Filtered by vendor Cybozu
Subscribe
Search
Total
303 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0607 | 1 Cybozu | 1 Garoon | 2018-09-24 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2018-0527 | 1 Cybozu | 1 Office | 2018-08-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-0528 | 1 Cybozu | 1 Office | 2018-08-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors. | |||||
| CVE-2018-0557 | 1 Cybozu | 1 Mailwise | 2018-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors. | |||||
| CVE-2018-0559 | 1 Cybozu | 1 Mailwise | 2018-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors. | |||||
| CVE-2018-0558 | 1 Cybozu | 1 Mailwise | 2018-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors. | |||||
| CVE-2018-0565 | 1 Cybozu | 1 Office | 2018-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-0529 | 1 Cybozu | 1 Office | 2018-08-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2018-0526 | 1 Cybozu | 1 Office | 2018-08-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors. | |||||
| CVE-2018-0549 | 1 Cybozu | 1 Garoon | 2018-05-17 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-0551 | 1 Cybozu | 1 Garoon | 2018-05-17 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-0530 | 1 Cybozu | 1 Garoon | 2018-05-17 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2018-0532 | 1 Cybozu | 1 Garoon | 2018-05-17 | 4.0 MEDIUM | 2.7 LOW |
| Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors. | |||||
| CVE-2013-3656 | 1 Cybozu | 1 Cybozu Office | 2017-11-29 | 5.8 MEDIUM | N/A |
| Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL. | |||||
| CVE-2017-2256 | 1 Cybozu | 1 Garoon | 2017-08-30 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo". | |||||
| CVE-2017-2258 | 1 Cybozu | 1 Garoon | 2017-08-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications". | |||||
| CVE-2017-2257 | 1 Cybozu | 1 Garoon | 2017-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function. | |||||
| CVE-2017-2255 | 1 Cybozu | 1 Garoon | 2017-08-30 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space". | |||||
| CVE-2017-2254 | 1 Cybozu | 1 Garoon | 2017-08-30 | 4.0 MEDIUM | 4.9 MEDIUM |
| Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input | |||||
| CVE-2013-6005 | 1 Cybozu | 1 Dezie | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cybozu Dezie before 8.1.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Cancel button. | |||||
| CVE-2013-3269 | 1 Cybozu | 1 Cybozu Office | 2017-08-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0 allows remote attackers to hijack the authentication of arbitrary users for requests that change mobile passwords, a different vulnerability than CVE-2013-2305. | |||||
| CVE-2011-2677 | 1 Cybozu | 1 Office | 2017-08-29 | 5.5 MEDIUM | N/A |
| Cybozu Office before 8.0.0 allows remote authenticated users to bypass intended access restrictions and access sensitive information (time card and attendance) via unspecified vectors related to manipulation of a URL. | |||||
| CVE-2010-2029 | 1 Cybozu | 2 Cybozu Dotsales, Cybozu Office | 2017-08-17 | 5.8 MEDIUM | N/A |
| Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone. | |||||
| CVE-2008-6744 | 1 Cybozu | 3 Cybozu Dezie, Cybozu Garoon, Cybozu Office | 2017-08-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2008-6570 | 1 Cybozu | 1 Garoon | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the RSS reader in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. | |||||
| CVE-2008-6569 | 1 Cybozu | 1 Garoon | 2017-08-17 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session ID in the login page. | |||||
| CVE-2017-2172 | 1 Cybozu | 1 Kunai | 2017-07-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-4490 | 1 Cybozu | 2 Cybozu Office, Share 360 | 2017-07-20 | 4.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot dot) sequence via the id parameter in (1) scripts/cbag/ag.exe or (2) scripts/s360v2/s360.exe. | |||||
| CVE-2006-4444 | 1 Cybozu | 1 Garoon | 2017-07-20 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete functionality; the (2) pid parameter in the (d) workflow/view or (e) workflow/print functionality; the (3) uid parameter in the (f) schedule/user_view, (g) phonemessage/add, (h) phonemessage/history, or (i) schedule/view functionality; the (4) cid parameter in (j) todo/index; the (5) iid parameter in the (k) memo/view or (l) memo/print functionality; or the (6) event parameter in the (m) schedule/view functionality. | |||||
| CVE-2017-2145 | 1 Cybozu | 1 Garoon | 2017-07-14 | 5.8 MEDIUM | 5.4 MEDIUM |
| Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors. | |||||
| CVE-2017-2146 | 1 Cybozu | 1 Garoon | 2017-07-12 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu. | |||||
| CVE-2016-7816 | 1 Cybozu | 1 Kintone | 2017-06-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-7833 | 1 Cybozu | 1 Dezie | 2017-06-14 | 6.4 MEDIUM | 7.5 HIGH |
| Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors. | |||||
| CVE-2016-7832 | 1 Cybozu | 1 Dezie | 2017-06-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors. | |||||
| CVE-2016-4909 | 1 Cybozu | 1 Garoon | 2017-06-13 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors. | |||||
| CVE-2016-4910 | 1 Cybozu | 1 Garoon | 2017-06-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors. | |||||
| CVE-2016-7801 | 1 Cybozu | 1 Garoon | 2017-06-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors. | |||||
| CVE-2016-4907 | 1 Cybozu | 1 Garoon | 2017-06-13 | 6.8 MEDIUM | 8.8 HIGH |
| Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors. | |||||
| CVE-2016-4906 | 1 Cybozu | 1 Garoon | 2017-06-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai. | |||||
| CVE-2016-4908 | 1 Cybozu | 1 Garoon | 2017-06-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors. | |||||
| CVE-2016-7802 | 1 Cybozu | 1 Garoon | 2017-06-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2016-7803 | 1 Cybozu | 1 Garoon | 2017-06-13 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function. | |||||
| CVE-2016-4870 | 1 Cybozu | 1 Office | 2017-05-23 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function. | |||||
| CVE-2016-4873 | 1 Cybozu | 1 Office | 2017-05-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function. | |||||
| CVE-2016-4872 | 1 Cybozu | 1 Office | 2017-05-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail. | |||||
| CVE-2016-4865 | 1 Cybozu | 1 Office | 2017-05-23 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function. | |||||
| CVE-2016-4866 | 1 Cybozu | 1 Office | 2017-05-23 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function. | |||||
| CVE-2016-4867 | 1 Cybozu | 1 Office | 2017-05-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function. | |||||
| CVE-2016-4868 | 1 Cybozu | 1 Office | 2017-05-23 | 4.3 MEDIUM | 4.3 MEDIUM |
| Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests. | |||||
| CVE-2016-4869 | 1 Cybozu | 1 Office | 2017-05-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed. | |||||