RSS   Vulnerabilities for 'Office'   RSS

2017-04-28
 
CVE-2017-2116

 

 
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors.

 
 
CVE-2017-2115

 

 
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors.

 
 
CVE-2017-2114

 

 
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

 
2017-04-17
 
CVE-2016-4874

 

 
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.

 
 
CVE-2016-4873

 

 
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.

 
 
CVE-2016-4872

 

 
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.

 
 
CVE-2016-4871

 

 
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.

 
 
CVE-2016-4870

 

 
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function.

 
 
CVE-2016-4869

 

 
Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.

 
 
CVE-2016-4868

 

 
Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.

 


Copyright 2017, cxsecurity.com