CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0703
https://notcve.org/view.php?id=CVE-2018-0703
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests. Vulnerabilidad de salto de directorio en Cybozu Office, desde la versión 10.0.0 hasta la 10.8.1, permite que un atacante remoto elimine archivos arbitrarios mediante peticiones HTTP sin especificar. • https://jvn.jp/en/jp/JVN15232217/index.html https://kb.cybozu.support/article/34088 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0673
https://notcve.org/view.php?id=CVE-2018-0673
Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en Cybozu Garoon, de la versión 3.5.0 hasta la 4.6.3, permite que un atacante autenticado lea archivos arbitrarios mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN12583112/index.html https://cs.cybozu.co.jp/2018/006717.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0607
https://notcve.org/view.php?id=CVE-2018-0607
SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL la aplicación Notifications en Cybozu Garoon, de la versión 3.5.0 a la 4.6.2, permite que los atacantes remotos ejecuten comandos SQL arbitrarios mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN13415512/index.html https://kb.cybozu.support/article/33120 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0559
https://notcve.org/view.php?id=CVE-2018-0559
Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en Cybozu Mailwise, de la versión 5.0.0 a la 5.4.1, permite que atacantes remotos autenticados inyecte scripts web o HTML arbitrarios en "Address" mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN52319657/index.html https://support.cybozu.com/ja-jp/article/10196 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0558
https://notcve.org/view.php?id=CVE-2018-0558
Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) reflejado en Cybozu Mailwise, de la versión 5.0.0 a la 5.4.1, permite que atacantes remotos autenticados inyecte scripts web o HTML arbitrarios en "System settings" mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN52319657/index.html https://support.cybozu.com/ja-jp/article/10193 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •