Filtered by vendor Cybozu
Subscribe
Total
322 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-6912 | 2 Cybozu, Microsoft | 2 Garoon, Internet Explorer | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2, when Internet Explorer 6 through 9 is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-6006 | 1 Cybozu | 1 Garoon | 2024-02-28 | 5.8 MEDIUM | N/A |
Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request. | |||||
CVE-2013-6003 | 1 Cybozu | 1 Garoon | 2024-02-28 | 3.5 LOW | N/A |
CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors. | |||||
CVE-2013-6900 | 1 Cybozu | 1 Garoon | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-6909 | 1 Cybozu | 1 Garoon | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in a report component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-4013 | 1 Cybozu | 1 Kunai Browser For Remote Service | 2024-02-28 | 4.3 MEDIUM | N/A |
The WebView class in the Cybozu KUNAI Browser for Remote Service application beta for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. | |||||
CVE-2012-4012 | 1 Cybozu | 1 Kunai | 2024-02-28 | 4.3 MEDIUM | N/A |
The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. | |||||
CVE-2013-3646 | 1 Cybozu | 1 Cybozu Live | 2024-02-28 | 6.8 MEDIUM | N/A |
The Cybozu Live application before 2.0.1 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. NOTE: this vulnerability exists because of a CVE-2012-4008 regression. | |||||
CVE-2013-6929 | 1 Cybozu | 1 Garoon | 2024-02-28 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input. | |||||
CVE-2013-0702 | 1 Cybozu | 1 Garoon | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 3.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-3269 | 1 Cybozu | 1 Cybozu Office | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0 allows remote attackers to hijack the authentication of arbitrary users for requests that change mobile passwords, a different vulnerability than CVE-2013-2305. | |||||
CVE-2013-6004 | 1 Cybozu | 1 Garoon | 2024-02-28 | 6.8 MEDIUM | N/A |
Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
CVE-2012-4011 | 1 Cybozu | 1 Kunai | 2024-02-28 | 9.3 HIGH | N/A |
The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. | |||||
CVE-2013-6002 | 1 Cybozu | 1 Garoon | 2024-02-28 | 5.0 MEDIUM | N/A |
The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. | |||||
CVE-2013-6001 | 1 Cybozu | 1 Garoon | 2024-02-28 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in the Space function in Cybozu Garoon before 3.7 SP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2013-6907 | 1 Cybozu | 1 Garoon | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 2.x and 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-3647 | 1 Cybozu | 1 Cybozu Live | 2024-02-28 | 6.8 MEDIUM | N/A |
The WebView class in the Cybozu Live application before 2.0.1 for Android allows attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. NOTE: this vulnerability exists because of a CVE-2012-4009 regression. | |||||
CVE-2013-3656 | 1 Cybozu | 1 Cybozu Office | 2024-02-28 | 5.8 MEDIUM | N/A |
Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL. | |||||
CVE-2013-6914 | 1 Cybozu | 1 Garoon | 2024-02-28 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-6005 | 1 Cybozu | 1 Dezie | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Cybozu Dezie before 8.1.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Cancel button. |