| CVE-2016-7833 |
high |
7.5 |
7.5 |
|
|
cybozu |
9y ago |
Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors. |
| CVE-2016-7803 |
high |
8.8 |
8.8 |
|
|
cybozu |
9y ago |
SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function. |
| CVE-2016-4907 |
high |
8.8 |
8.8 |
|
|
cybozu |
9y ago |
Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors. |
| CVE-2017-2109 |
low |
2.5 |
2.5 |
|
|
cybozu |
9y ago |
Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application. |
| CVE-2016-1218 |
high |
8.8 |
8.8 |
|
|
cybozu |
9y ago |
SQL injection vulnerability in Cybozu Garoon before 4.2.2. |
| CVE-2016-1219 |
critical |
9.8 |
9.8 |
|
|
cybozu |
9y ago |
Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use. |
| CVE-2016-4874 |
low |
3.5 |
3.5 |
|
|
cybozu |
9y ago |
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack. |
| CVE-2016-1193 |
high |
7.5 |
7.5 |
|
|
cybozu |
10y ago |
Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors. |
| CVE-2016-1189 |
high |
8.1 |
8.1 |
|
|
cybozu |
10y ago |
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors. |
| CVE-2016-1195 |
high |
7.4 |
7.4 |
|
|
cybozu |
10y ago |
Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. |
| CVE-2016-1185 |
low |
2.5 |
2.5 |
|
|
cybozu |
10y ago |
The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application. |
| CVE-2016-1151 |
high |
8.8 |
8.8 |
|
|
cybozu |
10y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users. |
| CVE-2015-8483 |
high |
7.4 |
7.4 |
|
|
cybozu |
10y ago |
Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. |
| CVE-2015-5647 |
high |
— |
8.5 |
|
|
cybozu |
11y ago |
The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866. |
| CVE-2015-5646 |
high |
— |
8.5 |
|
|
cybozu |
11y ago |
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867. |
| CVE-2015-5649 |
high |
— |
7.0 |
|
|
cybozu |
11y ago |
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended l… |
| CVE-2014-7266 |
high |
— |
7.8 |
|
|
cybozu |
12y ago |
Algorithmic complexity vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x through 3.1.2 allows remote attackers to cause a denial of service (CPU consumption) via vectors that trigg… |
| CVE-2014-5314 |
critical |
— |
9.0 |
|
|
cybozu |
12y ago |
Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages. |
| CVE-2014-1996 |
high |
— |
7.5 |
|
|
cybozu |
12y ago |
Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call. |
| CVE-2014-1995 |
low |
— |
3.5 |
|
|
cybozu |
12y ago |
Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspe… |
| CVE-2014-1994 |
low |
— |
3.5 |
|
|
cybozu |
12y ago |
Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified ve… |
| CVE-2014-1992 |
low |
— |
3.5 |
|
|
cybozu |
12y ago |
Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML… |
| CVE-2014-1987 |
critical |
— |
10.0 |
|
|
cybozu |
12y ago |
The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrary commands via unspecified vectors. |
| CVE-2014-1988 |
low |
— |
3.5 |
|
|
cybozu |
12y ago |
The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors. |
| CVE-2014-1983 |
high |
— |
7.8 |
|
|
cybozu |
12y ago |
Unspecified vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to cause a denial of service (CPU consumption) via unknown vectors. |
| CVE-2013-6915 |
low |
— |
3.5 |
|
|
cybozu |
13y ago |
Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified … |
| CVE-2013-6914 |
low |
— |
3.5 |
|
|
cybozu |
13y ago |
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-6913 |
low |
— |
3.5 |
|
|
cybozumicrosoft |
13y ago |
Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote authenticated users to inject arbitrary web script or HTML … |
| CVE-2013-6912 |
low |
— |
3.5 |
|
|
cybozumicrosoft |
13y ago |
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2, when Internet Explorer 6 through 9 is used, allows remote authenticated users to inject arbitrary web s… |
| CVE-2013-6911 |
low |
— |
3.5 |
|
|
cybozumozillamicrosoft |
13y ago |
Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject arbitrar… |
| CVE-2013-6003 |
low |
— |
3.5 |
|
|
cybozu |
13y ago |
CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vect… |
| CVE-2013-4698 |
low |
— |
3.5 |
|
|
cybozu |
13y ago |
Cybozu Mailwise 5.0.4 and 5.0.5 allows remote authenticated users to obtain sensitive e-mail content intended for different persons in opportunistic circumstances by reading Subject header lines with… |
| CVE-2012-4011 |
critical |
— |
9.3 |
|
|
cybozu |
14y ago |
The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. |
