RSS   Vulnerabilities for 'Office'   RSS

2017-04-17
 
CVE-2016-4874

 

 
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.

 
 
CVE-2016-4873

 

 
The "Project" function in Cybozu Office 9.0.0 through 10.4.0 does not properly check access permissions, which allows remote authenticated users to alter project information.

 
 
CVE-2016-4872

 

 
The "breadcrumb trail" component in Cybozu Office 9.0.0 through 10.4.0 allows remote authenticated users to read the names of closed projects.

 
 
CVE-2016-4871

 

 
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.

 
 
CVE-2016-4870

 

 
Cross-site scripting (XSS) vulnerability in "Schedule" function in Cybozu Office 9.0.0 through 10.4.0.

 
 
CVE-2016-4869

 

 
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to obtain session information from users.

 
 
CVE-2016-4868

 

 
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to inject arbitrary email headers.

 
 
CVE-2016-4867

 

 
The "Project" function in Cybozu 9.0.0 through 10.4.0 allows remote authenticated users to read closed project information.

 
 
CVE-2016-4866

 

 
Cross-site scripting (XSS) vulnerability in the "Project" function in Cybozu Office 9.0.0 through 10.4.0.

 
 
CVE-2016-4865

 

 
Cross-site scripting (XSS) vulnerability in the "Customapp" function in Cybozu Office 9.0.0 through 10.4.0.

 


Copyright 2017, cxsecurity.com