CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0702
https://notcve.org/view.php?id=CVE-2018-0702
09 Jan 2019 — Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en Cybozu Mailwise, desde la versión 5.0.0 hasta la 5.4.5, que permite que un atacante remoto elimine archivos arbitrarios mediante vectores sin especificar. • https://jvn.jp/en/jp/JVN83739174/index.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0557
https://notcve.org/view.php?id=CVE-2018-0557
26 Jun 2018 — Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) persistente en Cybozu Mailwise, de la versión 5.0.0 a la 5.4.1, permite que atacantes remotos autenticados inyecte scripts web o HTML "E-mail Details Screen" arbitrarios mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN52319657/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0558
https://notcve.org/view.php?id=CVE-2018-0558
26 Jun 2018 — Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) reflejado en Cybozu Mailwise, de la versión 5.0.0 a la 5.4.1, permite que atacantes remotos autenticados inyecte scripts web o HTML arbitrarios en "System settings" mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN52319657/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0559
https://notcve.org/view.php?id=CVE-2018-0559
26 Jun 2018 — Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en Cybozu Mailwise, de la versión 5.0.0 a la 5.4.1, permite que atacantes remotos autenticados inyecte scripts web o HTML arbitrarios en "Address" mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN52319657/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2016-4841
https://notcve.org/view.php?id=CVE-2016-4841
21 Apr 2017 — Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers. Cybozu Mailwise en versiones anteriores a 5.4.0 permite a atacantes inyectar las cabeceras de email arbitrarios. • http://jvn.jp/en/jp/JVN01353821/index.html • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2016-4842
https://notcve.org/view.php?id=CVE-2016-4842
20 Apr 2017 — Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read. Cybozu Mailwise en versiones anteriores a 5.4.0 permite a atacantes remotos obtener información cuando un email es leído. • http://jvn.jp/en/jp/JVN02576342/index.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 14EXPL: 0CVE-2016-4843
https://notcve.org/view.php?id=CVE-2016-4843
20 Apr 2017 — Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information. Cybozu Mailwise en versiones anteriores a 5.4.0 permite a atacantes remotos obtener información sensible de cookies. • http://jvn.jp/en/jp/JVN03052683/index.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2016-4844
https://notcve.org/view.php?id=CVE-2016-4844
20 Apr 2017 — Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks. Cybozu Mailwise en versiones anteriores a 5.4.0 permite a atacantes remotos conducir ataques de clickjacking. • http://jvn.jp/en/jp/JVN04125292/index.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 6%CPEs: 5EXPL: 0CVE-2014-5314
https://notcve.org/view.php?id=CVE-2014-5314
24 Nov 2014 — Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages. Desbordamiento de buffer en Cybozu Office 9 y 10 anterior a 10.1.0, Mailwise 4 y 5 anterior a 5.1.4, y Dezie 8 anterior a 8.1.1 permite a usuarios remotos autenticados ejecutar código arbitrario a través de mensajes de email. • http://jvn.jp/en/jp/JVN14691234/index.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2013-4698
https://notcve.org/view.php?id=CVE-2013-4698
16 Aug 2013 — Cybozu Mailwise 5.0.4 and 5.0.5 allows remote authenticated users to obtain sensitive e-mail content intended for different persons in opportunistic circumstances by reading Subject header lines within the user's own mailbox. Cybozu Mailwise v5.0.4 y v5.0.5 permite a los usuarios remotos autenticados obtener contenidos de e-mails sensibles destinados a diferentes personas en circunstancias oportunas mediante la lectura de las líneas de encabezado de asunto en el propio buzón del usuario. • http://cs.cybozu.co.jp/information/20130812up02.php • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •