CVE-2016-1190
https://notcve.org/view.php?id=CVE-2016-1190
Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors. Cybozu Garoon 3.1 hasta la versión 4.2 permite a usuarios remotos autenticados eludir las restricciones destinadas a la lectura de MultiReport a través de vectores no especificados. • http://jvn.jp/en/jp/JVN18975349/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000094 https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03 https://support.cybozu.com/ja-jp/article/8877 • CWE-284: Improper Access Control •
CVE-2016-1191
https://notcve.org/view.php?id=CVE-2016-1191
Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors. Vulnerabilidad de salto de directorio en la función Files en Cybozu Garoon 3.x y 4.x en versiones anteriores a 4.2.1 permite a atacantes remotos modificar ajustes a través de vectores no especificados. • http://jvn.jp/en/jp/JVN14749391/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000078 https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2016-1192
https://notcve.org/view.php?id=CVE-2016-1192
Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors. Vulnerabilidad de salto de directorio en la implementación de inicio de sesión en Cybozu Garoon 3.7 hasta la versión 4.2 permite a usuarios remotos autenticados leer un archivo de registro a través de vectores no especificados. • http://jvn.jp/en/jp/JVN14749391/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000095 https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-7776
https://notcve.org/view.php?id=CVE-2015-7776
Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196. Cybozu Garoon 3.x y 4.x en versiones anteriores a 4.2.0 no restringe adecuadamente la carga de elementos IMG, lo que facilita a atacantes remotos rastrear usuarios a través de un mensaje de e-mail HTML manipulado, una vulnerabilidad diferente a CVE-2016-1196. • http://jvn.jp/en/jp/JVN53542912/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000085 https://support.cybozu.com/ja-jp/article/8757 https://support.cybozu.com/ja-jp/article/8897 https://support.cybozu.com/ja-jp/article/8951 https://support.cybozu.com/ja-jp/article/8982 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-1196
https://notcve.org/view.php?id=CVE-2016-1196
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776. Cybozu Garoon 3.x y 4.x en versiones anteriores a 4.2.1 permite a usuarios remotos autenticados eludir restricciones destinadas al acceso y obtener información sensible de Address Book a través de una llamada API, una vulnerabilidad diferente a CVE-2015-7776. • http://jvn.jp/en/jp/JVN33879831/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000082 https://support.cybozu.com/ja-jp/article/8970 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •