Office@10.1.2 Security Vulnerabilities and Issues — Office@10.1.2 CVE List

Lucene search

CybozuOffice10.1.2

28 matches found

CVE•added 2017/04/28 4:59 p.m.•52 views

CVE-2017-2115

Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors.

4.3CVSS4.8AI score0.00125EPSS

CVE•added 2017/04/28 4:59 p.m.•49 views

CVE-2017-2116

Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors.

4.3CVSS5AI score0.00195EPSS

CVE•added 2016/02/17 2:59 a.m.•46 views

CVE-2015-8483

Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.

7.4CVSS7.2AI score0.00274EPSS

CVE•added 2017/04/28 4:59 p.m.•46 views

CVE-2017-2114

Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

5.4CVSS5.4AI score0.00181EPSS

CVE•added 2016/02/17 2:59 a.m.•45 views

CVE-2015-8485

Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8486, and CVE-2016-1152.

5.5CVSS5.4AI score0.00241EPSS

CVE•added 2016/02/17 2:59 a.m.•43 views

CVE-2015-7796

Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.

6.1CVSS5.9AI score0.00515EPSS

CVE•added 2016/02/17 2:59 a.m.•40 views

CVE-2016-1150

Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1149.

6.1CVSS5.9AI score0.00515EPSS

CVE•added 2016/02/17 2:59 a.m.•40 views

CVE-2016-1151

Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users.

8.8CVSS8.8AI score0.00129EPSS

CVE•added 2017/04/17 3:59 p.m.•40 views

CVE-2016-4865

Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function.

4.8CVSS5AI score0.00404EPSS

CVE•added 2017/04/17 3:59 p.m.•40 views

CVE-2016-4868

Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.

4.3CVSS4.8AI score0.00672EPSS

CVE•added 2017/04/17 3:59 p.m.•40 views

CVE-2016-4870

Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function.

5.4CVSS5.1AI score0.00276EPSS

CVE•added 2016/02/17 2:59 a.m.•39 views

CVE-2015-8486

Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary report titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2016-1152.

5.5CVSS5.4AI score0.00241EPSS

CVE•added 2016/02/17 2:59 a.m.•39 views

CVE-2015-8489

customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database locking) via a crafted CSV file, a different vulnerability than CVE-2016-1153.

6.8CVSS6.1AI score0.00582EPSS

CVE•added 2016/02/17 2:59 a.m.•39 views

CVE-2016-1149

Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1150.

6.1CVSS5.9AI score0.00515EPSS

CVE•added 2017/10/12 2:29 p.m.•39 views

CVE-2017-10857

Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function.

4.3CVSS4.7AI score0.00139EPSS

CVE•added 2016/02/17 2:59 a.m.•38 views

CVE-2015-8484

Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485, CVE-2015-8486, and CVE-2016-1152.

5.5CVSS5.4AI score0.00241EPSS

CVE•added 2016/02/17 2:59 a.m.•38 views

CVE-2015-8487

Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488.

4.3CVSS4.8AI score0.00306EPSS

CVE•added 2016/02/17 2:59 a.m.•38 views

CVE-2016-1152

Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2015-8486.

5.5CVSS5.4AI score0.00241EPSS

CVE•added 2017/04/17 3:59 p.m.•38 views

CVE-2016-4874

Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.

3.5CVSS4.2AI score0.00231EPSS

CVE•added 2016/02/17 2:59 a.m.•37 views

CVE-2015-7798

Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2016-1149, and CVE-2016-1150.

6.1CVSS5.9AI score0.00515EPSS

CVE•added 2016/02/17 2:59 a.m.•36 views

CVE-2015-7797

Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.

6.1CVSS5.9AI score0.00515EPSS

CVE•added 2017/04/17 3:59 p.m.•36 views

CVE-2016-4867

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function.

4.3CVSS4.2AI score0.00216EPSS

CVE•added 2017/04/17 3:59 p.m.•36 views

CVE-2016-4869

Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.

6.5CVSS6.2AI score0.01162EPSS

CVE•added 2017/04/17 3:59 p.m.•36 views

CVE-2016-4873

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.

4.3CVSS4.7AI score0.00279EPSS

CVE•added 2017/04/17 3:59 p.m.•34 views

CVE-2016-4872

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.

4.3CVSS4.2AI score0.00216EPSS

CVE•added 2016/02/17 2:59 a.m.•33 views

CVE-2015-7795

Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.

6.1CVSS5.9AI score0.00515EPSS

CVE•added 2017/04/17 3:59 p.m.•32 views

CVE-2016-4866

Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function.

4.8CVSS5AI score0.00404EPSS

CVE•added 2017/04/17 3:59 p.m.•32 views

CVE-2016-4871

Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.

6.8CVSS6.4AI score0.01511EPSS