Filtered by vendor Cybozu
Subscriptions
Total
324 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-31399 | 1 Cybozu | 1 Garoon | 2024-08-23 | 6.5 Medium |
| Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition. | ||||
| CVE-2024-31398 | 1 Cybozu | 1 Garoon | 2024-08-23 | 4.3 Medium |
| Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users. | ||||
| CVE-2024-39457 | 1 Cybozu | 1 Garoon | 2024-08-22 | 5.4 Medium |
| Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser. | ||||
| CVE-2006-4491 | 1 Cybozu | 5 Collaborex, Cybozu Ag, Cybozu Pocket and 2 more | 2024-08-07 | N/A |
| Directory traversal vulnerability in Cybozu Collaborex, AG before 1.2(1.5), AG Pocket before 5.2(0.8), Mailwise before 3.0(0.3), and Garoon 1 before 1.5(4.1) allows remote authenticated users to read arbitrary files via unspecified vectors. | ||||
| CVE-2006-4490 | 1 Cybozu | 2 Cybozu Office, Share 360 | 2024-08-07 | N/A |
| Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot dot) sequence via the id parameter in (1) scripts/cbag/ag.exe or (2) scripts/s360v2/s360.exe. | ||||
| CVE-2006-4492 | 1 Cybozu | 1 Cybozu Office | 2024-08-07 | N/A |
| Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows allows remote attackers to obtain sensitive information, including users and groups, via unspecified vectors. | ||||
| CVE-2006-4444 | 1 Cybozu | 1 Garoon | 2024-08-07 | N/A |
| Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete functionality; the (2) pid parameter in the (d) workflow/view or (e) workflow/print functionality; the (3) uid parameter in the (f) schedule/user_view, (g) phonemessage/add, (h) phonemessage/history, or (i) schedule/view functionality; the (4) cid parameter in (j) todo/index; the (5) iid parameter in the (k) memo/view or (l) memo/print functionality; or the (6) event parameter in the (m) schedule/view functionality. | ||||
| CVE-2008-6744 | 1 Cybozu | 3 Cybozu Dezie, Cybozu Garoon, Cybozu Office | 2024-08-07 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2008-6570 | 1 Cybozu | 1 Garoon | 2024-08-07 | N/A |
| Cross-site scripting (XSS) vulnerability in the RSS reader in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. | ||||
| CVE-2008-6569 | 1 Cybozu | 1 Garoon | 2024-08-07 | N/A |
| Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session ID in the login page. | ||||
| CVE-2010-2029 | 1 Cybozu | 2 Cybozu Dotsales, Cybozu Office | 2024-08-07 | N/A |
| Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone. | ||||
| CVE-2011-2677 | 1 Cybozu | 1 Office | 2024-08-06 | N/A |
| Cybozu Office before 8.0.0 allows remote authenticated users to bypass intended access restrictions and access sensitive information (time card and attendance) via unspecified vectors related to manipulation of a URL. | ||||
| CVE-2013-6916 | 3 Cybozu, Google, Microsoft | 3 Garoon, Chrome, Internet Explorer | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface Library in Cybozu Garoon before 3.7.2, when Internet Explorer 9 or 10 or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-6902 | 1 Cybozu | 1 Garoon | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-6905 | 3 Cybozu, Microsoft, Mozilla | 3 Garoon, Internet Explorer, Firefox | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in a phone component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-6909 | 1 Cybozu | 1 Garoon | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in a report component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-6929 | 1 Cybozu | 1 Garoon | 2024-08-06 | N/A |
| SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input. | ||||
| CVE-2013-6913 | 2 Cybozu, Microsoft | 2 Garoon, Internet Explorer | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-6911 | 3 Cybozu, Microsoft, Mozilla | 3 Garoon, Internet Explorer, Firefox | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-6903 | 3 Cybozu, Microsoft, Mozilla | 3 Garoon, Internet Explorer, Firefox | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in a schedule component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||