Lucene search

K
CybozuCybozu Office

7 matches found

CVE
CVE
added 2010/05/24 7:30 p.m.48 views

CVE-2010-2029

Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone.

5.8CVSS6.7AI score0.00351EPSS
CVE
CVE
added 2006/08/31 10:4 p.m.43 views

CVE-2006-4490

Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot dot) sequence via the id parameter in (1) scripts/cbag/ag.exe or (2) scripts/s360v2/s360.exe.

4CVSS6.8AI score0.06304EPSS
CVE
CVE
added 2013/04/25 10:55 a.m.39 views

CVE-2013-2305

Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords.

6.8CVSS7.3AI score0.00142EPSS
CVE
CVE
added 2006/08/31 10:4 p.m.38 views

CVE-2006-4492

Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows allows remote attackers to obtain sensitive information, including users and groups, via unspecified vectors.

5CVSS7AI score0.00391EPSS
CVE
CVE
added 2009/04/23 5:30 p.m.37 views

CVE-2008-6744

Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8CVSS7.3AI score0.00334EPSS
CVE
CVE
added 2013/04/25 10:55 a.m.37 views

CVE-2013-3269

Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0 allows remote attackers to hijack the authentication of arbitrary users for requests that change mobile passwords, a different vulnerability than CVE-2013-2305.

6.8CVSS7.3AI score0.00164EPSS
CVE
CVE
added 2013/07/20 3:38 a.m.36 views

CVE-2013-3656

Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL.

5.8CVSS7.2AI score0.00256EPSS