CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6929
https://notcve.org/view.php?id=CVE-2013-6929
SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input. Vulnerabilidad de inyección SQL en Cybozu Garoon 3.7 SP2 y anteriores permite a usuarios remotos autenticados ejecutar comandos SQL a través de la entrada de la API diseñada. • http://jvn.jp/en/jp/JVN60997973/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000124 https://support.cybozu.com/ja-jp/article/7889 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.8EPSS: 0%CPEs: 10EXPL: 0CVE-2013-6006
https://notcve.org/view.php?id=CVE-2013-6006
Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request. Cybozu Garoon de 3.5 a 3.7 SP2 permite a atacantes remotos evitar la autenticación Keitai través de un ID de usuario modificado en una solicitud. • http://jvn.jp/en/jp/JVN81706478/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000125 https://support.cybozu.com/ja-jp/article/7893 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2013-6005
https://notcve.org/view.php?id=CVE-2013-6005
Cross-site scripting (XSS) vulnerability in Cybozu Dezie before 8.1.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Cancel button. Cross-site scripting (XSS) en Cybozu Dezie anterior a 8.1.0 que permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con el botón Cancelar. • http://cs.cybozu.co.jp/information/20131209up11.php http://jvn.jp/en/jp/JVN21336955/index.html http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000118.html http://osvdb.org/100819 http://secunia.com/advisories/55962 https://exchange.xforce.ibmcloud.com/vulnerabilities/89577 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 0CVE-2013-6902
https://notcve.org/view.php?id=CVE-2013-6902
Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en la función Space en Cybozu Garoon anteriores a 3.7.0 permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN23981867/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113 https://support.cybozu.com/ja-jp/article/5838 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 31EXPL: 0CVE-2013-6004
https://notcve.org/view.php?id=CVE-2013-6004
Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors. Vulnerabilidad de fijación de sesión en Cygozu Garoon anteriores a 3.7.2 permite a atacantes remotos secuestrar sesiones web a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php http://jvn.jp/en/jp/JVN87729477/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000117 https://support.cybozu.com/ja-jp/article/6929 • CWE-264: Permissions, Privileges, and Access Controls •