Search criteria
21 vulnerabilities found for cybozu_office by cybozu
FKIE_CVE-2013-3656
Vulnerability from fkie_nvd - Published: 2013-07-20 03:38 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | cybozu_office | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:cybozu_office:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C88FA88-6CE2-4AC2-BF68-D9BDA7EFAA05",
"versionEndIncluding": "9.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL."
},
{
"lang": "es",
"value": "Cybozu Office v9.1.0 y anteriores no gestiona correctamente las sesiones, lo que permite a atacantes remotos eludir la autenticaci\u00f3n mediante el aprovechamiento de la URL de login."
}
],
"id": "CVE-2013-3656",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-20T03:38:39.800",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN19491840/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000069"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://products.cybozu.co.jp/office/ver9/download/update/fix910.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN19491840/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://products.cybozu.co.jp/office/ver9/download/update/fix910.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85894"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-3269
Vulnerability from fkie_nvd - Published: 2013-04-25 10:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0 allows remote attackers to hijack the authentication of arbitrary users for requests that change mobile passwords, a different vulnerability than CVE-2013-2305.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | cybozu_office | * | |
| cybozu | cybozu_office | 6 | |
| cybozu | cybozu_office | 7 | |
| cybozu | cybozu_office | 9 | |
| cybozu | cybozu_office | 9.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:cybozu_office:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35E7F6E6-4DFC-41D3-A23C-CDC9555AB5BB",
"versionEndIncluding": "8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_office:6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0B6B282-E664-4629-B028-C04CAB527D61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_office:7:*:*:*:*:*:*:*",
"matchCriteriaId": "60CD7A78-766B-4137-842F-BC666434BDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_office:9:*:*:*:*:*:*:*",
"matchCriteriaId": "DF14835A-C823-4D8B-9908-EBEDED7C713A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_office:9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "687E7EFF-4B7C-4F58-9B45-30C40E438621",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0 allows remote attackers to hijack the authentication of arbitrary users for requests that change mobile passwords, a different vulnerability than CVE-2013-2305."
},
{
"lang": "es",
"value": "Falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Cybozu Office antes de v8.1.6 y v9.x antes de v9.3.0 permite a atacantes remotos secuestrar la autenticaci\u00f3n de los usuarios arbitrarios de solicitudes que cambian las contrase\u00f1as m\u00f3viles, una vulnerabilidad diferente a CVE-2013-2.305 ."
}
],
"id": "CVE-2013-3269",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-04-25T10:55:02.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/20130415up11.php"
},
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/en/jp/JVN06251813/374951/index.html"
},
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/en/jp/JVN06251813/index.html"
},
{
"source": "cve@mitre.org",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000034"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/20130415up11.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN06251813/374951/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN06251813/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83812"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-2305
Vulnerability from fkie_nvd - Published: 2013-04-25 10:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | cybozu_office | * | |
| cybozu | cybozu_office | 6 | |
| cybozu | cybozu_office | 7 | |
| cybozu | cybozu_office | 9 | |
| cybozu | cybozu_office | 9.2.1 | |
| cybozu | cybozu_dezie | * | |
| cybozu | cybozu_dezie | 8.0.0 | |
| cybozu | cybozu_dezie | 8.0.1 | |
| cybozu | cybozu_dezie | 8.0.2 | |
| cybozu | cybozu_dezie | 8.0.3 | |
| cybozu | cybozu_dezie | 8.0.4 | |
| cybozu | cybozu_dezie | 8.0.5 | |
| cybozu | mailwise | * | |
| cybozu | mailwise | 1.0 | |
| cybozu | mailwise | 2.0 | |
| cybozu | mailwise | 2.1 | |
| cybozu | mailwise | 3.0 | |
| cybozu | mailwise | 3.0\(0.2\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:cybozu_office:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35E7F6E6-4DFC-41D3-A23C-CDC9555AB5BB",
"versionEndIncluding": "8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_office:6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0B6B282-E664-4629-B028-C04CAB527D61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_office:7:*:*:*:*:*:*:*",
"matchCriteriaId": "60CD7A78-766B-4137-842F-BC666434BDF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_office:9:*:*:*:*:*:*:*",
"matchCriteriaId": "DF14835A-C823-4D8B-9908-EBEDED7C713A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_office:9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "687E7EFF-4B7C-4F58-9B45-30C40E438621",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:cybozu_dezie:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FADBC1A-D485-45C8-AEC6-3C50E2C4A472",
"versionEndIncluding": "8.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_dezie:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B27EBAB0-63CC-42FC-A1B5-685EDE65C7DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_dezie:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "216BA4D1-6D06-4AE2-9F15-82868CC3A17B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_dezie:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D09EA8-D423-4105-B5E5-0396F0EBE0A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_dezie:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "318E023B-104E-49C8-81D3-2ACD57788A7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_dezie:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B8651495-0B9A-4F6E-B3D3-9F666A9302D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_dezie:8.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "64C34368-EA05-4ECF-944F-260FFEEFF70C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:mailwise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "689C0D4C-B10B-4DC9-B779-20FC993344E4",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51929894-F74C-4F8D-A12F-73CBA4FED396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE25F18D-2317-4646-A00A-D627E3BF3868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A28D9F5-6A27-42B5-8640-8560D68D930E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25E13BA8-A41F-4406-BBB3-8B2D969FB8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:3.0\\(0.2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CAB86035-A71A-4198-BADF-CA6723F2209E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords."
},
{
"lang": "es",
"value": "Falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Cybozu Office antes de v8.1.6 y v9.x antes de v9.3.0, Cybozu Dezie antes de v8.0.7 y Cybozu Mailwise antes de v5.0.4 permite a atacantes remotos secuestrar la autenticaci\u00f3n de los usuarios arbitrarios para pide que el cambio de contrase\u00f1as."
}
],
"id": "CVE-2013-2305",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-04-25T10:55:02.210",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/20130415up10.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN06251813/374951/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN06251813/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/20130415up10.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN06251813/374951/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN06251813/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000034"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-2029
Vulnerability from fkie_nvd - Published: 2010-05-24 19:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | cybozu_office | 7 | |
| cybozu | cybozu_dotsales | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:cybozu_office:7:-:ktai:*:*:*:*:*",
"matchCriteriaId": "941E9A1B-1510-4AE1-9E56-5EF33EC9104A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:cybozu_dotsales:*:*:*:*:*:*:*:*",
"matchCriteriaId": "313EE48E-33E5-4363-9394-762887056DCA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user\u0027s cell phone."
},
{
"lang": "es",
"value": "Cybozu Office 7 Ktai y Dotsales no restringen el acceso a la p\u00e1gina de inicio de sesi\u00f3n apropiadamente; lo que permite, a atacantes remotos, evitar la autenticaci\u00f3n y obtener o modificar informaci\u00f3n confidencial a trav\u00e9s del ID \u00fanico del n\u00famero de telef\u00f3no m\u00f3vil del usuario."
}
],
"id": "CVE-2010-2029",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-05-24T19:30:01.457",
"references": [
{
"source": "cve@mitre.org",
"url": "http://cybozu.co.jp/products/dl/notice/detail/0034.html"
},
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/en/jp/JVN87730223/index.html"
},
{
"source": "cve@mitre.org",
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000016.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39508"
},
{
"source": "cve@mitre.org",
"url": "http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/63933"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cybozu.co.jp/products/dl/notice/detail/0034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN87730223/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/63933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57976"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-6744
Vulnerability from fkie_nvd - Published: 2009-04-23 17:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | cybozu_dezie | * | |
| cybozu | cybozu_garoon | 2.0.0 | |
| cybozu | cybozu_garoon | 2.0.1 | |
| cybozu | cybozu_garoon | 2.0.2 | |
| cybozu | cybozu_garoon | 2.0.3 | |
| cybozu | cybozu_garoon | 2.0.4 | |
| cybozu | cybozu_garoon | 2.0.5 | |
| cybozu | cybozu_garoon | 2.0.6 | |
| cybozu | cybozu_garoon | 2.1.0 | |
| cybozu | cybozu_garoon | 2.1.1 | |
| cybozu | cybozu_garoon | 2.1.2 | |
| cybozu | cybozu_garoon | 2.1.3 | |
| cybozu | cybozu_office | 6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:cybozu_dezie:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF18E01-4AC8-42D8-A6C5-C6D43975E591",
"versionEndIncluding": "6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_garoon:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AA522EF-30FD-4084-90CE-53281588032B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_garoon:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "801F2F15-F3A3-4322-8431-30D60DF100A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_garoon:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7FF28F-A677-41C7-9A24-EA25FA122319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_garoon:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "85989F0A-8913-4BC8-ABD5-113C5E42C9A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_garoon:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "594992A0-B9B0-4986-AC14-E17F9D9697AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_garoon:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "171FF417-00A7-4404-99EA-029B1574F724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_garoon:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5801F2B2-523A-47C9-A21A-625357961199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_garoon:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6DB31B6-C2B0-432B-B0EC-EC3A0218E818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_garoon:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A804339-9D42-4914-850D-A3B15BDBE8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_garoon:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "998A4F76-9945-4F75-AF15-90409F210B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_garoon:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F84B0A2D-C60F-41DB-93B3-E3896543A0ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:cybozu_office:6:*:*:*:*:*:*:*",
"matchCriteriaId": "A0B6B282-E664-4629-B028-C04CAB527D61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Cybozu Office v6, Cybozu Dezie anteriores a v6.0(1.0), y Cybozu Garoon v2.0.0 hasta la v2.1.3 permite a atacantes remotos secuestrar la autenticaci\u00f3n de victimas inespec\u00edficas a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2008-6744",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-23T17:30:00.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0016.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0018.html"
},
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/en/jp/JVN18405927/index.html"
},
{
"source": "cve@mitre.org",
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000033.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46575"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30882"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN18405927/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46575"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43438"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-4492
Vulnerability from fkie_nvd - Published: 2006-08-31 22:04 - Updated: 2025-04-03 01:03
Severity ?
Summary
Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows allows remote attackers to obtain sensitive information, including users and groups, via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | cybozu_office | 6.5_build_1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:cybozu_office:6.5_build_1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8B7365-2E15-4E91-8A86-B4C284A64E15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows allows remote attackers to obtain sensitive information, including users and groups, via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Cybozu Office 6.5 Build 1.2 para Windows permite a atacantes remotos obtener informaci\u00f3n sensible, incluyendo usuarios y grupos, mediante vectores no especificados."
}
],
"id": "CVE-2006-4492",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-31T22:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://jvn.jp/jp/JVN%2331125599/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21623"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://jvn.jp/jp/JVN%2331125599/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28263"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-4490
Vulnerability from fkie_nvd - Published: 2006-08-31 22:04 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot dot) sequence via the id parameter in (1) scripts/cbag/ag.exe or (2) scripts/s360v2/s360.exe.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | cybozu_office | * | |
| cybozu | share_360 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:cybozu_office:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14B64813-7187-4F0B-9C40-FCBB62F8E5E1",
"versionEndIncluding": "6.6_build_1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:share_360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B2FFC5B-7EF1-4A43-86FC-92CCC633D3EE",
"versionEndIncluding": "2.5_build_0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot dot) sequence via the id parameter in (1) scripts/cbag/ag.exe or (2) scripts/s360v2/s360.exe."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de atravesamiento de directorios en Cybozu Office anterior a 6.6 Build 1.3 y Share 360 anterior a 2.5 Build 0.3 permiten a usuarios remotos autenticados leer archivos de su elecci\u00f3n mediante una secuencia .. (punto punto) v\u00eda el par\u00e1metro id en (1) scripts/cbag/ag.exe o (2) scripts/s360v2/s360.exe."
}
],
"id": "CVE-2006-4490",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-31T22:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://cybozu.co.jp/products/dl/notice_060825/"
},
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/jp/JVN%2390420168/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21618"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21623"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016759"
},
{
"source": "cve@mitre.org",
"url": "http://vuln.sg/cybozu-en.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28261"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28262"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cybozu.co.jp/products/dl/notice_060825/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/jp/JVN%2390420168/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://vuln.sg/cybozu-en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28591"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2013-3656 (GCVE-0-2013-3656)
Vulnerability from cvelistv5 – Published: 2013-07-18 01:00 – Updated: 2024-08-06 16:14
VLAI?
Summary
Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#19491840",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN19491840/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://products.cybozu.co.jp/office/ver9/download/update/fix910.html"
},
{
"name": "cybozuoffice-cve20133656-spoofing(85894)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85894"
},
{
"name": "JVNDB-2013-000069",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000069"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-28T15:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#19491840",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN19491840/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://products.cybozu.co.jp/office/ver9/download/update/fix910.html"
},
{
"name": "cybozuoffice-cve20133656-spoofing(85894)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85894"
},
{
"name": "JVNDB-2013-000069",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000069"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-3656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#19491840",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN19491840/index.html"
},
{
"name": "http://products.cybozu.co.jp/office/ver9/download/update/fix910.html",
"refsource": "CONFIRM",
"url": "http://products.cybozu.co.jp/office/ver9/download/update/fix910.html"
},
{
"name": "cybozuoffice-cve20133656-spoofing(85894)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85894"
},
{
"name": "JVNDB-2013-000069",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000069"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-3656",
"datePublished": "2013-07-18T01:00:00",
"dateReserved": "2013-05-22T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3269 (GCVE-0-2013-3269)
Vulnerability from cvelistv5 – Published: 2013-04-25 10:00 – Updated: 2024-08-06 16:07
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0 allows remote attackers to hijack the authentication of arbitrary users for requests that change mobile passwords, a different vulnerability than CVE-2013-2305.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:36.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20130415up11.php"
},
{
"name": "JVN#06251813",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN06251813/index.html"
},
{
"name": "cybozuoffice-cve20133269-csrf(83812)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83812"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN06251813/374951/index.html"
},
{
"name": "JVNDB-2013-000034",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000034"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0 allows remote attackers to hijack the authentication of arbitrary users for requests that change mobile passwords, a different vulnerability than CVE-2013-2305."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cs.cybozu.co.jp/information/20130415up11.php"
},
{
"name": "JVN#06251813",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN06251813/index.html"
},
{
"name": "cybozuoffice-cve20133269-csrf(83812)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83812"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jvn.jp/en/jp/JVN06251813/374951/index.html"
},
{
"name": "JVNDB-2013-000034",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000034"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0 allows remote attackers to hijack the authentication of arbitrary users for requests that change mobile passwords, a different vulnerability than CVE-2013-2305."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/20130415up11.php",
"refsource": "CONFIRM",
"url": "http://cs.cybozu.co.jp/information/20130415up11.php"
},
{
"name": "JVN#06251813",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN06251813/index.html"
},
{
"name": "cybozuoffice-cve20133269-csrf(83812)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83812"
},
{
"name": "http://jvn.jp/en/jp/JVN06251813/374951/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN06251813/374951/index.html"
},
{
"name": "JVNDB-2013-000034",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000034"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3269",
"datePublished": "2013-04-25T10:00:00",
"dateReserved": "2013-04-25T00:00:00",
"dateUpdated": "2024-08-06T16:07:36.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2305 (GCVE-0-2013-2305)
Vulnerability from cvelistv5 – Published: 2013-04-25 10:00 – Updated: 2024-09-16 16:18
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:36:45.709Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20130415up10.php"
},
{
"name": "JVN#06251813",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN06251813/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN06251813/374951/index.html"
},
{
"name": "JVNDB-2013-000034",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000034"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-25T10:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cs.cybozu.co.jp/information/20130415up10.php"
},
{
"name": "JVN#06251813",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN06251813/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jvn.jp/en/jp/JVN06251813/374951/index.html"
},
{
"name": "JVNDB-2013-000034",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000034"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-2305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/20130415up10.php",
"refsource": "CONFIRM",
"url": "http://cs.cybozu.co.jp/information/20130415up10.php"
},
{
"name": "JVN#06251813",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN06251813/index.html"
},
{
"name": "http://jvn.jp/en/jp/JVN06251813/374951/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN06251813/374951/index.html"
},
{
"name": "JVNDB-2013-000034",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000034"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-2305",
"datePublished": "2013-04-25T10:00:00Z",
"dateReserved": "2013-03-04T00:00:00Z",
"dateUpdated": "2024-09-16T16:18:26.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2029 (GCVE-0-2010-2029)
Vulnerability from cvelistv5 – Published: 2010-05-24 19:00 – Updated: 2024-08-07 02:17
VLAI?
Summary
Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:14.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39508",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39508"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0034.html"
},
{
"name": "JVNDB-2010-000016",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000016.html"
},
{
"name": "63933",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/63933"
},
{
"name": "cybozu-office-dotsales-sec-bypass(57976)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57976"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html"
},
{
"name": "JVN#87730223",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN87730223/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user\u0027s cell phone."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39508",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39508"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0034.html"
},
{
"name": "JVNDB-2010-000016",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000016.html"
},
{
"name": "63933",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/63933"
},
{
"name": "cybozu-office-dotsales-sec-bypass(57976)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57976"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html"
},
{
"name": "JVN#87730223",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN87730223/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user\u0027s cell phone."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39508",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39508"
},
{
"name": "http://cybozu.co.jp/products/dl/notice/detail/0034.html",
"refsource": "CONFIRM",
"url": "http://cybozu.co.jp/products/dl/notice/detail/0034.html"
},
{
"name": "JVNDB-2010-000016",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000016.html"
},
{
"name": "63933",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/63933"
},
{
"name": "cybozu-office-dotsales-sec-bypass(57976)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57976"
},
{
"name": "http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html",
"refsource": "MISC",
"url": "http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html"
},
{
"name": "JVN#87730223",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN87730223/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2029",
"datePublished": "2010-05-24T19:00:00",
"dateReserved": "2010-05-24T00:00:00",
"dateUpdated": "2024-08-07T02:17:14.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6744 (GCVE-0-2008-6744)
Vulnerability from cvelistv5 – Published: 2009-04-23 17:00 – Updated: 2024-08-07 11:42
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0016.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0018.html"
},
{
"name": "JVN#18405927",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN18405927/index.html"
},
{
"name": "JVNDB-2008-000033",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000033.html"
},
{
"name": "garoon-unspecified-csrf(43438)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43438"
},
{
"name": "30882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30882"
},
{
"name": "46575",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46575"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0016.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0018.html"
},
{
"name": "JVN#18405927",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN18405927/index.html"
},
{
"name": "JVNDB-2008-000033",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000033.html"
},
{
"name": "garoon-unspecified-csrf(43438)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43438"
},
{
"name": "30882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30882"
},
{
"name": "46575",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46575"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cybozu.co.jp/products/dl/notice/detail/0016.html",
"refsource": "CONFIRM",
"url": "http://cybozu.co.jp/products/dl/notice/detail/0016.html"
},
{
"name": "http://cybozu.co.jp/products/dl/notice/detail/0018.html",
"refsource": "CONFIRM",
"url": "http://cybozu.co.jp/products/dl/notice/detail/0018.html"
},
{
"name": "JVN#18405927",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN18405927/index.html"
},
{
"name": "JVNDB-2008-000033",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000033.html"
},
{
"name": "garoon-unspecified-csrf(43438)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43438"
},
{
"name": "30882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30882"
},
{
"name": "46575",
"refsource": "OSVDB",
"url": "http://osvdb.org/46575"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6744",
"datePublished": "2009-04-23T17:00:00",
"dateReserved": "2009-04-23T00:00:00",
"dateUpdated": "2024-08-07T11:42:00.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4492 (GCVE-0-2006-4492)
Vulnerability from cvelistv5 – Published: 2006-08-31 22:00 – Updated: 2024-08-07 19:14
VLAI?
Summary
Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows allows remote attackers to obtain sensitive information, including users and groups, via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:46.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21623",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21623"
},
{
"name": "JVN#31125599",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2331125599/index.html"
},
{
"name": "28263",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28263"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows allows remote attackers to obtain sensitive information, including users and groups, via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-12-11T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21623",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21623"
},
{
"name": "JVN#31125599",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2331125599/index.html"
},
{
"name": "28263",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28263"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows allows remote attackers to obtain sensitive information, including users and groups, via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21623",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21623"
},
{
"name": "JVN#31125599",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2331125599/index.html"
},
{
"name": "28263",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28263"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4492",
"datePublished": "2006-08-31T22:00:00",
"dateReserved": "2006-08-31T00:00:00",
"dateUpdated": "2024-08-07T19:14:46.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4490 (GCVE-0-2006-4490)
Vulnerability from cvelistv5 – Published: 2006-08-31 22:00 – Updated: 2024-08-07 19:14
VLAI?
Summary
Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot dot) sequence via the id parameter in (1) scripts/cbag/ag.exe or (2) scripts/s360v2/s360.exe.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:47.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28261",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28261"
},
{
"name": "21618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21618"
},
{
"name": "21623",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21623"
},
{
"name": "JVN#90420168",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2390420168/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cybozu.co.jp/products/dl/notice_060825/"
},
{
"name": "28262",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28262"
},
{
"name": "cybozu-ag-s360-directory-traversal(28591)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28591"
},
{
"name": "1016759",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016759"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://vuln.sg/cybozu-en.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot dot) sequence via the id parameter in (1) scripts/cbag/ag.exe or (2) scripts/s360v2/s360.exe."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28261",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28261"
},
{
"name": "21618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21618"
},
{
"name": "21623",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21623"
},
{
"name": "JVN#90420168",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2390420168/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cybozu.co.jp/products/dl/notice_060825/"
},
{
"name": "28262",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28262"
},
{
"name": "cybozu-ag-s360-directory-traversal(28591)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28591"
},
{
"name": "1016759",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016759"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://vuln.sg/cybozu-en.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot dot) sequence via the id parameter in (1) scripts/cbag/ag.exe or (2) scripts/s360v2/s360.exe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28261",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28261"
},
{
"name": "21618",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21618"
},
{
"name": "21623",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21623"
},
{
"name": "JVN#90420168",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2390420168/index.html"
},
{
"name": "http://cybozu.co.jp/products/dl/notice_060825/",
"refsource": "CONFIRM",
"url": "http://cybozu.co.jp/products/dl/notice_060825/"
},
{
"name": "28262",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28262"
},
{
"name": "cybozu-ag-s360-directory-traversal(28591)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28591"
},
{
"name": "1016759",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016759"
},
{
"name": "http://vuln.sg/cybozu-en.html",
"refsource": "MISC",
"url": "http://vuln.sg/cybozu-en.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4490",
"datePublished": "2006-08-31T22:00:00",
"dateReserved": "2006-08-31T00:00:00",
"dateUpdated": "2024-08-07T19:14:47.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3656 (GCVE-0-2013-3656)
Vulnerability from nvd – Published: 2013-07-18 01:00 – Updated: 2024-08-06 16:14
VLAI?
Summary
Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#19491840",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN19491840/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://products.cybozu.co.jp/office/ver9/download/update/fix910.html"
},
{
"name": "cybozuoffice-cve20133656-spoofing(85894)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85894"
},
{
"name": "JVNDB-2013-000069",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000069"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-28T15:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#19491840",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN19491840/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://products.cybozu.co.jp/office/ver9/download/update/fix910.html"
},
{
"name": "cybozuoffice-cve20133656-spoofing(85894)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85894"
},
{
"name": "JVNDB-2013-000069",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000069"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-3656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#19491840",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN19491840/index.html"
},
{
"name": "http://products.cybozu.co.jp/office/ver9/download/update/fix910.html",
"refsource": "CONFIRM",
"url": "http://products.cybozu.co.jp/office/ver9/download/update/fix910.html"
},
{
"name": "cybozuoffice-cve20133656-spoofing(85894)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85894"
},
{
"name": "JVNDB-2013-000069",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000069"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-3656",
"datePublished": "2013-07-18T01:00:00",
"dateReserved": "2013-05-22T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3269 (GCVE-0-2013-3269)
Vulnerability from nvd – Published: 2013-04-25 10:00 – Updated: 2024-08-06 16:07
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0 allows remote attackers to hijack the authentication of arbitrary users for requests that change mobile passwords, a different vulnerability than CVE-2013-2305.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:36.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20130415up11.php"
},
{
"name": "JVN#06251813",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN06251813/index.html"
},
{
"name": "cybozuoffice-cve20133269-csrf(83812)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83812"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN06251813/374951/index.html"
},
{
"name": "JVNDB-2013-000034",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000034"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0 allows remote attackers to hijack the authentication of arbitrary users for requests that change mobile passwords, a different vulnerability than CVE-2013-2305."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cs.cybozu.co.jp/information/20130415up11.php"
},
{
"name": "JVN#06251813",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN06251813/index.html"
},
{
"name": "cybozuoffice-cve20133269-csrf(83812)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83812"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jvn.jp/en/jp/JVN06251813/374951/index.html"
},
{
"name": "JVNDB-2013-000034",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000034"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0 allows remote attackers to hijack the authentication of arbitrary users for requests that change mobile passwords, a different vulnerability than CVE-2013-2305."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/20130415up11.php",
"refsource": "CONFIRM",
"url": "http://cs.cybozu.co.jp/information/20130415up11.php"
},
{
"name": "JVN#06251813",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN06251813/index.html"
},
{
"name": "cybozuoffice-cve20133269-csrf(83812)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83812"
},
{
"name": "http://jvn.jp/en/jp/JVN06251813/374951/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN06251813/374951/index.html"
},
{
"name": "JVNDB-2013-000034",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000034"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3269",
"datePublished": "2013-04-25T10:00:00",
"dateReserved": "2013-04-25T00:00:00",
"dateUpdated": "2024-08-06T16:07:36.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2305 (GCVE-0-2013-2305)
Vulnerability from nvd – Published: 2013-04-25 10:00 – Updated: 2024-09-16 16:18
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:36:45.709Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20130415up10.php"
},
{
"name": "JVN#06251813",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN06251813/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN06251813/374951/index.html"
},
{
"name": "JVNDB-2013-000034",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000034"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-25T10:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cs.cybozu.co.jp/information/20130415up10.php"
},
{
"name": "JVN#06251813",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN06251813/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jvn.jp/en/jp/JVN06251813/374951/index.html"
},
{
"name": "JVNDB-2013-000034",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000034"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-2305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/20130415up10.php",
"refsource": "CONFIRM",
"url": "http://cs.cybozu.co.jp/information/20130415up10.php"
},
{
"name": "JVN#06251813",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN06251813/index.html"
},
{
"name": "http://jvn.jp/en/jp/JVN06251813/374951/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN06251813/374951/index.html"
},
{
"name": "JVNDB-2013-000034",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000034"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-2305",
"datePublished": "2013-04-25T10:00:00Z",
"dateReserved": "2013-03-04T00:00:00Z",
"dateUpdated": "2024-09-16T16:18:26.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2029 (GCVE-0-2010-2029)
Vulnerability from nvd – Published: 2010-05-24 19:00 – Updated: 2024-08-07 02:17
VLAI?
Summary
Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:14.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39508",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39508"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0034.html"
},
{
"name": "JVNDB-2010-000016",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000016.html"
},
{
"name": "63933",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/63933"
},
{
"name": "cybozu-office-dotsales-sec-bypass(57976)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57976"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html"
},
{
"name": "JVN#87730223",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN87730223/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user\u0027s cell phone."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39508",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39508"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0034.html"
},
{
"name": "JVNDB-2010-000016",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000016.html"
},
{
"name": "63933",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/63933"
},
{
"name": "cybozu-office-dotsales-sec-bypass(57976)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57976"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html"
},
{
"name": "JVN#87730223",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN87730223/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user\u0027s cell phone."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39508",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39508"
},
{
"name": "http://cybozu.co.jp/products/dl/notice/detail/0034.html",
"refsource": "CONFIRM",
"url": "http://cybozu.co.jp/products/dl/notice/detail/0034.html"
},
{
"name": "JVNDB-2010-000016",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000016.html"
},
{
"name": "63933",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/63933"
},
{
"name": "cybozu-office-dotsales-sec-bypass(57976)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57976"
},
{
"name": "http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html",
"refsource": "MISC",
"url": "http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html"
},
{
"name": "JVN#87730223",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN87730223/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2029",
"datePublished": "2010-05-24T19:00:00",
"dateReserved": "2010-05-24T00:00:00",
"dateUpdated": "2024-08-07T02:17:14.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6744 (GCVE-0-2008-6744)
Vulnerability from nvd – Published: 2009-04-23 17:00 – Updated: 2024-08-07 11:42
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0016.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0018.html"
},
{
"name": "JVN#18405927",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN18405927/index.html"
},
{
"name": "JVNDB-2008-000033",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000033.html"
},
{
"name": "garoon-unspecified-csrf(43438)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43438"
},
{
"name": "30882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30882"
},
{
"name": "46575",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46575"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0016.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0018.html"
},
{
"name": "JVN#18405927",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN18405927/index.html"
},
{
"name": "JVNDB-2008-000033",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000033.html"
},
{
"name": "garoon-unspecified-csrf(43438)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43438"
},
{
"name": "30882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30882"
},
{
"name": "46575",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46575"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cybozu.co.jp/products/dl/notice/detail/0016.html",
"refsource": "CONFIRM",
"url": "http://cybozu.co.jp/products/dl/notice/detail/0016.html"
},
{
"name": "http://cybozu.co.jp/products/dl/notice/detail/0018.html",
"refsource": "CONFIRM",
"url": "http://cybozu.co.jp/products/dl/notice/detail/0018.html"
},
{
"name": "JVN#18405927",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN18405927/index.html"
},
{
"name": "JVNDB-2008-000033",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000033.html"
},
{
"name": "garoon-unspecified-csrf(43438)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43438"
},
{
"name": "30882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30882"
},
{
"name": "46575",
"refsource": "OSVDB",
"url": "http://osvdb.org/46575"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6744",
"datePublished": "2009-04-23T17:00:00",
"dateReserved": "2009-04-23T00:00:00",
"dateUpdated": "2024-08-07T11:42:00.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4492 (GCVE-0-2006-4492)
Vulnerability from nvd – Published: 2006-08-31 22:00 – Updated: 2024-08-07 19:14
VLAI?
Summary
Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows allows remote attackers to obtain sensitive information, including users and groups, via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:46.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21623",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21623"
},
{
"name": "JVN#31125599",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2331125599/index.html"
},
{
"name": "28263",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28263"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows allows remote attackers to obtain sensitive information, including users and groups, via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-12-11T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21623",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21623"
},
{
"name": "JVN#31125599",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2331125599/index.html"
},
{
"name": "28263",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28263"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows allows remote attackers to obtain sensitive information, including users and groups, via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21623",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21623"
},
{
"name": "JVN#31125599",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2331125599/index.html"
},
{
"name": "28263",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28263"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4492",
"datePublished": "2006-08-31T22:00:00",
"dateReserved": "2006-08-31T00:00:00",
"dateUpdated": "2024-08-07T19:14:46.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4490 (GCVE-0-2006-4490)
Vulnerability from nvd – Published: 2006-08-31 22:00 – Updated: 2024-08-07 19:14
VLAI?
Summary
Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot dot) sequence via the id parameter in (1) scripts/cbag/ag.exe or (2) scripts/s360v2/s360.exe.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:47.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28261",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28261"
},
{
"name": "21618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21618"
},
{
"name": "21623",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21623"
},
{
"name": "JVN#90420168",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2390420168/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cybozu.co.jp/products/dl/notice_060825/"
},
{
"name": "28262",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28262"
},
{
"name": "cybozu-ag-s360-directory-traversal(28591)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28591"
},
{
"name": "1016759",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016759"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://vuln.sg/cybozu-en.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot dot) sequence via the id parameter in (1) scripts/cbag/ag.exe or (2) scripts/s360v2/s360.exe."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28261",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28261"
},
{
"name": "21618",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21618"
},
{
"name": "21623",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21623"
},
{
"name": "JVN#90420168",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2390420168/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cybozu.co.jp/products/dl/notice_060825/"
},
{
"name": "28262",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28262"
},
{
"name": "cybozu-ag-s360-directory-traversal(28591)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28591"
},
{
"name": "1016759",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016759"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://vuln.sg/cybozu-en.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot dot) sequence via the id parameter in (1) scripts/cbag/ag.exe or (2) scripts/s360v2/s360.exe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28261",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28261"
},
{
"name": "21618",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21618"
},
{
"name": "21623",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21623"
},
{
"name": "JVN#90420168",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2390420168/index.html"
},
{
"name": "http://cybozu.co.jp/products/dl/notice_060825/",
"refsource": "CONFIRM",
"url": "http://cybozu.co.jp/products/dl/notice_060825/"
},
{
"name": "28262",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28262"
},
{
"name": "cybozu-ag-s360-directory-traversal(28591)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28591"
},
{
"name": "1016759",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016759"
},
{
"name": "http://vuln.sg/cybozu-en.html",
"refsource": "MISC",
"url": "http://vuln.sg/cybozu-en.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4490",
"datePublished": "2006-08-31T22:00:00",
"dateReserved": "2006-08-31T00:00:00",
"dateUpdated": "2024-08-07T19:14:47.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}