VYPR

Vendor CVEs

Cybozu

All CVEs

332 total · sorted by risk
  • CVE-2025-34046CriJun 26, 2025
    risk 0.65cvss epss 0.01

    An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management interface. The vulnerability affects the /general/index/UploadFile.php endpoint, which improperly validates uploaded files when invoked with certain parameters…

  • CVE-2016-1219CriApr 20, 2017
    risk 0.64cvss 9.8epss 0.03

    Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.

  • CVE-2018-0607HigJul 26, 2018
    risk 0.57cvss 8.8epss 0.01

    SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2018-0530HigApr 16, 2018
    risk 0.57cvss 8.8epss 0.01

    SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2016-7803HigJun 9, 2017
    risk 0.57cvss 8.8epss 0.02

    SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.

  • CVE-2016-4907HigJun 9, 2017
    risk 0.57cvss 8.8epss 0.01

    Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.

  • CVE-2016-1218HigApr 20, 2017
    risk 0.57cvss 8.8epss 0.02

    SQL injection vulnerability in Cybozu Garoon before 4.2.2.

  • CVE-2016-1151HigFeb 17, 2016
    risk 0.57cvss 8.8epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users.

  • CVE-2016-1189HigJun 25, 2016
    risk 0.53cvss 8.1epss 0.01

    Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.

  • CVE-2016-7833HigJun 9, 2017
    risk 0.49cvss 7.5epss 0.02

    Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.

  • CVE-2016-1193HigJun 25, 2016
    risk 0.49cvss 7.5epss 0.02

    Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.

  • CVE-2016-1195HigJun 19, 2016
    risk 0.48cvss 7.4epss 0.02

    Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.

  • CVE-2015-8483HigFeb 17, 2016
    risk 0.48cvss 7.4epss 0.01

    Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.

  • CVE-2016-1187MedApr 21, 2017
    risk 0.44cvss 6.8epss 0.01

    Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates.

  • CVE-2016-7802MedJun 9, 2017
    risk 0.42cvss 6.5epss 0.03

    Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.

  • CVE-2016-1194MedApr 21, 2017
    risk 0.42cvss 6.5epss 0.02

    Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service.

  • CVE-2016-4843MedApr 20, 2017
    risk 0.42cvss 6.5epss 0.02

    Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information.

  • CVE-2016-4871MedApr 17, 2017
    risk 0.42cvss 6.5epss 0.02

    Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.

  • CVE-2016-4869MedApr 17, 2017
    risk 0.42cvss 6.5epss 0.02

    Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.

  • CVE-2016-1190MedJun 25, 2016
    risk 0.42cvss 6.5epss 0.01

    Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors.

  • CVE-2016-1188MedJun 25, 2016
    risk 0.42cvss 6.5epss 0.01

    Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors.

  • CVE-2016-1153MedFeb 17, 2016
    risk 0.42cvss 6.5epss 0.02

    customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service via unspecified vectors, a different vulnerability than CVE-2015-8489.

  • CVE-2015-8489MedFeb 17, 2016
    risk 0.42cvss 6.5epss 0.02

    customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database locking) via a crafted CSV file, a different vulnerability than CVE-2016-1153.

  • CVE-2018-0567MedJun 26, 2018
    risk 0.41cvss 6.3epss 0.01

    Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors.

  • CVE-2018-0565MedJun 26, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2018-0559MedJun 26, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors.

  • CVE-2018-0558MedJun 26, 2018
    risk 0.40cvss 6.1epss 0.01

    Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors.

  • CVE-2018-0557MedJun 26, 2018
    risk 0.40cvss 6.1epss 0.01

    Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors.

  • CVE-2018-0527MedJun 26, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2017-2257MedAug 29, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function.

  • CVE-2017-2172MedJul 7, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-4906MedJun 9, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai.

  • CVE-2016-1217MedApr 20, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.

  • CVE-2016-1216MedApr 20, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2.

  • CVE-2016-1215MedApr 20, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2.

  • CVE-2016-1214MedApr 20, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2.

  • CVE-2016-1213MedApr 20, 2017
    risk 0.40cvss 6.1epss 0.01

    The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites.

  • CVE-2016-1197MedJun 19, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7775.

  • CVE-2016-1150MedFeb 17, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1149.

  • CVE-2016-1149MedFeb 17, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1150.

  • CVE-2015-7798MedFeb 17, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2016-1149, and CVE-2016-1150.

  • CVE-2015-7797MedFeb 17, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.

  • CVE-2015-7796MedFeb 17, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.

  • CVE-2015-7795MedFeb 17, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.

  • CVE-2016-7816MedJun 9, 2017
    risk 0.38cvss 5.9epss 0.01

    The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

  • CVE-2016-1186MedApr 21, 2017
    risk 0.38cvss 5.9epss 0.01

    Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates.

  • CVE-2018-0551MedApr 16, 2018
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2018-0549MedApr 16, 2018
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2017-2256MedAug 29, 2017
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo".

  • CVE-2017-2255MedAug 29, 2017
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space".

Page 1 of 7