CVSS: 4.0EPSS: 90%CPEs: 2EXPL: 1CVE-2006-4490 – Cybozu Products - 'id' Arbitrary File Retrieval
https://notcve.org/view.php?id=CVE-2006-4490
Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot dot) sequence via the id parameter in (1) scripts/cbag/ag.exe or (2) scripts/s360v2/s360.exe. Múltiples vulnerabilidades de atravesamiento de directorios en Cybozu Office anterior a 6.6 Build 1.3 y Share 360 anterior a 2.5 Build 0.3 permiten a usuarios remotos autenticados leer archivos de su elección mediante una secuencia .. (punto punto) vía el parámetro id en (1) scripts/cbag/ag.exe o (2) scripts/s360v2/s360.exe. • https://www.exploit-db.com/exploits/2266 http://cybozu.co.jp/products/dl/notice_060825 http://jvn.jp/jp/JVN%2390420168/index.html http://secunia.com/advisories/21618 http://secunia.com/advisories/21623 http://securitytracker.com/id?1016759 http://vuln.sg/cybozu-en.html http://www.osvdb.org/28261 http://www.osvdb.org/28262 https://exchange.xforce.ibmcloud.com/vulnerabilities/28591 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4492
https://notcve.org/view.php?id=CVE-2006-4492
Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows allows remote attackers to obtain sensitive information, including users and groups, via unspecified vectors. Vulnerabilidad no especificada en Cybozu Office 6.5 Build 1.2 para Windows permite a atacantes remotos obtener información sensible, incluyendo usuarios y grupos, mediante vectores no especificados. • http://jvn.jp/jp/JVN%2331125599/index.html http://secunia.com/advisories/21623 http://www.osvdb.org/28263 •