CVSS: 5.8EPSS: 0%CPEs: 10EXPL: 0CVE-2013-6006
https://notcve.org/view.php?id=CVE-2013-6006
Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request. Cybozu Garoon de 3.5 a 3.7 SP2 permite a atacantes remotos evitar la autenticación Keitai través de un ID de usuario modificado en una solicitud. • http://jvn.jp/en/jp/JVN81706478/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000125 https://support.cybozu.com/ja-jp/article/7893 • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 31EXPL: 0CVE-2013-6004
https://notcve.org/view.php?id=CVE-2013-6004
Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors. Vulnerabilidad de fijación de sesión en Cygozu Garoon anteriores a 3.7.2 permite a atacantes remotos secuestrar sesiones web a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN87729477/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000117 https://support.cybozu.com/ja-jp/article/6929 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.5EPSS: 0%CPEs: 64EXPL: 0CVE-2013-6911
https://notcve.org/view.php?id=CVE-2013-6911
Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en el componente de tablón de anuncios de Cybozu Garoon anteriores a 3.7.2, cuando Internet Explorer o Firefox son utilizados, permite a usuarios autenticados inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN23981867/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113 http://osvdb.org/100561 https://support.cybozu.com/ja-jp/article/7158 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 1%CPEs: 30EXPL: 0CVE-2013-6002
https://notcve.org/view.php?id=CVE-2013-6002
The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. El servidor en Cybozu Garoon anteriores a 3.7 SP1 permite a atacantes remotos causar denegación de servicio (consumo de CPU) a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN94245330/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000115 http://products.cybozu.co.jp/garoon/download/update/gr3/fix371sp1.html https://support.cybozu.com/ja-jp/article/6571 • CWE-399: Resource Management Errors •
CVSS: 3.5EPSS: 0%CPEs: 31EXPL: 0CVE-2013-6914
https://notcve.org/view.php?id=CVE-2013-6914
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en un componente de calendario en Cybozu Garoon anteriores a 3.7.2 permite a usuarios autenticados remotamente inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN23981867/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113 https://support.cybozu.com/ja-jp/article/7037 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •