Vulnerabilities > Cybozu
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-02-17 | CVE-2015-8485 | Permissions, Privileges, and Access Controls vulnerability in Cybozu Office Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8486, and CVE-2016-1152. | 5.5 |
2016-02-17 | CVE-2015-8484 | Permissions, Privileges, and Access Controls vulnerability in Cybozu Office Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485, CVE-2015-8486, and CVE-2016-1152. | 5.5 |
2016-02-17 | CVE-2015-8483 | Open Redirection vulnerability in Cybozu Office Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. network cybozu | 5.8 |
2016-02-17 | CVE-2015-7798 | Cross-site Scripting vulnerability in Cybozu Office Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2016-1149, and CVE-2016-1150. | 4.3 |
2016-02-17 | CVE-2015-7797 | Cross-site Scripting vulnerability in Cybozu Office Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150. | 4.3 |
2016-02-17 | CVE-2015-7796 | Cross-site Scripting vulnerability in Cybozu Office Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150. | 4.3 |
2016-02-17 | CVE-2015-7795 | Cross-site Scripting vulnerability in Cybozu Office Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150. | 4.3 |
2015-10-12 | CVE-2015-5647 | Code Injection vulnerability in Cybozu Garoon The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866. | 8.5 |
2015-10-12 | CVE-2015-5646 | Code Injection vulnerability in Cybozu Garoon Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867. | 8.5 |
2015-10-08 | CVE-2015-5649 | Improper Authentication vulnerability in Cybozu Garoon Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privileges. | 7.0 |