Cybozu Security Vulnerabilities

CVE-2016-7816

The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

CVE-2016-4907

Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified...

CVE-2016-4909

Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified...

CVE-2016-4908

Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified...

CVE-2016-4906

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon...

CVE-2016-7801

Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified...

CVE-2016-7803

SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport"...

CVE-2017-2116

Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified...

CVE-2017-2114

Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified...

CVE-2017-2115

Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified...

CVE-2016-7815

Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the...

CVE-2017-2090

Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified...

CVE-2017-2093

Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified...

CVE-2017-2091

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified...

CVE-2017-2094

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified...

CVE-2017-2092

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified...

CVE-2017-2095

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified...

CVE-2017-2109

Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android...

CVE-2016-1186

Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server...

CVE-2016-1187

Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL...

CVE-2016-1194

Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of...

CVE-2016-4841

Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email...

CVE-2016-1213

The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary...

CVE-2016-1215

Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before...

CVE-2016-4844

Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking...

CVE-2016-1218

SQL injection vulnerability in Cybozu Garoon before...

CVE-2016-1220

Cybozu Garoon before 4.2.2 does not properly restrict...

CVE-2016-1216

Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before...

CVE-2016-1217

Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before...

CVE-2016-4843

Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie...

CVE-2016-4842

Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is...

CVE-2016-1214

Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before...

CVE-2016-1219

Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API...

CVE-2016-4871

Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of...

CVE-2016-4873

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project...

CVE-2016-4869

Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are...

CVE-2016-4874

Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download"...

CVE-2016-4865

Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp...

CVE-2016-4872

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb...

CVE-2016-4866

Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project...

CVE-2016-4868

Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted...

CVE-2016-4870

Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule...

CVE-2016-4867

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project...

CVE-2016-1193

Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified...

CVE-2016-1190

Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified...

CVE-2016-1189

Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified...

CVE-2016-1188

Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified...

CVE-2016-1196

Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than...

CVE-2016-1192

Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified...

CVE-2016-1191

Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified...