (formerly Pepsi CMS) 0.5 and 0.6 BETA2, when register_globals is enabled, allows remote attackers to include and execute… CWE-22
パス・トラバーサル
CVE-2008-7254 2010-04-8 13:00 2010-04-8 表示 GitHub Exploit DB Packet Storm
363867 7.5 HIGH
ekith com_dcs_flashgames SQL injection vulnerability in Adam Corley dcsFlashGames (com_dcs_flashgames) allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. CWE-89
SQLインジェクション
CVE-2010-1265 2010-04-7 13:00 2010-04-7 表示 GitHub Exploit DB Packet Storm
363868 5.0 MEDIUM
kjetiltroan webmaid_cms Multiple directory traversal vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the com parameter to (1) cContac… CWE-22
パス・トラバーサル
CVE-2010-1267 2010-04-7 13:00 2010-04-7 表示 GitHub Exploit DB Packet Storm
363869 4.3 MEDIUM
bbsxp bbsxp Multiple cross-site scripting (XSS) vulnerabilities in BBSXP 2008 SP2 allow remote attackers to inject arbitrary web script or HTML via the URI in a request to (1) AddPost.asp, (2) AddTopic.asp, (3) … CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-1276 2010-04-7 13:00 2010-04-7 表示 GitHub Exploit DB Packet Storm
363870 4.0 MEDIUM
pulsecms pulse_cms Directory traversal vulnerability in view.php in Pulse CMS 1.2.2 allows remote attackers to read arbitrary files via directory traversal sequences in the f parameter. NOTE: the provenance of this in… CWE-22
パス・トラバーサル
CVE-2010-1298 2010-04-7 13:00 2010-04-7 表示 GitHub Exploit DB Packet Storm
363871 4.0 MEDIUM
pulsecms pulse_cms per: http://secunia.com/advisories/38650 '2) Input passed via the "f" parameter to view.php is not properly sanitised before being used to read files. This can be exploited to disclose the content… CWE-22
パス・トラバーサル
CVE-2010-1298 2010-04-7 13:00 2010-04-7 表示 GitHub Exploit DB Packet Storm
363872 7.5 HIGH
novell netware_ftp_server
netware
NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended ac… CWE-264
認可・権限・アクセス制御
CVE-2007-6735 2010-04-6 23:22 2010-04-6 表示 GitHub Exploit DB Packet Storm
363873 9.3 HIGH
foxitsoftware foxit_reader Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute arbitrary local programs via a certain "/Type /Action /S /Launch" sequence, and (2) execute arbitrary programs embedded in a PDF … CWE-94
コード・インジェクション
CVE-2010-1239 2010-04-6 13:00 2010-04-6 表示 GitHub Exploit DB Packet Storm
363874 4.0 MEDIUM
novell netware_ftp_server
netware
NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7 does not properly implement the FTPREST.TXT NOREMOTE restriction, which allows remote authenticated users to access directories o… CWE-264
認可・権限・アクセス制御
CVE-2007-6734 2010-04-6 13:00 2010-04-6 表示 GitHub Exploit DB Packet Storm
363875 7.5 HIGH
novell netware_ftp_server
netware
NWFTPD.nlm before 5.06.05 in the FTP server in Novell NetWare 6.5 SP5 allows attackers to have an unspecified impact via vectors related to passwords. NVD-CWE-noinfo
CVE-2005-4887 2010-04-6 13:00 2010-04-6 表示 GitHub Exploit DB Packet Storm
363876 5.0 MEDIUM
novell netware_ftp_server
netware
NWFTPD.nlm before 5.06.04 in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (excessive stale connections) by establishing many FTP sessions, which persist in th… NVD-CWE-Other
CVE-2005-4888 2010-04-6 13:00 2010-04-6 表示 GitHub Exploit DB Packet Storm
363877 4.3 MEDIUM
novell netware_ftp_server
netware
NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not promptly close DS sessions, which allows remote attackers to cause a denial of service (connection slot exhaustion) by establish… CWE-264
認可・権限・アクセス制御
CVE-2004-2767 2010-04-6 13:00 2010-04-6 表示 GitHub Exploit DB Packet Storm
363878 5.0 MEDIUM
novell netware_ftp_server
netware
Multiple buffer overflows in NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allow remote attackers to cause a denial of service (abend) via a long (1) username or (2… CWE-119
バッファエラー
CVE-2003-1592 2010-04-6 13:00 2010-04-6 表示 GitHub Exploit DB Packet Storm
363879 7.5 HIGH
novell netware_ftp_server
netware
NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 does not enforce domain-name login restrictions, which allows remote attackers to bypass intended access control via a… CWE-264
認可・権限・アクセス制御
CVE-2003-1593 2010-04-6 13:00 2010-04-6 表示 GitHub Exploit DB Packet Storm
363880 7.5 HIGH
novell netware_ftp_server
netware
NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly enforce FTPREST.TXT settings, which allows remote attackers to bypass intended access restrictions via an FTP sessi… CWE-264
認可・権限・アクセス制御
CVE-2003-1594 2010-04-6 13:00 2010-04-6 表示 GitHub Exploit DB Packet Storm
363881 10.0 HIGH
novell netware_ftp_server
netware
NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly perform "intruder detection," which has unspecified impact and attack vectors. CWE-264
認可・権限・アクセス制御
CVE-2003-1595 2010-04-6 13:00 2010-04-6 表示 GitHub Exploit DB Packet Storm
363882 3.5 LOW
novell netware_ftp_server
netware
NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allows remote authenticated users to cause a denial of service (abend) by sending an RNTO command after a failed RNFR command. CWE-119
バッファエラー
CVE-2000-1246 2010-04-6 04:28 2010-04-6 表示 GitHub Exploit DB Packet Storm
363883 7.5 HIGH
novell netware_ftp_server
netware
Multiple unspecified vulnerabilities in NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allow remote attackers to bypass intended restrictions on anonymous access via unknown vect… NVD-CWE-noinfo
CWE-264
認可・権限・アクセス制御
CVE-2000-1245 2010-04-6 00:30 2010-04-6 表示 GitHub Exploit DB Packet Storm
363884 5.0 MEDIUM
novell netware NWFTPD.nlm before 5.01w in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (abend) via an anonymous STOU command. CWE-119
バッファエラー
CVE-2001-1587 2010-04-6 00:30 2010-04-6 表示 GitHub Exploit DB Packet Storm
363885 5.0 MEDIUM
novell netware_ftp_server
netware
Unspecified vulnerability in NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (abend) via a crafted username. NVD-CWE-noinfo
CVE-2002-2432 2010-04-6 00:30 2010-04-6 表示 GitHub Exploit DB Packet Storm
363886 2.6 LOW
gnome evolution Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" he… NVD-CWE-Other
CVE-2006-2789 2010-04-2 16:56 2006-06-3 表示 GitHub Exploit DB Packet Storm
363887 6.5 MEDIUM
mpg123 mpg123 Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE: thi… NVD-CWE-Other
CVE-2006-1655 2010-04-2 16:23 2006-04-6 表示 GitHub Exploit DB Packet Storm
363888 6.4 MEDIUM
kolab kolab_groupware_server Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large email is sent with a "." in the wrong place, which causes kolabfilter to add another ".", which might break clear-text signatures an… NVD-CWE-Other
CVE-2005-4828 2010-04-2 15:31 2005-12-31 表示 GitHub Exploit DB Packet Storm
363889 7.5 HIGH
freeradius freeradius SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. NVD-CWE-Other
CVE-2005-4745 2010-04-2 15:30 2005-12-31 表示 GitHub Exploit DB Packet Storm
363890 7.5 HIGH
freeradius freeradius The vendor released version 1.1.1 to address this issue. NVD-CWE-Other
CVE-2005-4745 2010-04-2 15:30 2005-12-31 表示 GitHub Exploit DB Packet Storm
363891 7.8 HIGH
freeradius freeradius Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t". NVD-CWE-Other
CVE-2005-4746 2010-04-2 15:30 2005-12-31 表示 GitHub Exploit DB Packet Storm
363892 10.0 HIGH
clam_anti-virus clamav Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before 0.87.1 allows attackers to perform unknown attacks via unknown vectors. NVD-CWE-Other
CVE-2005-3587 2010-04-2 15:06 2005-11-16 表示 GitHub Exploit DB Packet Storm
363893 7.8 HIGH
clam_anti-virus clamav The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attackers to cause a denial of service (segmentation fault) via a DOC file with an invalid property tree, which triggers an … NVD-CWE-Other
CVE-2005-3239 2010-04-2 14:50 2005-10-15 表示 GitHub Exploit DB Packet Storm
363894 2.1 LOW
linux linux_kernel A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to 2.6.5 and 2.4 up to 2.4.29-rc1 allows local users to read portions of kernel memory via a large len argument, which is received … NVD-CWE-Other
CVE-2004-2607 2010-04-2 13:50 2004-12-31 表示 GitHub Exploit DB Packet Storm
363895 5.0 MEDIUM
apple iphone_os The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G and 3.1.3 on the iPhone 3GS allows remote attackers to cause a denial of service (Safari, Mail, or Springboard crash) via a craft… CWE-20
不適切な入力確認
CVE-2010-1226 2010-04-2 13:00 2010-04-2 表示 GitHub Exploit DB Packet Storm
363896 7.8 HIGH
cisco ios Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of … NVD-CWE-noinfo
CVE-2010-0585 2010-04-1 14:40 2010-03-26 表示 GitHub Exploit DB Packet Storm
363897 4.3 MEDIUM
ikiwiki ikiwiki Cross-site scripting (XSS) vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a craf… CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-1195 2010-04-1 13:00 2010-04-1 表示 GitHub Exploit DB Packet Storm
363898 9.0 HIGH
apple mac_os_x_server Password Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote authenticated users to obtain login access via an expired password. CWE-255
証明書・パスワード管理
CVE-2010-0510 2010-04-1 03:08 2010-03-31 表示 GitHub Exploit DB Packet Storm
363899 9.0 HIGH
apple mac_os_x_server Per: http://support.apple.com/kb/HT4077 'This issue only affects Mac OS X Server systems' CWE-255
証明書・パスワード管理
CVE-2010-0510 2010-04-1 03:08 2010-03-31 表示 GitHub Exploit DB Packet Storm
363900 7.5 HIGH
apple mac_os_x_server Multiple stack-based buffer overflows in iChat Server in Apple Mac OS X Server before 10.6.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unsp… CWE-119
バッファエラー
CVE-2010-0504 2010-04-1 02:14 2010-03-31 表示 GitHub Exploit DB Packet Storm