31 matches found
EUVD-2016-5845
Malware in sbrugna...
EUVD-2019-15590
Malware in sbrugna...
CVE-2019-6022
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function...
CVE-2019-6022
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function...
CVE-2019-6022
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function...
Directory traversal
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function...
CVE-2019-6022
CVE-2019-6022 affects Cybozu Office versions 10.0.0 to 10.8.3. The vulnerability is a directory traversal in the Customapp function that allows a remote authenticated attacker to alter arbitrary files on the server. Root cause involves improper handling of resource/file paths in the Customapp wor...
Cybozu Office "Customapp" Directory Traversal Vulnerability
Cybozu Office is a Web-based, cross-platform collaboration solution from Cybozu. A path traversal vulnerability exists in Cybozu Office versions 10.0.0 through 10.8.3. The vulnerability stems from a failure of a networked system or product to properly filter special elements in the path of a...
CVE-2017-2116
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors...
CVE-2017-2116
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors...
CVE-2017-2115
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors...
CVE-2017-2115
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors...
CVE-2017-2116
Cybozu Office 10.0.0–10.5.0 contains an access restriction bypass in the templates delete function for the ustomapp eature, enabling remote authenticated attackers to delete ustomapp mplates via unspecified vectors. The CVE is CVE-2017-2116. The vulnerability is documented across multiple sourc...
CVE-2017-2115
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors...
CVE-2017-2116
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors...
Cross site scripting
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function...
CVE-2016-4865
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function...
CVE-2016-4865
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function...
Cybozu Office fails to restrict access permission in the templates delete function in "customapp"
Overview Cybozu Office contains an access restriction flaw in the templates delete function in "customapp". Cybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning...
Cybozu Office fails to restrict access permission in the file export function in "customapp"
Overview Cybozu Office contains an access restriction flaw in the file export function in "customapp". Cybozu, Inc. reported this vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning...