Search Results (330 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-4870 1 Cybozu 1 Office 2025-04-20 N/A
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function.
CVE-2016-7815 1 Cybozu 1 Remote Service Manager 2025-04-20 N/A
Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network.
CVE-2016-1220 1 Cybozu 1 Garoon 2025-04-20 N/A
Cybozu Garoon before 4.2.2 does not properly restrict access.
CVE-2017-2115 1 Cybozu 1 Office 2025-04-20 N/A
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors.
CVE-2016-4872 1 Cybozu 1 Office 2025-04-20 N/A
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.
CVE-2016-1187 1 Cybozu 1 Kunai 2025-04-20 N/A
Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates.
CVE-2016-4873 1 Cybozu 1 Office 2025-04-20 N/A
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.
CVE-2016-1194 1 Cybozu 1 Garoon 2025-04-20 N/A
Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service.
CVE-2016-4908 1 Cybozu 1 Garoon 2025-04-20 N/A
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.
CVE-2016-4843 1 Cybozu 1 Mailwise 2025-04-20 N/A
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information.
CVE-2017-2109 1 Cybozu 1 Kunai 2025-04-20 N/A
Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application.
CVE-2017-10857 1 Cybozu 1 Office 2025-04-20 N/A
Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function.
CVE-2016-4910 1 Cybozu 1 Garoon 2025-04-20 N/A
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors.
CVE-2016-4868 1 Cybozu 1 Office 2025-04-20 N/A
Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.
CVE-2016-1191 1 Cybozu 1 Garoon 2025-04-12 N/A
Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors.
CVE-2016-1189 1 Cybozu 1 Garoon 2025-04-12 N/A
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.
CVE-2015-8485 1 Cybozu 1 Office 2025-04-12 N/A
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8486, and CVE-2016-1152.
CVE-2015-7796 1 Cybozu 1 Office 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.
CVE-2015-7775 1 Cybozu 1 Garoon 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-1197.
CVE-2014-1996 1 Cybozu 1 Garoon 2025-04-12 N/A
Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call.