CVE-2016-4908
https://notcve.org/view.php?id=CVE-2016-4908
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors. Cybozu Garoon versiones 3.0.0 hasta 4.2.2, permite a los atacantes identificados remotos omitir la restricción de acceso para alterar o eliminar la configuración RSS privada de otro usuario por medio de vectores no especificados. • http://www.securityfocus.com/bid/94966 http://www.securityfocus.com/bid/97912 https://jvn.jp/en/jp/JVN14631222/index.html https://support.cybozu.com/ja-jp/article/9399 • CWE-284: Improper Access Control •
CVE-2016-7801
https://notcve.org/view.php?id=CVE-2016-7801
Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors. Cybozu Garoon versiones 3.0.0 a 4.2.2 permite a los atacantes remotos eludir las restricciones de acceso para borrar los To-Dos de otros usuarios a través de vectores no especificados • http://www.securityfocus.com/bid/94966 https://jvn.jp/en/jp/JVN14631222/index.html https://support.cybozu.com/ja-jp/article/9437 • CWE-284: Improper Access Control •
CVE-2016-7803
https://notcve.org/view.php?id=CVE-2016-7803
SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function. La vulnerabilidad de inyección de SQL en Cybozu Garoon versiones 3.0.0 a 4.2.2 permite a los atacantes autenticados remotos ejecutar comandos SQL arbitrarios a través de la función "MultiReport". • http://www.securityfocus.com/bid/94974 https://jvn.jp/en/jp/JVN17980240/index.html https://support.cybozu.com/ja-jp/article/9447 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2017-2092
https://notcve.org/view.php?id=CVE-2017-2092
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting en Cybozu Garoon 3.0.0 hasta 4.2.3 permite a un atacante remoto autenticado inyectar script web o HTML a través de vectores no especificados. • http://jvn.jp/en/jp/JVN73182875/index.html http://www.securityfocus.com/bid/96429 https://support.cybozu.com/ja-jp/article/9555 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-2093
https://notcve.org/view.php?id=CVE-2017-2093
Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors. Cybozu Garoon 3.0.0 hasta 4.2.3 permite a un atacante remoto obtener tokens utilizados por la protección CSRF a través de vectores no especificados. • http://jvn.jp/en/jp/JVN73182875/index.html http://www.securityfocus.com/bid/96429 https://support.cybozu.com/ja-jp/article/9647 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •