cbcvebase.

Cybozu Office vulnerabilities

7 known vulnerabilities affecting cybozu/cybozu_office.

Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM7

Vulnerabilities

Page 1 of 1
CVE-2006-4490P4MEDIUMCVSS 4.0PoC≤ 6.6_build_1.22006-08-31
CVE-2006-4490 [MEDIUM] CVE-2006-4490: Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 bef Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot dot) sequence via the id parameter in (1) scripts/cbag/ag.exe or (2) scripts/s360v2/s360.exe.
nvd
CVE-2013-3656P3MEDIUMCVSS 5.8≤ 9.1.02013-07-20
CVE-2013-3656 [MEDIUM] CWE-287 CVE-2013-3656: Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL.
nvd
CVE-2010-2029P4MEDIUMCVSS 5.8v72010-05-24
CVE-2010-2029 [MEDIUM] CWE-264 CVE-2010-2029: Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows re Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone.
nvd
CVE-2013-2305P4MEDIUMCVSS 6.8≤ 8v6+3 more2013-04-25
CVE-2013-2305 [MEDIUM] CWE-352 CVE-2013-2305: Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords.
nvd
CVE-2013-3269P4MEDIUMCVSS 6.8≤ 8v6+3 more2013-04-25
CVE-2013-3269 [MEDIUM] CVE-2013-3269: Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0 a Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0 allows remote attackers to hijack the authentication of arbitrary users for requests that change mobile passwords, a different vulnerability than CVE-2013-2305.
nvd
CVE-2008-6744P4MEDIUMCVSS 6.8v62009-04-23
CVE-2008-6744 [MEDIUM] CWE-352 CVE-2008-6744: Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), an Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
nvd
CVE-2006-4492P4MEDIUMCVSS 5.0v6.5_build_1.22006-08-31
CVE-2006-4492 [MEDIUM] CVE-2006-4492: Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows allows remote attackers to obta Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows allows remote attackers to obtain sensitive information, including users and groups, via unspecified vectors.
nvd
Cybozu Office vulnerabilities | cvebase