VYPR

Office

by Cybozu

CVEs (81)

  • CVE-2021-20628Mar 18, 2021
    risk 0.00cvss epss 0.01

    Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox.

  • CVE-2021-20627Mar 18, 2021
    risk 0.00cvss epss 0.01

    Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.

  • CVE-2021-20625Mar 18, 2021
    risk 0.00cvss epss 0.01

    Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspecified vectors.

  • CVE-2021-20626Mar 18, 2021
    risk 0.00cvss epss 0.01

    Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors.

  • CVE-2021-20624Mar 18, 2021
    risk 0.00cvss epss 0.01

    Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vectors.

  • CVE-2019-6023Dec 26, 2019
    risk 0.00cvss epss 0.01

    Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction which may result in obtaining data without access privileges via the application 'Address'.

  • CVE-2019-6022Dec 26, 2019
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function.

  • CVE-2018-0704Jan 9, 2019
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen.

  • CVE-2018-0703Jan 9, 2019
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests.

  • CVE-2014-5314Nov 24, 2014
    risk 0.00cvss epss 0.04

    Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages.

  • CVE-2013-4703Sep 10, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the top-page customization feature in Cybozu Office before 9.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2013-3656Jul 20, 2013
    risk 0.00cvss epss 0.02

    Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL.

  • CVE-2013-3269Apr 25, 2013
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0 allows remote attackers to hijack the authentication of arbitrary users for requests that change mobile passwords, a different vulnerability than CVE-2013-2305.

  • CVE-2013-2305Apr 25, 2013
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords.

  • CVE-2011-2677Oct 21, 2011
    risk 0.00cvss epss 0.01

    Cybozu Office before 8.0.0 allows remote authenticated users to bypass intended access restrictions and access sensitive information (time card and attendance) via unspecified vectors related to manipulation of a URL.

  • CVE-2011-1335Jun 29, 2011
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Cybozu Office 6, 7, and 8 before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "address book and user list functions."

  • CVE-2011-1334Jun 29, 2011
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to…

  • CVE-2011-1333Jun 29, 2011
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the bulletin board system."

  • CVE-2010-2029May 24, 2010
    risk 0.00cvss epss 0.01

    Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone.

  • CVE-2008-6744Apr 23, 2009
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Page 4 of 5