105 matches found
CVE-2016-4842
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read...
CVE-2016-4844
Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks...
CVE-2016-4842
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read...
CVE-2016-4843
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information...
CVE-2016-4843
CVE-2016-4843 affects Cybozu Mailwise prior to 5.4.0. The issue is an information-disclosure vulnerability: an unauthenticated remote attacker could obtain sensitive cookie/session information due to exposure on the CGI environment variables display page. Impact is partial confidentiality loss of...
CVE-2016-4844
Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks...
CVE-2016-4844
CVE-2016-4844 : Cybozu Mailwise is vulnerable to clickjacking in versions before 5.4.0. Several sources (NVD entry for CVE-2016-4844 and OpenVAS/JS references) specify vulnerable ranges such as 5.0.0–5.3.2 and indicate that an attacker could trick authenticated users into unintended actions by lo...
CVE-2016-4842
CVE-2016-4842 affects Cybozu Mailwise prior to 5.4.0. A vulnerability in the mail view page can disclose that a user read a specific email when a specially crafted message is opened, enabling information disclosure from remote attackers. Affected versions are 5.0.0 through 5.3.2. The root cause r...
Cybozu Mailwise Information Disclosure Vulnerability (CNVD-2016-06399)
Cybozu Mailwise is a Web-based e-mail system from Cybozu. An information disclosure vulnerability exists in Cybozu Mailwise versions 5.0.0 through 5.3.2. A remote attacker can exploit this vulnerability to obtain sensitive information...
Cybozu Mailwise Information Disclosure Vulnerability (CNVD-2016-06382)
Cybozu Mailwise is a web-based e-mail system. An information disclosure vulnerability exists in Cybozu Mailwise 5.0.0 through 5.3.2, which can be exploited by remote attackers to obtain sensitive information...
Cybozu Mailwise Clickjacking Vulnerability
Cybozu Mailwise is a Web-based e-mail system from Cybozu. A clickjacking vulnerability exists in Cybozu Mailwise versions 5.0.0 through 5.3.2. An attacker could exploit this vulnerability to compromise an affected application and obtain sensitive information...
Cybozu Mailwise Email Header Injection Vulnerability
Cybozu Mailwise is a Web-based e-mail system from Cybozu. An email header injection vulnerability exists in Cybozu Mailwise versions 5.0.0 through 5.3.2. An attacker can exploit this vulnerability to modify the content and perform unauthorized operations...
Cybozu Mailwise contains issue in preventing clickjacking attacks
Overview Cybozu Mailwise contains multiple pages for editing/sending bulk emails. Some of these pages fail to protect against clickjacking attacks. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the...
Cybozu Mailwise vulnerable to information disclosure
Overview Cybozu Mailwise contains an information disclosure vulnerability in the mail view page. Masato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinat...
Cybozu Mailwise vulnerable to mail header injection
Overview Cybozu Mailwise contains a mail header injection vulnerability in the process of sending emails. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning...
JVN#04125292: Cybozu Mailwise contains issue in preventing clickjacking attacks
Cybozu Mailwise contains multiple pages for editing/sending bulk emails. Some of these pages fail to protect against clickjacking attacks. Impact If a user views a malicious page while logged in, the user may be tricked into conducting unintended operations. Solution Update the Software Update to...
JVN#03052683: Cybozu Mailwise vulnerable to information disclosure
Cybozu Mailwise contains an information disclosure vulnerability in the page where CGI environment variables are displayed. Cookie that contains session information has httponly attribute, and the Cookie value cannot be obtained by JavaScript code. However, Cookie values can be obtained in the pa...
JVN#02576342: Cybozu Mailwise vulnerable to information disclosure
Cybozu Mailwise contains an information disclosure vulnerability in the mail view page. Impact When a user opens a specially crafted email, an attacker can notice that the user read the email. Solution Update the Software Update to the latest version according to the information provided by the...
JVN#01353821: Cybozu Mailwise vulnerable to mail header injection
Cybozu Mailwise contains a mail header injection vulnerability in the process of sending emails. Impact If a user is tricked into sending a specially crafted request, the header of the email to be sent may be altered. Solution Update the Software Update to the latest version according to the...
Email Exchange + by Mailwise - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities
HackApp vulnerability scanner discovered that application Email Exchange + by Mailwise published at the 'play' market has multiple vulnerabilities...