CVSS: 6.5EPSS: 1%CPEs: 16EXPL: 0CVE-2016-4869
https://notcve.org/view.php?id=CVE-2016-4869
17 Apr 2017 — Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed. Cybozu Office versiones 9.0.0 hasta 10.4.0, permite a los atacantes remotos obtener información de la sesión por medio de una página donde se muestran las variables de entorno CGI. • http://jvn.jp/en/jp/JVN09736331/index.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 16EXPL: 0CVE-2016-4870
https://notcve.org/view.php?id=CVE-2016-4870
17 Apr 2017 — Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function. Una vulnerabilidad de tipo cross-site scripting en Cybozu Office versiones 9.0.0 hasta 10.4.0, permite a los atacantes autenticados remotos inyectar script web o HTML arbitrario por medio de la función Schedule. • http://jvn.jp/en/jp/JVN06726266/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 1%CPEs: 16EXPL: 0CVE-2016-4871
https://notcve.org/view.php?id=CVE-2016-4871
17 Apr 2017 — Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service. Cybozu Office 9.0.0 en versiones hasta 10.4.0 permite a atacantes remotos provocar una denegación de servicio. • http://jvn.jp/en/jp/JVN10092452/index.html • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2016-4872
https://notcve.org/view.php?id=CVE-2016-4872
17 Apr 2017 — Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail. Cybozu Office versiones 9.0.0 hasta 10.4.0, permite a los atacantes autenticados remotos omitir las restricciones de acceso para visualizar los nombres de proyectos no autorizados por medio de una ruta de navegación previa (breadcrumb). • http://jvn.jp/en/jp/JVN07148816/index.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2016-4873
https://notcve.org/view.php?id=CVE-2016-4873
17 Apr 2017 — Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function. Cybozu Office versiones 9.0.0 hasta 10.4.0, permite a los atacantes autenticados remotos ejecutar operaciones no previstas por medio de la función Project. • http://jvn.jp/en/jp/JVN07148816/index.html • CWE-275: Permission Issues •
CVSS: 3.5EPSS: 0%CPEs: 16EXPL: 0CVE-2016-4874
https://notcve.org/view.php?id=CVE-2016-4874
17 Apr 2017 — Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack. Cybozu Office 9.0.0 en versiones hasta 10.4.0 permite a atacantes remotos provocar un ataque "descarga del archivo reflejado". • http://jvn.jp/en/jp/JVN11288252/index.html • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2015-7795
https://notcve.org/view.php?id=CVE-2015-7795
17 Feb 2016 — Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150. Vulnerabilidad de XSS en Cybozu Office 9.0.0 hasta la versión 10.3.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-7796... • http://jvn.jp/en/jp/JVN69278491/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2015-7796
https://notcve.org/view.php?id=CVE-2015-7796
17 Feb 2016 — Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150. Vulnerabilidad de XSS en Cybozu Office 9.0.0 hasta la versión 10.3.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-7795... • http://jvn.jp/en/jp/JVN69278491/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2015-7797
https://notcve.org/view.php?id=CVE-2015-7797
17 Feb 2016 — Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150. Vulnerabilidad de XSS en Cybozu Office 9.0.0 hasta la versión 10.3.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-7795... • http://jvn.jp/en/jp/JVN69278491/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2015-7798
https://notcve.org/view.php?id=CVE-2015-7798
17 Feb 2016 — Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2016-1149, and CVE-2016-1150. Vulnerabilidad de XSS en Cybozu Office 9.0.0 hasta la versión 10.3.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-7795... • http://jvn.jp/en/jp/JVN69278491/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •