CVE-2018-0530
https://notcve.org/view.php?id=CVE-2018-0530
SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Cybozu Garoon, de la versión 3.5.0 a la 4.2.6, permite que los atacantes remotos ejecuten comandos SQL arbitrarios mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN65268217/index.html https://support.cybozu.com/ja-jp/article/9326 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2018-0551
https://notcve.org/view.php?id=CVE-2018-0551
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en Cybozu Garoon, de la versión 3.0.0 a la 4.6.1, permite que atacantes remotos autenticados inyecte scripts web o HTML arbitrarios mediante vectores sin especificar. • http://jvn.jp/en/jp/JVN65268217/index.html https://support.cybozu.com/ja-jp/article/10211 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-2254
https://notcve.org/view.php?id=CVE-2017-2254
Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input Cybozu Garoon en las versiones 3.5.0 a 4.2.5 permite que un atacante provoque una denegación de servicio en la función edit del menú de la aplicación mediante una entrada especialmente manipulada. • https://jvn.jp/en/jp/JVN63564682/index.html https://support.cybozu.com/ja-jp/article/9751 • CWE-20: Improper Input Validation •
CVE-2017-2258
https://notcve.org/view.php?id=CVE-2017-2258
Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications". Una vulnerabilidad de salto de directorio en Cybozu Garoon en las versiones 4.2.4 a 4.2.5 permite que un atacante lea archivos arbitrarios mediante Garoon SOAP API "WorkflowHandleApplications". • https://jvn.jp/en/jp/JVN63564682/index.html https://support.cybozu.com/ja-jp/article/9846 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2017-2257
https://notcve.org/view.php?id=CVE-2017-2257
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function. Una vulnerabilidad cross-Site Scripting (XSS) en Cybozu Garoon en las versiones 3.0.0 a 4.2.5 permite que un atacante inyecte script web o HTML arbitrario mediante la función mail. • https://jvn.jp/en/jp/JVN63564682/index.html https://support.cybozu.com/ja-jp/article/9765 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •