CVE-2013-6006
https://notcve.org/view.php?id=CVE-2013-6006
Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request. Cybozu Garoon de 3.5 a 3.7 SP2 permite a atacantes remotos evitar la autenticación Keitai través de un ID de usuario modificado en una solicitud. • http://jvn.jp/en/jp/JVN81706478/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000125 https://support.cybozu.com/ja-jp/article/7893 • CWE-287: Improper Authentication •
CVE-2013-6902
https://notcve.org/view.php?id=CVE-2013-6902
Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en la función Space en Cybozu Garoon anteriores a 3.7.0 permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN23981867/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113 https://support.cybozu.com/ja-jp/article/5838 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-6004
https://notcve.org/view.php?id=CVE-2013-6004
Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors. Vulnerabilidad de fijación de sesión en Cygozu Garoon anteriores a 3.7.2 permite a atacantes remotos secuestrar sesiones web a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN87729477/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000117 https://support.cybozu.com/ja-jp/article/6929 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-6909
https://notcve.org/view.php?id=CVE-2013-6909
Cross-site scripting (XSS) vulnerability in a report component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el componente report de Cybozu Garoon anterior a la versión 3.7.0 permite a atacantes remotos inyectar script web o HTML arbitrario a través de vectores sin especificar. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN23981867/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113 https://support.cybozu.com/ja-jp/article/6384 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-6003
https://notcve.org/view.php?id=CVE-2013-6003
CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors. Vulnerabilidad de inyección CRLF en Cybozu Garoon 3.1 a 3.5 SP5, cuando se activa el reenvío de Phone Messages, permite a atacantes autenticados remotamente inyectar cabeceras de email arbitrarias a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN84221103/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000116 https://support.cybozu.com/ja-jp/article/6121 • CWE-20: Improper Input Validation •