CVSS: 8.8EPSS: 0%CPEs: 42EXPL: 0CVE-2013-6930
https://notcve.org/view.php?id=CVE-2013-6930
29 Jan 2014 — SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0 through 2.5.4, 3.0.0 through 3.0.3, 3.5.0 through 3.5.5, and 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929. Vulnerabilidad de inyección de SQL en la implementación page-navigation de Cybozu Garoon 2.0.0 hasta la versión 2.0.6, 2.1.0 hasta 2.1.3, 2.5.0 hasta la versión 2... • http://cs.cybozu.co.jp/information/20140127up02.php • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6931
https://notcve.org/view.php?id=CVE-2013-6931
29 Jan 2014 — SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929. Vulnerabilidad de inyección de SQL en la API de Cybozu Garoon 3.7.x anterior a la versión 3.7.3 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2013-6929. • http://cs.cybozu.co.jp/information/20140127up03.php • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6929
https://notcve.org/view.php?id=CVE-2013-6929
28 Dec 2013 — SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input. Vulnerabilidad de inyección SQL en Cybozu Garoon 3.7 SP2 y anteriores permite a usuarios remotos autenticados ejecutar comandos SQL a través de la entrada de la API diseñada. • http://jvn.jp/en/jp/JVN60997973/index.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2013-6006
https://notcve.org/view.php?id=CVE-2013-6006
28 Dec 2013 — Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request. Cybozu Garoon de 3.5 a 3.7 SP2 permite a atacantes remotos evitar la autenticación Keitai través de un ID de usuario modificado en una solicitud. • http://jvn.jp/en/jp/JVN81706478/index.html • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 29EXPL: 0CVE-2013-6900
https://notcve.org/view.php?id=CVE-2013-6900
05 Dec 2013 — Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en el componente de administración del sistema en Cybozu Garoon anteriores a 3.7.0 permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 30EXPL: 0CVE-2013-6901
https://notcve.org/view.php?id=CVE-2013-6901
05 Dec 2013 — Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en la función Space en Cybozu Garoon anteriores a 3.7.0, cuando se utiliza Firefox, permite a atacantes rmotos inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 29EXPL: 0CVE-2013-6902
https://notcve.org/view.php?id=CVE-2013-6902
05 Dec 2013 — Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en la función Space en Cybozu Garoon anteriores a 3.7.0 permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 60EXPL: 0CVE-2013-6903
https://notcve.org/view.php?id=CVE-2013-6903
05 Dec 2013 — Cross-site scripting (XSS) vulnerability in a schedule component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en un componente de planificación en Cybozu Garoon anteriores a 3.7.0, cuando Internet Explorer o Firefox son utilizados, permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 60EXPL: 0CVE-2013-6904
https://notcve.org/view.php?id=CVE-2013-6904
05 Dec 2013 — Cross-site scripting (XSS) vulnerability in a note component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en un componente de notas en Cybozu Garoon anteriores a 3.7.0, cuando Internet Explorer o Firefox son utilizados, permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 60EXPL: 0CVE-2013-6905
https://notcve.org/view.php?id=CVE-2013-6905
05 Dec 2013 — Cross-site scripting (XSS) vulnerability in a phone component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting (XSS) en un componente de teléfono en Cybozu Garoon anteriores a 3.7.0, cuando Internet Explorer o Firefox son utilizados, permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través de vectores no especificados. • http://cs.cybozu.co.jp/information/20131202up01.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •