Vulnerabilities > Cybozu
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-04-16 | CVE-2018-0532 | Cross-site Scripting vulnerability in Cybozu Garoon Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors. | 4.0 |
2018-04-16 | CVE-2018-0531 | Unspecified vulnerability in Cybozu Garoon Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors. | 4.0 |
2018-04-16 | CVE-2018-0530 | SQL Injection vulnerability in Cybozu Garoon SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2017-10-12 | CVE-2017-10857 | Improper Privilege Management vulnerability in Cybozu Office Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function. | 4.0 |
2017-08-29 | CVE-2017-2258 | Path Traversal vulnerability in Cybozu Garoon 4.2.4/4.2.5 Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications". | 4.0 |
2017-08-29 | CVE-2017-2257 | Cross-site Scripting vulnerability in Cybozu Garoon Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function. | 4.3 |
2017-08-29 | CVE-2017-2256 | Cross-site Scripting vulnerability in Cybozu Garoon Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo". | 3.5 |
2017-08-29 | CVE-2017-2255 | Cross-site Scripting vulnerability in Cybozu Garoon Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space". | 3.5 |
2017-08-29 | CVE-2017-2254 | Improper Input Validation vulnerability in Cybozu Garoon Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input | 4.0 |
2017-07-07 | CVE-2017-2172 | Cross-site Scripting vulnerability in Cybozu Kunai Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |