VYPR

Office

by Cybozu

CVEs (81)

  • CVE-2015-8485MedFeb 17, 2016
    risk 0.35cvss 5.4epss 0.01

    Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8486, and CVE-2016-1152.

  • CVE-2015-8484MedFeb 17, 2016
    risk 0.35cvss 5.4epss 0.01

    Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485, CVE-2015-8486, and CVE-2016-1152.

  • CVE-2016-4866MedApr 17, 2017
    risk 0.31cvss 4.8epss 0.01

    Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function.

  • CVE-2016-4865MedApr 17, 2017
    risk 0.31cvss 4.8epss 0.01

    Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function.

  • CVE-2018-0566MedJun 26, 2018
    risk 0.28cvss 4.3epss 0.01

    Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors.

  • CVE-2018-0529MedJun 26, 2018
    risk 0.28cvss 4.3epss 0.01

    Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors.

  • CVE-2018-0528MedJun 26, 2018
    risk 0.28cvss 4.3epss 0.01

    Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors.

  • CVE-2018-0526MedJun 26, 2018
    risk 0.28cvss 4.3epss 0.01

    Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors.

  • CVE-2017-10857MedOct 12, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function.

  • CVE-2017-2116MedApr 28, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors.

  • CVE-2017-2115MedApr 28, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors.

  • CVE-2016-4873MedApr 17, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.

  • CVE-2016-4872MedApr 17, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.

  • CVE-2016-4868MedApr 17, 2017
    risk 0.28cvss 4.3epss 0.01

    Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.

  • CVE-2016-4867MedApr 17, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function.

  • CVE-2015-8488MedFeb 17, 2016
    risk 0.28cvss 4.3epss 0.01

    Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487.

  • CVE-2015-8487MedFeb 17, 2016
    risk 0.28cvss 4.3epss 0.01

    Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488.

  • CVE-2016-4874LowApr 17, 2017
    risk 0.23cvss 3.5epss 0.01

    Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.

  • CVE-2023-2523May 4, 2023
    risk 0.07cvss epss 0.33

    A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobile_upload_save. The manipulation of the argument upload_quwan leads to unrestricted upload. The attack…

  • CVE-2006-4490Aug 31, 2006
    risk 0.03cvss epss 0.03

    Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot dot) sequence via the id parameter in (1) scripts/cbag/ag.exe or (2)…

Page 2 of 5