NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2024年5月20日20:38

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
249401 4.3 MEDIUM
exif exif Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x before 5.x-1.2 and 6.x-1.x-dev before April 13, 2009, a module for Drupal, allows remote attackers to inject arbitrary web script o… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-1501 2009-05-13 14:28 2009-05-2 表示 GitHub Exploit DB Packet Storm
249402 7.5 HIGH
drupal nodeaccess_userreference The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which mi… CWE-264
認可・権限・アクセス制御 		CVE-2009-1507 2009-05-13 14:28 2009-05-2 表示 GitHub Exploit DB Packet Storm
249403 4.4 MEDIUM
r020 tematres Multiple SQL injection vulnerabilities in TemaTres 1.031, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id_correo_electronico and (2) id_pass… CWE-89
SQLインジェクション 		CVE-2009-1585 2009-05-13 14:28 2009-05-8 表示 GitHub Exploit DB Packet Storm
249404 10.0 HIGH
hp openview_network_node_manager Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via unknown vectors. NVD-CWE-noinfo
CWE-94
コード・インジェクション 		CVE-2009-0720 2009-05-13 14:27 2009-05-6 表示 GitHub Exploit DB Packet Storm
249405 7.5 HIGH
mpfr gnu_mpfr Multiple buffer overflows in GNU MPFR 2.4.0 allow context-dependent attackers to cause a denial of service (crash) via the (1) mpfr_snprintf and (2) mpfr_vsnprintf functions. CWE-119
バッファエラー 		CVE-2009-0757 2009-05-13 14:27 2009-03-4 表示 GitHub Exploit DB Packet Storm
249406 5.0 MEDIUM
andrew_j.korty pam_ssh pam_ssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier fo… CWE-255
証明書・パスワード管理 		CVE-2009-1273 2009-05-13 14:27 2009-04-9 表示 GitHub Exploit DB Packet Storm
249407 5.0 MEDIUM
cgi_rescue form2mail Unspecified vulnerability in CGI RESCUE FORM2MAIL before 1.42 allows remote attackers to send email to arbitrary recipients via a web form. NVD-CWE-noinfo
CVE-2009-1590 2009-05-11 13:00 2009-05-9 表示 GitHub Exploit DB Packet Storm
249408 7.8 HIGH
mitel mitel_nupoint_messenger The server in Mitel NuPoint Messenger R11 and R3 sends usernames and passwords in cleartext to Exchange servers, which allows remote attackers to obtain sensitive information by sniffing the network. CWE-310
暗号の問題 		CVE-2008-6797 2009-05-8 13:00 2009-05-8 表示 GitHub Exploit DB Packet Storm
249409 7.5 HIGH
phpexplorer phphotogallery Multiple SQL injection vulnerabilities in index.php in phPhotoGallery 0.92 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. NOTE: the provenance… CWE-89
SQLインジェクション 		CVE-2008-6802 2009-05-8 13:00 2009-05-8 表示 GitHub Exploit DB Packet Storm
249410 6.8 MEDIUM
cisco wrt54gc Cross-site request forgery (CSRF) vulnerability in administration.cgi on the Cisco Linksys WRT54GC router with firmware 1.05.7 allows remote attackers to hijack the intranet connectivity of arbitrary… CWE-352
同一生成元ポリシー違反 		CVE-2009-1561 2009-05-7 13:00 2009-05-7 表示 GitHub Exploit DB Packet Storm
249411 6.8 MEDIUM
beltane beltane Cross-site request forgery (CSRF) vulnerability in Beltane before 2.3.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. NOTE: the provenance of this… CWE-352
同一生成元ポリシー違反 		CVE-2009-1518 2009-05-5 13:00 2009-05-5 表示 GitHub Exploit DB Packet Storm
249412 5.0 MEDIUM
abe_timmerman zml.cgi Directory traversal vulnerability in zml.cgi allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. NVD-CWE-Other
CVE-2001-1209 2009-04-30 13:08 2001-12-31 表示 GitHub Exploit DB Packet Storm
249413 4.3 MEDIUM
gecad axigen_mail_server Cross-site scripting (XSS) vulnerability in the web mail interface feature in AXIGEN Mail Server 6.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-1484 2009-04-30 03:30 2009-04-30 表示 GitHub Exploit DB Packet Storm
249414 6.8 MEDIUM
apache tiles Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cro… NVD-CWE-Other
CVE-2009-1275 2009-04-29 14:29 2009-04-10 表示 GitHub Exploit DB Packet Storm
249415 10.0 HIGH
mpg123 mpg123 Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execut… CWE-189
数値処理の問題 		CVE-2009-1301 2009-04-29 14:29 2009-04-17 表示 GitHub Exploit DB Packet Storm
249416 4.3 MEDIUM
mahara mahara Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x before 1.0.11 and 1.1.x before 1.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the introduction field i… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-0664 2009-04-29 14:28 2009-04-24 表示 GitHub Exploit DB Packet Storm
249417 6.5 MEDIUM
hp storage_essentials Unspecified vulnerability in Secure NaviCLI in HP Storage Essentials 6.0.2 through 6.0.4 allows remote authenticated users to obtain "access" or "extended privileges" via unknown vectors. NVD-CWE-noinfo
CVE-2009-0715 2009-04-29 14:28 2009-04-22 表示 GitHub Exploit DB Packet Storm
249418 1.9 LOW
novell access_manager Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that… CWE-200
情報漏えい 		CVE-2008-6722 2009-04-29 14:27 2009-04-15 表示 GitHub Exploit DB Packet Storm
249419 7.8 HIGH
cisco adaptive_security_appliance_5500
pix 		Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1(2)82, 7.2 before 7.2(4)27, 8.0 before 8.0(4)25, and 8.1 before 8.1(2)15, when AAA override-account-… CWE-287
不適切な認証 		CVE-2009-1155 2009-04-28 14:39 2009-04-10 表示 GitHub Exploit DB Packet Storm
249420 5.7 MEDIUM
cisco adaptive_security_appliance_5500
pix 		Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 8.0 before 8.0(4)25 and 8.1 before 8.1(2)15, when an SSL VPN or ASDM access is configured, allows remote atta… NVD-CWE-noinfo
CVE-2009-1156 2009-04-28 14:39 2009-04-10 表示 GitHub Exploit DB Packet Storm
249421 7.8 HIGH
cisco adaptive_security_appliance_5500
pix 		Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)30, 8.0 before 8.0(4)28, and 8.1 before 8.1(2… NVD-CWE-Other
CVE-2009-1157 2009-04-28 14:39 2009-04-10 表示 GitHub Exploit DB Packet Storm
249422 7.8 HIGH
cisco adaptive_security_appliance_5500
pix 		Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)26, 8.0 before 8.0(4)24, and 8.1 before 8.1(2)14, w… NVD-CWE-noinfo
CVE-2009-1158 2009-04-28 14:39 2009-04-10 表示 GitHub Exploit DB Packet Storm
249423 7.8 HIGH
cisco adaptive_security_appliance_5500
pix 		Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2 before 7.2(4)26, 8.0 before 8.0(4)22, and 8.1 before 8.1(2)12, when SQL*Net inspectio… NVD-CWE-noinfo
CVE-2009-1159 2009-04-28 14:39 2009-04-10 表示 GitHub Exploit DB Packet Storm
249424 7.8 HIGH
cisco adaptive_security_appliance_5500
pix 		Per vendor advisory: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml "VPN Authentication Bypass Vulnerability Cisco ASA or Cisco PIX security appliances tha… CWE-287
不適切な認証 		CVE-2009-1155 2009-04-28 14:39 2009-04-10 表示 GitHub Exploit DB Packet Storm
249425 5.7 MEDIUM
cisco adaptive_security_appliance_5500
pix 		Per vendor advisory: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml VPN Authentication Bypass Vulnerability The Cisco ASA or Cisco PIX security appliance c… NVD-CWE-noinfo
CVE-2009-1156 2009-04-28 14:39 2009-04-10 表示 GitHub Exploit DB Packet Storm
249426 7.8 HIGH
cisco adaptive_security_appliance_5500
pix 		Per vendor advisory: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml Crafted TCP Packet DoS Vulnerability Cisco ASA and Cisco PIX security appliances may ex… NVD-CWE-Other
CVE-2009-1157 2009-04-28 14:39 2009-04-10 表示 GitHub Exploit DB Packet Storm
249427 4.3 MEDIUM
cisco adaptive_security_appliance_5500
pix 		Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the impl… CWE-264
認可・権限・アクセス制御 		CVE-2009-1160 2009-04-28 14:39 2009-04-10 表示 GitHub Exploit DB Packet Storm
249428 7.5 HIGH
phpmyadmin phpmyadmin Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configur… CWE-94
コード・インジェクション 		CVE-2009-1285 2009-04-28 14:39 2009-04-17 表示 GitHub Exploit DB Packet Storm
249429 5.0 MEDIUM
sun java_system_directory_server The Online Help feature in Sun Java System Directory Server 5.2 and Enterprise Edition 5 allows remote attackers to determine the existence of files and directories, and possibly obtain partial conte… NVD-CWE-noinfo
CVE-2009-1332 2009-04-28 14:39 2009-04-17 表示 GitHub Exploit DB Packet Storm
249430 7.5 HIGH
hp storageworks_storage_mirroring Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to cause a denial of service or obtain "access" via unknown vectors. NVD-CWE-noinfo
CVE-2009-0716 2009-04-28 14:38 2009-04-22 表示 GitHub Exploit DB Packet Storm
249431 5.0 MEDIUM
hp storageworks_storage_mirroring Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to cause a denial of service via unknown vectors. NVD-CWE-noinfo
CVE-2009-0717 2009-04-28 14:38 2009-04-22 表示 GitHub Exploit DB Packet Storm
249432 10.0 HIGH
hp storageworks_storage_mirroring Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to execute arbitrary code via unknown vectors. NVD-CWE-noinfo
CVE-2009-0718 2009-04-28 14:38 2009-04-22 表示 GitHub Exploit DB Packet Storm
249433 4.3 MEDIUM
rim blackberry_enterprise_server Cross-site scripting (XSS) vulnerability in the "Customize Statistics Page" (admin/statistics/ConfigureStatistics) in the MDS Connection Service in Research in Motion (RIM) BlackBerry Enterprise Serv… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-0307 2009-04-28 14:37 2009-04-23 表示 GitHub Exploit DB Packet Storm
249434 4.3 MEDIUM
apache struts Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated … CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-6682 2009-04-28 14:37 2009-04-10 表示 GitHub Exploit DB Packet Storm
249435 7.5 HIGH
silverstripe silverstripe SQL injection vulnerability in File::find (filesystem/File.php) in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter. CWE-89
SQLインジェクション 		CVE-2009-1433 2009-04-27 13:00 2009-04-25 表示 GitHub Exploit DB Packet Storm
249436 7.5 HIGH
quickersite quickersite asp/bs_login.asp in QuickerSite 1.8.5 does not properly restrict access to administrative functionality, which allows remote attackers to (1) change the admin password via the cSaveAdminPW action; (2… CWE-264
認可・権限・アクセス制御 		CVE-2008-6673 2009-04-23 14:57 2009-04-8 表示 GitHub Exploit DB Packet Storm
249437 5.0 MEDIUM
quickersite quickersite mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood e-mail accounts with messages via a large number of requests with a modified sEmail parameter. CWE-264
認可・権限・アクセス制御 		CVE-2008-6674 2009-04-23 14:57 2009-04-8 表示 GitHub Exploit DB Packet Storm
249438 7.5 HIGH
quickersite quickersite Unrestricted file upload vulnerability in fckeditor251/editor/filemanager/connectors/asp/upload.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary code by uploading a file with an … CWE-94
コード・インジェクション 		CVE-2008-6677 2009-04-23 14:57 2009-04-8 表示 GitHub Exploit DB Packet Storm
249439 10.0 HIGH
gscripts dns_tools dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter. NOTE: the provenance of this information is unknown; the detail… CWE-20
不適切な入力確認 		CVE-2009-1361 2009-04-23 13:00 2009-04-23 表示 GitHub Exploit DB Packet Storm
249440 4.3 MEDIUM
mark_girling myshoutpro Cross-site scripting (XSS) vulnerability in MyShoutPro before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2006-7238 2009-04-22 13:00 2009-04-22 表示 GitHub Exploit DB Packet Storm
249441 4.3 MEDIUM
drupal print Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.5 and 6.x before 6.x-1.5, a module for Drupal, allows remote attackers to inject a… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-1343 2009-04-21 13:00 2009-04-20 表示 GitHub Exploit DB Packet Storm
249442 4.3 MEDIUM
drupal cck_comment_reference Cross-site scripting (XSS) vulnerability in the CCK comment reference module 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via certain commen… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-1342 2009-04-20 23:30 2009-04-20 表示 GitHub Exploit DB Packet Storm
249443 4.3 MEDIUM
drupal localization_client Cross-site scripting (XSS) vulnerability in the Localization client module 5.x before 5.x-1.2 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HT… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-1344 2009-04-20 23:30 2009-04-20 表示 GitHub Exploit DB Packet Storm
249444 5.0 MEDIUM
tor tor Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to cause a denial of service (infinite loop) via "corrupt votes." NVD-CWE-noinfo
CVE-2009-0936 2009-04-18 14:47 2009-03-18 表示 GitHub Exploit DB Packet Storm
249445 5.0 MEDIUM
tor tor Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service via unknown vectors. NVD-CWE-noinfo
CVE-2009-0937 2009-04-18 14:47 2009-03-18 表示 GitHub Exploit DB Packet Storm
249446 10.0 HIGH
tor tor Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec conformance," as demonstrated using 192.168.0. NVD-CWE-noinfo
CVE-2009-0939 2009-04-18 14:47 2009-03-18 表示 GitHub Exploit DB Packet Storm
249447 4.3 MEDIUM
horde application_framework Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote att… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-5917 2009-04-18 14:44 2009-01-21 表示 GitHub Exploit DB Packet Storm
249448 4.3 MEDIUM
apache struts Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, … CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-2025 2009-04-18 14:35 2009-04-10 表示 GitHub Exploit DB Packet Storm
249449 4.3 MEDIUM
zazzle store_builder Multiple cross-site scripting (XSS) vulnerabilities in include/zstore.php in Zazzle Store Builder 1.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) gridPage and (2) grid… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-1320 2009-04-17 23:08 2009-04-17 表示 GitHub Exploit DB Packet Storm
249450 4.3 MEDIUM
debian horde_imp Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 4.2.2 and 4.3.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) smime.php, (2) pgp… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-0930 2009-04-16 14:38 2009-03-18 表示 GitHub Exploit DB Packet Storm