RSS   Vulnerabilities for 'Office'   RSS

2017-04-28
 
CVE-2017-2116

 

 
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors.

 
 
CVE-2017-2115

 

 
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors.

 
 
CVE-2017-2114

 

 
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

 
2017-04-17
 
CVE-2016-4874

 

 
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.

 
 
CVE-2016-4873

 

 
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.

 
 
CVE-2016-4872

 

 
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.

 
 
CVE-2016-4871

 

 
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.

 
 
CVE-2016-4870

 

 
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function.

 
 
CVE-2016-4869

 

 
Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.

 
 
CVE-2016-4868

 

 
Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.

 


Copyright 2017, cxsecurity.com

 

Back to Top