Vulnerabilities > Cybozu

DATE CVE VULNERABILITY TITLE RISK
2012-09-14 CVE-2012-4013 Information Exposure vulnerability in Cybozu Kunai Browser FOR Remote Service
The WebView class in the Cybozu KUNAI Browser for Remote Service application beta for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL.
network
cybozu CWE-200
4.3
2012-09-08 CVE-2012-4012 Information Exposure vulnerability in Cybozu Kunai 2.0.5
The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL.
network
cybozu CWE-200
4.3
2012-09-08 CVE-2012-4011 OS Command Injection vulnerability in Cybozu Kunai 2.0.5
The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site.
network
cybozu CWE-78
critical
9.3
2012-08-31 CVE-2012-4009 Code Injection vulnerability in Cybozu Live 1.0.4
The WebView class in the Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL.
network
cybozu CWE-94
6.8
2012-08-31 CVE-2012-4008 Code Injection vulnerability in Cybozu Live 1.0.4
The Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site.
network
cybozu CWE-94
6.8
2011-10-21 CVE-2011-2677 Permissions, Privileges, and Access Controls vulnerability in Cybozu Office 6
Cybozu Office before 8.0.0 allows remote authenticated users to bypass intended access restrictions and access sensitive information (time card and attendance) via unspecified vectors related to manipulation of a URL.
network
low complexity
cybozu CWE-264
5.5
2011-06-29 CVE-2011-1335 Cross-Site Scripting vulnerability in Cybozu Office 6/7/8
Cross-site scripting (XSS) vulnerability in Cybozu Office 6, 7, and 8 before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "address book and user list functions."
network
cybozu CWE-79
4.3
2011-06-29 CVE-2011-1334 Cross-Site Scripting vulnerability in Cybozu products
Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the mail system."
network
cybozu CWE-79
4.3
2011-06-29 CVE-2011-1333 Cross-Site Scripting vulnerability in Cybozu Garoon and Office
Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the bulletin board system."
network
cybozu CWE-79
4.3
2011-06-29 CVE-2011-1332 Cross-Site Scripting vulnerability in Cybozu Garoon
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-6570.
network
cybozu CWE-79
4.3