Search
Find a vulnerability
Search criteria
12 vulnerabilities found for dezie by cybozu
CVE-2018-0705 (GCVE-0-2018-0705)
Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 03:35
VLAI
Summary
Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests.
Severity
No CVSS data available.
CWE
- Directory traversal
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN16697622/index.html | third-party-advisoryx_refsource_JVN |
| https://kb.cybozu.support/article/34089/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cybozu, Inc. | Cybozu Dezie |
Affected:
8.0.2 to 8.1.2
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:48.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#16697622",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN16697622/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/34089/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Dezie",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "8.0.2 to 8.1.2"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#16697622",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN16697622/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/34089/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Dezie",
"version": {
"version_data": [
{
"version_value": "8.0.2 to 8.1.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#16697622",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN16697622/index.html"
},
{
"name": "https://kb.cybozu.support/article/34089/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/34089/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0705",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:35:48.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7833 (GCVE-0-2016-7833)
Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
Summary
Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.
Severity
No CVSS data available.
CWE
- Fails to restrict access
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN16781735/index.html | third-party-advisoryx_refsource_JVN |
| http://www.securityfocus.com/bid/94831 | vdb-entryx_refsource_BID |
| https://support.cybozu.com/ja-jp/article/9741 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cybozu, Inc. | Cybozu Dezie |
Affected:
8.0.0 to 8.1.1
|
Date Public
2016-12-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#16781735",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN16781735/index.html"
},
{
"name": "94831",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94831"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9741"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Dezie",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "8.0.0 to 8.1.1"
}
]
}
],
"datePublic": "2016-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#16781735",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN16781735/index.html"
},
{
"name": "94831",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94831"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9741"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Dezie",
"version": {
"version_data": [
{
"version_value": "8.0.0 to 8.1.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#16781735",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN16781735/index.html"
},
{
"name": "94831",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94831"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9741",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9741"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7833",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7832 (GCVE-0-2016-7832)
Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
Summary
Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.
Severity
No CVSS data available.
CWE
- Fails to restrict access
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://support.cybozu.com/ja-jp/article/9742 | x_refsource_CONFIRM |
| https://jvn.jp/en/jp/JVN16781735/index.html | third-party-advisoryx_refsource_JVN |
| http://www.securityfocus.com/bid/94831 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cybozu, Inc. | Cybozu Dezie |
Affected:
8.0.0 to 8.1.1
|
Date Public
2016-12-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9742"
},
{
"name": "JVN#16781735",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN16781735/index.html"
},
{
"name": "94831",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94831"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Dezie",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "8.0.0 to 8.1.1"
}
]
}
],
"datePublic": "2016-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9742"
},
{
"name": "JVN#16781735",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN16781735/index.html"
},
{
"name": "94831",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94831"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Dezie",
"version": {
"version_data": [
{
"version_value": "8.0.0 to 8.1.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9742",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9742"
},
{
"name": "JVN#16781735",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN16781735/index.html"
},
{
"name": "94831",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94831"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7832",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5314 (GCVE-0-2014-5314)
Vulnerability from nvd – Published: 2014-11-24 02:00 – Updated: 2024-08-06 11:41
VLAI
Summary
Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/62248 | third-party-advisoryx_refsource_SECUNIA |
| http://jvn.jp/en/jp/JVN14691234/index.html | third-party-advisoryx_refsource_JVN |
| http://jvndb.jvn.jp/jvndb/JVNDB-2014-000130 | third-party-advisoryx_refsource_JVNDB |
| https://cs.cybozu.co.jp/2014/1110-2.html | x_refsource_CONFIRM |
Date Public
2014-11-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:48.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62248",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62248"
},
{
"name": "JVN#14691234",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN14691234/index.html"
},
{
"name": "JVNDB-2014-000130",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000130"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2014/1110-2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-12T19:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "62248",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62248"
},
{
"name": "JVN#14691234",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN14691234/index.html"
},
{
"name": "JVNDB-2014-000130",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000130"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cs.cybozu.co.jp/2014/1110-2.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-5314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62248",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62248"
},
{
"name": "JVN#14691234",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN14691234/index.html"
},
{
"name": "JVNDB-2014-000130",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000130"
},
{
"name": "https://cs.cybozu.co.jp/2014/1110-2.html",
"refsource": "CONFIRM",
"url": "https://cs.cybozu.co.jp/2014/1110-2.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-5314",
"datePublished": "2014-11-24T02:00:00.000Z",
"dateReserved": "2014-08-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:41:48.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6005 (GCVE-0-2013-6005)
Vulnerability from nvd – Published: 2013-12-13 15:00 – Updated: 2024-08-06 17:29
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Dezie before 8.1.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Cancel button.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/100819 | vdb-entryx_refsource_OSVDB |
| http://jvn.jp/en/jp/JVN21336955/index.html | third-party-advisoryx_refsource_JVN |
| http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-0… | third-party-advisoryx_refsource_JVNDB |
| http://cs.cybozu.co.jp/information/20131209up11.php | x_refsource_CONFIRM |
| http://secunia.com/advisories/55962 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2013-12-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cybozudezie-cve20136005-xss(89577)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89577"
},
{
"name": "100819",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100819"
},
{
"name": "JVN#21336955",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN21336955/index.html"
},
{
"name": "JVNDB-2013-000118",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000118.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20131209up11.php"
},
{
"name": "55962",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55962"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Dezie before 8.1.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Cancel button."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "cybozudezie-cve20136005-xss(89577)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89577"
},
{
"name": "100819",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100819"
},
{
"name": "JVN#21336955",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN21336955/index.html"
},
{
"name": "JVNDB-2013-000118",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000118.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cs.cybozu.co.jp/information/20131209up11.php"
},
{
"name": "55962",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55962"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Dezie before 8.1.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Cancel button."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cybozudezie-cve20136005-xss(89577)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89577"
},
{
"name": "100819",
"refsource": "OSVDB",
"url": "http://osvdb.org/100819"
},
{
"name": "JVN#21336955",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN21336955/index.html"
},
{
"name": "JVNDB-2013-000118",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000118.html"
},
{
"name": "http://cs.cybozu.co.jp/information/20131209up11.php",
"refsource": "CONFIRM",
"url": "http://cs.cybozu.co.jp/information/20131209up11.php"
},
{
"name": "55962",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55962"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-6005",
"datePublished": "2013-12-13T15:00:00.000Z",
"dateReserved": "2013-10-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:29:42.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1334 (GCVE-0-2011-1334)
Vulnerability from nvd – Published: 2011-06-29 17:00 – Updated: 2024-09-17 01:16
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the mail system."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://cybozu.co.jp/products/dl/notice/detail/0019.html | x_refsource_CONFIRM |
| http://www.osvdb.org/73317 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/48446 | vdb-entryx_refsource_BID |
| http://jvn.jp/en/jp/JVN54074460/index.html | third-party-advisoryx_refsource_JVN |
| http://secunia.com/advisories/45043 | third-party-advisoryx_refsource_SECUNIA |
| http://jvndb.jvn.jp/jvndb/JVNDB-2011-000046 | third-party-advisoryx_refsource_JVNDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:34.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0019.html"
},
{
"name": "73317",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/73317"
},
{
"name": "48446",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48446"
},
{
"name": "JVN#54074460",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN54074460/index.html"
},
{
"name": "45043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45043"
},
{
"name": "JVNDB-2011-000046",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to \"downloading graphic files from the mail system.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-06-29T17:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0019.html"
},
{
"name": "73317",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/73317"
},
{
"name": "48446",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48446"
},
{
"name": "JVN#54074460",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN54074460/index.html"
},
{
"name": "45043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45043"
},
{
"name": "JVNDB-2011-000046",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000046"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-1334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to \"downloading graphic files from the mail system.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cybozu.co.jp/products/dl/notice/detail/0019.html",
"refsource": "CONFIRM",
"url": "http://cybozu.co.jp/products/dl/notice/detail/0019.html"
},
{
"name": "73317",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/73317"
},
{
"name": "48446",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48446"
},
{
"name": "JVN#54074460",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN54074460/index.html"
},
{
"name": "45043",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45043"
},
{
"name": "JVNDB-2011-000046",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000046"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-1334",
"datePublished": "2011-06-29T17:00:00.000Z",
"dateReserved": "2011-03-09T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:16:50.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0705 (GCVE-0-2018-0705)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 03:35
VLAI
Summary
Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests.
Severity
No CVSS data available.
CWE
- Directory traversal
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN16697622/index.html | third-party-advisoryx_refsource_JVN |
| https://kb.cybozu.support/article/34089/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cybozu, Inc. | Cybozu Dezie |
Affected:
8.0.2 to 8.1.2
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:48.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#16697622",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN16697622/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/34089/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Dezie",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "8.0.2 to 8.1.2"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#16697622",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN16697622/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/34089/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Dezie",
"version": {
"version_data": [
{
"version_value": "8.0.2 to 8.1.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#16697622",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN16697622/index.html"
},
{
"name": "https://kb.cybozu.support/article/34089/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/34089/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0705",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:35:48.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7833 (GCVE-0-2016-7833)
Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
Summary
Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.
Severity
No CVSS data available.
CWE
- Fails to restrict access
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN16781735/index.html | third-party-advisoryx_refsource_JVN |
| http://www.securityfocus.com/bid/94831 | vdb-entryx_refsource_BID |
| https://support.cybozu.com/ja-jp/article/9741 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cybozu, Inc. | Cybozu Dezie |
Affected:
8.0.0 to 8.1.1
|
Date Public
2016-12-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#16781735",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN16781735/index.html"
},
{
"name": "94831",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94831"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9741"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Dezie",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "8.0.0 to 8.1.1"
}
]
}
],
"datePublic": "2016-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#16781735",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN16781735/index.html"
},
{
"name": "94831",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94831"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9741"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Dezie",
"version": {
"version_data": [
{
"version_value": "8.0.0 to 8.1.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#16781735",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN16781735/index.html"
},
{
"name": "94831",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94831"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9741",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9741"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7833",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7832 (GCVE-0-2016-7832)
Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
Summary
Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.
Severity
No CVSS data available.
CWE
- Fails to restrict access
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://support.cybozu.com/ja-jp/article/9742 | x_refsource_CONFIRM |
| https://jvn.jp/en/jp/JVN16781735/index.html | third-party-advisoryx_refsource_JVN |
| http://www.securityfocus.com/bid/94831 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cybozu, Inc. | Cybozu Dezie |
Affected:
8.0.0 to 8.1.1
|
Date Public
2016-12-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9742"
},
{
"name": "JVN#16781735",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN16781735/index.html"
},
{
"name": "94831",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94831"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Dezie",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "8.0.0 to 8.1.1"
}
]
}
],
"datePublic": "2016-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9742"
},
{
"name": "JVN#16781735",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN16781735/index.html"
},
{
"name": "94831",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94831"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Dezie",
"version": {
"version_data": [
{
"version_value": "8.0.0 to 8.1.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9742",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9742"
},
{
"name": "JVN#16781735",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN16781735/index.html"
},
{
"name": "94831",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94831"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7832",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5314 (GCVE-0-2014-5314)
Vulnerability from cvelistv5 – Published: 2014-11-24 02:00 – Updated: 2024-08-06 11:41
VLAI
Summary
Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/62248 | third-party-advisoryx_refsource_SECUNIA |
| http://jvn.jp/en/jp/JVN14691234/index.html | third-party-advisoryx_refsource_JVN |
| http://jvndb.jvn.jp/jvndb/JVNDB-2014-000130 | third-party-advisoryx_refsource_JVNDB |
| https://cs.cybozu.co.jp/2014/1110-2.html | x_refsource_CONFIRM |
Date Public
2014-11-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:48.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62248",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62248"
},
{
"name": "JVN#14691234",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN14691234/index.html"
},
{
"name": "JVNDB-2014-000130",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000130"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2014/1110-2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-12T19:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "62248",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62248"
},
{
"name": "JVN#14691234",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN14691234/index.html"
},
{
"name": "JVNDB-2014-000130",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000130"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cs.cybozu.co.jp/2014/1110-2.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-5314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62248",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62248"
},
{
"name": "JVN#14691234",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN14691234/index.html"
},
{
"name": "JVNDB-2014-000130",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000130"
},
{
"name": "https://cs.cybozu.co.jp/2014/1110-2.html",
"refsource": "CONFIRM",
"url": "https://cs.cybozu.co.jp/2014/1110-2.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-5314",
"datePublished": "2014-11-24T02:00:00.000Z",
"dateReserved": "2014-08-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:41:48.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6005 (GCVE-0-2013-6005)
Vulnerability from cvelistv5 – Published: 2013-12-13 15:00 – Updated: 2024-08-06 17:29
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Dezie before 8.1.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Cancel button.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/100819 | vdb-entryx_refsource_OSVDB |
| http://jvn.jp/en/jp/JVN21336955/index.html | third-party-advisoryx_refsource_JVN |
| http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-0… | third-party-advisoryx_refsource_JVNDB |
| http://cs.cybozu.co.jp/information/20131209up11.php | x_refsource_CONFIRM |
| http://secunia.com/advisories/55962 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2013-12-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cybozudezie-cve20136005-xss(89577)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89577"
},
{
"name": "100819",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100819"
},
{
"name": "JVN#21336955",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN21336955/index.html"
},
{
"name": "JVNDB-2013-000118",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000118.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20131209up11.php"
},
{
"name": "55962",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55962"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Dezie before 8.1.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Cancel button."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "cybozudezie-cve20136005-xss(89577)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89577"
},
{
"name": "100819",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100819"
},
{
"name": "JVN#21336955",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN21336955/index.html"
},
{
"name": "JVNDB-2013-000118",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000118.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cs.cybozu.co.jp/information/20131209up11.php"
},
{
"name": "55962",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55962"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Dezie before 8.1.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Cancel button."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cybozudezie-cve20136005-xss(89577)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89577"
},
{
"name": "100819",
"refsource": "OSVDB",
"url": "http://osvdb.org/100819"
},
{
"name": "JVN#21336955",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN21336955/index.html"
},
{
"name": "JVNDB-2013-000118",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000118.html"
},
{
"name": "http://cs.cybozu.co.jp/information/20131209up11.php",
"refsource": "CONFIRM",
"url": "http://cs.cybozu.co.jp/information/20131209up11.php"
},
{
"name": "55962",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55962"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-6005",
"datePublished": "2013-12-13T15:00:00.000Z",
"dateReserved": "2013-10-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:29:42.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1334 (GCVE-0-2011-1334)
Vulnerability from cvelistv5 – Published: 2011-06-29 17:00 – Updated: 2024-09-17 01:16
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the mail system."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://cybozu.co.jp/products/dl/notice/detail/0019.html | x_refsource_CONFIRM |
| http://www.osvdb.org/73317 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/48446 | vdb-entryx_refsource_BID |
| http://jvn.jp/en/jp/JVN54074460/index.html | third-party-advisoryx_refsource_JVN |
| http://secunia.com/advisories/45043 | third-party-advisoryx_refsource_SECUNIA |
| http://jvndb.jvn.jp/jvndb/JVNDB-2011-000046 | third-party-advisoryx_refsource_JVNDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:34.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0019.html"
},
{
"name": "73317",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/73317"
},
{
"name": "48446",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48446"
},
{
"name": "JVN#54074460",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN54074460/index.html"
},
{
"name": "45043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45043"
},
{
"name": "JVNDB-2011-000046",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to \"downloading graphic files from the mail system.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-06-29T17:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0019.html"
},
{
"name": "73317",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/73317"
},
{
"name": "48446",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48446"
},
{
"name": "JVN#54074460",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN54074460/index.html"
},
{
"name": "45043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45043"
},
{
"name": "JVNDB-2011-000046",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000046"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-1334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to \"downloading graphic files from the mail system.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cybozu.co.jp/products/dl/notice/detail/0019.html",
"refsource": "CONFIRM",
"url": "http://cybozu.co.jp/products/dl/notice/detail/0019.html"
},
{
"name": "73317",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/73317"
},
{
"name": "48446",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48446"
},
{
"name": "JVN#54074460",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN54074460/index.html"
},
{
"name": "45043",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45043"
},
{
"name": "JVNDB-2011-000046",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000046"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-1334",
"datePublished": "2011-06-29T17:00:00.000Z",
"dateReserved": "2011-03-09T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:16:50.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}