Vulnerabilities > Cybozu > Office > 9.1.0

DATE CVE VULNERABILITY TITLE RISK
2017-04-17 CVE-2016-4874 Improper Access Control vulnerability in Cybozu Office
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.
network
cybozu CWE-284
3.5
3.5
2017-04-17 CVE-2016-4873 Permission Issues vulnerability in Cybozu Office
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.
network
low complexity
cybozu CWE-275
4.0
4.0
2017-04-17 CVE-2016-4872 Information Exposure vulnerability in Cybozu Office
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.
network
low complexity
cybozu CWE-200
4.0
4.0
2017-04-17 CVE-2016-4871 Resource Management Errors vulnerability in Cybozu Office
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.
network
low complexity
cybozu CWE-399
6.8
6.8
2017-04-17 CVE-2016-4870 Cross-site Scripting vulnerability in Cybozu Office
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function.
network
cybozu CWE-79
3.5
3.5
2017-04-17 CVE-2016-4869 Information Exposure vulnerability in Cybozu Office
Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.
network
cybozu CWE-200
4.3
4.3
2017-04-17 CVE-2016-4868 Improper Input Validation vulnerability in Cybozu Office
Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.
network
cybozu CWE-20
4.3
4.3
2017-04-17 CVE-2016-4867 Information Exposure vulnerability in Cybozu Office
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function.
network
low complexity
cybozu CWE-200
4.0
4.0
2017-04-17 CVE-2016-4866 Cross-site Scripting vulnerability in Cybozu Office
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function.
network
cybozu CWE-79
3.5
3.5
2017-04-17 CVE-2016-4865 Cross-site Scripting vulnerability in Cybozu Office
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function.
network
cybozu CWE-79
3.5
3.5