Office
by Cybozu
CVEs (81)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-8485 | Med | 0.35 | 5.4 | 0.01 | Feb 17, 2016 | Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8486, and CVE-2016-1152. | ||
| CVE-2015-8484 | Med | 0.35 | 5.4 | 0.01 | Feb 17, 2016 | Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485, CVE-2015-8486, and CVE-2016-1152. | ||
| CVE-2016-4866 | Med | 0.31 | 4.8 | 0.01 | Apr 17, 2017 | Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function. | ||
| CVE-2016-4865 | Med | 0.31 | 4.8 | 0.01 | Apr 17, 2017 | Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function. | ||
| CVE-2018-0566 | Med | 0.28 | 4.3 | 0.01 | Jun 26, 2018 | Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors. | ||
| CVE-2018-0529 | Med | 0.28 | 4.3 | 0.01 | Jun 26, 2018 | Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors. | ||
| CVE-2018-0528 | Med | 0.28 | 4.3 | 0.01 | Jun 26, 2018 | Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors. | ||
| CVE-2018-0526 | Med | 0.28 | 4.3 | 0.01 | Jun 26, 2018 | Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors. | ||
| CVE-2017-10857 | Med | 0.28 | 4.3 | 0.01 | Oct 12, 2017 | Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function. | ||
| CVE-2017-2116 | Med | 0.28 | 4.3 | 0.01 | Apr 28, 2017 | Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors. | ||
| CVE-2017-2115 | Med | 0.28 | 4.3 | 0.01 | Apr 28, 2017 | Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors. | ||
| CVE-2016-4873 | Med | 0.28 | 4.3 | 0.01 | Apr 17, 2017 | Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function. | ||
| CVE-2016-4872 | Med | 0.28 | 4.3 | 0.01 | Apr 17, 2017 | Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail. | ||
| CVE-2016-4868 | Med | 0.28 | 4.3 | 0.01 | Apr 17, 2017 | Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests. | ||
| CVE-2016-4867 | Med | 0.28 | 4.3 | 0.01 | Apr 17, 2017 | Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function. | ||
| CVE-2015-8488 | Med | 0.28 | 4.3 | 0.01 | Feb 17, 2016 | Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487. | ||
| CVE-2015-8487 | Med | 0.28 | 4.3 | 0.01 | Feb 17, 2016 | Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488. | ||
| CVE-2016-4874 | Low | 0.23 | 3.5 | 0.01 | Apr 17, 2017 | Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack. | ||
| CVE-2023-2523 | 0.07 | — | 0.33 | May 4, 2023 | A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobile_upload_save. The manipulation of the argument upload_quwan leads to unrestricted upload. The attack… | |||
| CVE-2006-4490 | 0.03 | — | 0.03 | Aug 31, 2006 | Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot dot) sequence via the id parameter in (1) scripts/cbag/ag.exe or (2)… |
- risk 0.35cvss 5.4epss 0.01
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8486, and CVE-2016-1152.
- risk 0.35cvss 5.4epss 0.01
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485, CVE-2015-8486, and CVE-2016-1152.
- risk 0.31cvss 4.8epss 0.01
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function.
- risk 0.31cvss 4.8epss 0.01
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function.
- risk 0.28cvss 4.3epss 0.01
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function.
- risk 0.28cvss 4.3epss 0.01
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.
- risk 0.28cvss 4.3epss 0.01
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.
- risk 0.28cvss 4.3epss 0.01
Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.
- risk 0.28cvss 4.3epss 0.01
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function.
- risk 0.28cvss 4.3epss 0.01
Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487.
- risk 0.28cvss 4.3epss 0.01
Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488.
- risk 0.23cvss 3.5epss 0.01
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.
- CVE-2023-2523May 4, 2023risk 0.07cvss —epss 0.33
A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobile_upload_save. The manipulation of the argument upload_quwan leads to unrestricted upload. The attack…
- CVE-2006-4490Aug 31, 2006risk 0.03cvss —epss 0.03
Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot dot) sequence via the id parameter in (1) scripts/cbag/ag.exe or (2)…
Page 2 of 5