CVSS: 8.8EPSS: 0%CPEs: 27EXPL: 0CVE-2016-4907
https://notcve.org/view.php?id=CVE-2016-4907
Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors. Cybozu Garoon versiones 3.0.0 hasta 4.2.2, permite a los atacantes remotos obtener tokens CSRF por medio de vectores no especificados. • http://www.securityfocus.com/bid/94965 https://jvn.jp/en/jp/JVN13218253/index.html https://support.cybozu.com/ja-jp/article/9441 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 27EXPL: 0CVE-2016-7803
https://notcve.org/view.php?id=CVE-2016-7803
SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function. La vulnerabilidad de inyección de SQL en Cybozu Garoon versiones 3.0.0 a 4.2.2 permite a los atacantes autenticados remotos ejecutar comandos SQL arbitrarios a través de la función "MultiReport". • http://www.securityfocus.com/bid/94974 https://jvn.jp/en/jp/JVN17980240/index.html https://support.cybozu.com/ja-jp/article/9447 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 0CVE-2016-7802
https://notcve.org/view.php?id=CVE-2016-7802
Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors. La vulnerabilidad de salto de directorios en Cybozu Garoon versiones 3.0.0 a 4.2.2 permite a los atacantes autenticados remotos leer archivos arbitrarios a través de vectores no especificados • http://www.securityfocus.com/bid/94967 https://jvn.jp/en/jp/JVN16200242/index.html https://support.cybozu.com/ja-jp/article/9561 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 27EXPL: 0CVE-2016-7801
https://notcve.org/view.php?id=CVE-2016-7801
Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors. Cybozu Garoon versiones 3.0.0 a 4.2.2 permite a los atacantes remotos eludir las restricciones de acceso para borrar los To-Dos de otros usuarios a través de vectores no especificados • http://www.securityfocus.com/bid/94966 https://jvn.jp/en/jp/JVN14631222/index.html https://support.cybozu.com/ja-jp/article/9437 • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 27EXPL: 0CVE-2016-4906
https://notcve.org/view.php?id=CVE-2016-4906
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai. Una vulnerabilidad de tipo cross-site-scripting en Cybozu Garoon versiones 3.0.0 hasta 4.2.2, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de la función "Messages" de Cybozu Garoon Keitai. • http://www.securityfocus.com/bid/94969 https://jvn.jp/en/jp/JVN12281353/index.html https://support.cybozu.com/ja-jp/article/9511 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •