CVE-2013-6904
https://notcve.org/view.php?id=CVE-2013-6904
Cross-site scripting (XSS) vulnerability in a note component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en un componente de notas en Cybozu Garoon anteriores a 3.7.0, cuando Internet Explorer o Firefox son utilizados, permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN23981867/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113 http://osvdb.org/100572 https://support.cybozu.com/ja-jp/article/6395 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-6002
https://notcve.org/view.php?id=CVE-2013-6002
The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. El servidor en Cybozu Garoon anteriores a 3.7 SP1 permite a atacantes remotos causar denegación de servicio (consumo de CPU) a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN94245330/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000115 http://products.cybozu.co.jp/garoon/download/update/gr3/fix371sp1.html https://support.cybozu.com/ja-jp/article/6571 • CWE-399: Resource Management Errors •
CVE-2013-0701
https://notcve.org/view.php?id=CVE-2013-0701
SQL injection vulnerability in Cybozu Garoon 2.5.0 through 3.5.3 allows remote authenticated users to execute arbitrary SQL commands by leveraging a logging privilege. Vulnerabilidad que permite la inyección de código SQL en Cybozu Garoon v2.5 hasta 3.5.3 que permite a usuarios autenticados ejecutar código arbitrario SQL para elevar privilegios. • http://cs.cybozu.co.jp/information/20130125up02.php http://jvn.jp/en/jp/JVN07629635/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000007 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2013-0702
https://notcve.org/view.php?id=CVE-2013-0702
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 3.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad ante la ejecución de secuencias de comandos en sitios cruzados de Cybozu Garoon v2.0.0 hasta v3.5.3 permite a atacantes remotos inyectar web script o html arbitrarios por vectores sin especificar. • http://cs.cybozu.co.jp/information/20130125up01.php http://jvn.jp/en/jp/JVN95863326/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000008 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •