CVSS: 8.8EPSS: 0%CPEs: 50EXPL: 0CVE-2014-0821
https://notcve.org/view.php?id=CVE-2014-0821
27 Feb 2014 — SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931. Vulnerabilidad de inyección SQL en la funcionalidad de descarga en Cybozu Garoon 2.x hasta 2.5.4 y 3.x hasta 3.7 SP3 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados, una vulnerabil... • http://cs.cybozu.co.jp/information/gr20140225up04.php • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 50EXPL: 0CVE-2014-0820
https://notcve.org/view.php?id=CVE-2014-0820
27 Feb 2014 — Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en la funcionalidad de descarga en Cybozu Garoon 2.x hasta 2.5.4 y 3.x hasta 3.7 SP3 permite a usuarios remotos autenticados leer archivos arbitrarios a través de vectores no especificados. • http://cs.cybozu.co.jp/information/gr20140225up05.php • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 42EXPL: 0CVE-2013-6930
https://notcve.org/view.php?id=CVE-2013-6930
29 Jan 2014 — SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0 through 2.5.4, 3.0.0 through 3.0.3, 3.5.0 through 3.5.5, and 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929. Vulnerabilidad de inyección de SQL en la implementación page-navigation de Cybozu Garoon 2.0.0 hasta la versión 2.0.6, 2.1.0 hasta 2.1.3, 2.5.0 hasta la versión 2... • http://cs.cybozu.co.jp/information/20140127up02.php • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6931
https://notcve.org/view.php?id=CVE-2013-6931
29 Jan 2014 — SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929. Vulnerabilidad de inyección de SQL en la API de Cybozu Garoon 3.7.x anterior a la versión 3.7.3 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2013-6929. • http://cs.cybozu.co.jp/information/20140127up03.php • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2013-6006
https://notcve.org/view.php?id=CVE-2013-6006
28 Dec 2013 — Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request. Cybozu Garoon de 3.5 a 3.7 SP2 permite a atacantes remotos evitar la autenticación Keitai través de un ID de usuario modificado en una solicitud. • http://jvn.jp/en/jp/JVN81706478/index.html • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6929
https://notcve.org/view.php?id=CVE-2013-6929
28 Dec 2013 — SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input. Vulnerabilidad de inyección SQL en Cybozu Garoon 3.7 SP2 y anteriores permite a usuarios remotos autenticados ejecutar comandos SQL a través de la entrada de la API diseñada. • http://jvn.jp/en/jp/JVN60997973/index.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 64EXPL: 0CVE-2013-6911
https://notcve.org/view.php?id=CVE-2013-6911
05 Dec 2013 — Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en el componente de tablón de anuncios de Cybozu Garoon anteriores a 3.7.2, cuando Internet Explorer o Firefox son utilizados, permite a usuarios autenticados inyectar scripts web o HTML arbitrarios a través de vectores no... • http://cs.cybozu.co.jp/information/20131202up01.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 31EXPL: 0CVE-2013-6004
https://notcve.org/view.php?id=CVE-2013-6004
05 Dec 2013 — Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors. Vulnerabilidad de fijación de sesión en Cygozu Garoon anteriores a 3.7.2 permite a atacantes remotos secuestrar sesiones web a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 65EXPL: 0CVE-2013-6916
https://notcve.org/view.php?id=CVE-2013-6916
05 Dec 2013 — Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface Library in Cybozu Garoon before 3.7.2, when Internet Explorer 9 or 10 or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en la Yahoo! User Interface Library en Cybozu Garoon anteriores a 3.7.2, cuando Internet Explorer 9 o 10, o Chrome son utilizados, permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través de vectores ... • http://cs.cybozu.co.jp/information/20131202up01.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 31EXPL: 0CVE-2013-6915
https://notcve.org/view.php?id=CVE-2013-6915
05 Dec 2013 — Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en un componente de administración del sistema en Cybozu Garoon anteriores a 3.7.2 permite a usuarios autenticados remotamente inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •