Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot dot) sequence via the id parameter in (1) scripts/cbag/ag.exe or (2) scripts/s360v2/s360.exe.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N
Vendors Products
Cybozu
  • Cybozu Office
  • Share 360

Configuration 1 [-]

OR cpe:2.3:a:cybozu:cybozu_office:*:*:*:*:*:*:*:*
cpe:2.3:a:cybozu:share_360:*:*:*:*:*:*:*:*
References
Link Resource
http://cybozu.co.jp/products/dl/notice_060825/
http://jvn.jp/jp/JVN%2390420168/index.html
http://secunia.com/advisories/21618 Vendor Advisory
http://secunia.com/advisories/21623 Vendor Advisory
http://securitytracker.com/id?1016759
http://vuln.sg/cybozu-en.html
http://www.osvdb.org/28261
http://www.osvdb.org/28262
https://exchange.xforce.ibmcloud.com/vulnerabilities/28591
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-08-31T22:00:00

Updated: 2017-07-19T15:57:01

Reserved: 2006-08-31T00:00:00

Link: CVE-2006-4490

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2006-08-31T22:04:00.000

Modified: 2017-07-20T01:33:07.977

Link: CVE-2006-4490

JSON object: View

cve-icon Redhat Information

No data.

CWE