RSS   Vulnerabilities for 'Office'   RSS

2018-06-26
 
CVE-2018-0567

CWE-284
 

 
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors.

 
 
CVE-2018-0566

CWE-264
 

 
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors.

 
 
CVE-2018-0565

CWE-79
 

 
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

 
 
CVE-2018-0529

CWE-20
 

 
Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors.

 
 
CVE-2018-0528

CWE-287
 

 
Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors.

 
 
CVE-2018-0527

CWE-79
 

 
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

 
 
CVE-2018-0526

CWE-200
 

 
Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors.

 
2017-10-12
 
CVE-2017-10857

 

 
Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function.

 
2017-04-28
 
CVE-2017-2116

 

 
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors.

 
 
CVE-2017-2115

 

 
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors.

 


Copyright 2018, cxsecurity.com

 

Back to Top