| CVE-2017-10857 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function. |
| CVE-2017-2258 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications". |
| CVE-2017-2257 |
medium |
6.1 |
6.1 |
|
|
cybozu |
9y ago |
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function. |
| CVE-2017-2256 |
medium |
5.4 |
5.4 |
|
|
cybozu |
9y ago |
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo". |
| CVE-2017-2255 |
medium |
5.4 |
5.4 |
|
|
cybozu |
9y ago |
Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space". |
| CVE-2017-2254 |
medium |
4.9 |
4.9 |
|
|
cybozu |
9y ago |
Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input |
| CVE-2017-2172 |
medium |
6.1 |
6.1 |
|
|
cybozu |
9y ago |
Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2017-2146 |
medium |
4.8 |
4.8 |
|
|
cybozu |
9y ago |
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu. |
| CVE-2017-2145 |
medium |
5.4 |
5.4 |
|
|
cybozu |
9y ago |
Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors. |
| CVE-2017-2144 |
medium |
5.4 |
5.4 |
|
|
cybozu |
9y ago |
Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page. |
| CVE-2016-7833 |
high |
7.5 |
7.5 |
|
|
cybozu |
9y ago |
Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors. |
| CVE-2016-7832 |
medium |
5.3 |
5.3 |
|
|
cybozu |
9y ago |
Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors. |
| CVE-2016-7816 |
medium |
5.9 |
5.9 |
|
|
cybozu |
9y ago |
The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information… |
| CVE-2016-7803 |
high |
8.8 |
8.8 |
|
|
cybozu |
9y ago |
SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function. |
| CVE-2016-7802 |
medium |
6.5 |
6.5 |
|
|
cybozu |
9y ago |
Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors. |
| CVE-2016-7801 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors. |
| CVE-2016-4910 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors. |
| CVE-2016-4909 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors. |
| CVE-2016-4908 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors. |
| CVE-2016-4907 |
high |
8.8 |
8.8 |
|
|
cybozu |
9y ago |
Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors. |
| CVE-2016-4906 |
medium |
6.1 |
6.1 |
|
|
cybozu |
9y ago |
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai. |
| CVE-2017-2116 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors. |
| CVE-2017-2115 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors. |
| CVE-2017-2114 |
medium |
5.4 |
5.4 |
|
|
cybozu |
9y ago |
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2017-2095 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors. |
| CVE-2017-2094 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors. |
| CVE-2017-2093 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors. |
| CVE-2017-2092 |
medium |
5.4 |
5.4 |
|
|
cybozu |
9y ago |
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2017-2091 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors. |
| CVE-2016-7815 |
medium |
4.2 |
4.2 |
|
|
cybozu |
9y ago |
Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network. |
| CVE-2016-1187 |
medium |
6.8 |
6.8 |
|
|
cybozu |
9y ago |
Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates. |
| CVE-2016-1186 |
medium |
5.9 |
5.9 |
|
|
cybozu |
9y ago |
Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates. |
| CVE-2016-4841 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers. |
| CVE-2016-1194 |
medium |
6.5 |
6.5 |
|
|
cybozu |
9y ago |
Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service. |
| CVE-2016-4844 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks. |
| CVE-2016-4843 |
medium |
6.5 |
6.5 |
|
|
cybozu |
9y ago |
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information. |
| CVE-2016-4842 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read. |
| CVE-2016-1220 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Garoon before 4.2.2 does not properly restrict access. |
| CVE-2016-1218 |
high |
8.8 |
8.8 |
|
|
cybozu |
9y ago |
SQL injection vulnerability in Cybozu Garoon before 4.2.2. |
| CVE-2016-1217 |
medium |
6.1 |
6.1 |
|
|
cybozu |
9y ago |
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2. |
| CVE-2016-1216 |
medium |
6.1 |
6.1 |
|
|
cybozu |
9y ago |
Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2. |
| CVE-2016-1215 |
medium |
6.1 |
6.1 |
|
|
cybozu |
9y ago |
Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2. |
| CVE-2016-1214 |
medium |
6.1 |
6.1 |
|
|
cybozu |
9y ago |
Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2. |
| CVE-2016-1213 |
medium |
6.1 |
6.1 |
|
|
cybozu |
9y ago |
The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites. |
| CVE-2016-1219 |
critical |
9.8 |
9.8 |
|
|
cybozu |
9y ago |
Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use. |
| CVE-2016-4873 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function. |
| CVE-2016-4872 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail. |
| CVE-2016-4871 |
medium |
6.5 |
6.5 |
|
|
cybozu |
9y ago |
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service. |
| CVE-2016-4870 |
medium |
5.4 |
5.4 |
|
|
cybozu |
9y ago |
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function. |
| CVE-2016-4869 |
medium |
6.5 |
6.5 |
|
|
cybozu |
9y ago |
Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed. |
| CVE-2016-4868 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests. |
| CVE-2016-4867 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function. |
| CVE-2016-4866 |
medium |
4.8 |
4.8 |
|
|
cybozu |
9y ago |
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function. |
| CVE-2016-4865 |
medium |
4.8 |
4.8 |
|
|
cybozu |
9y ago |
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function. |
| CVE-2016-1193 |
high |
7.5 |
7.5 |
|
|
cybozu |
10y ago |
Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors. |
| CVE-2016-1190 |
medium |
6.5 |
6.5 |
|
|
cybozu |
10y ago |
Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors. |
| CVE-2016-1189 |
high |
8.1 |
8.1 |
|
|
cybozu |
10y ago |
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors. |
| CVE-2016-1188 |
medium |
6.5 |
6.5 |
|
|
cybozu |
10y ago |
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors. |
| CVE-2016-1196 |
medium |
4.3 |
4.3 |
|
|
cybozu |
10y ago |
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerabilit… |
| CVE-2016-1192 |
medium |
4.3 |
4.3 |
|
|
cybozu |
10y ago |
Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors. |
| CVE-2016-1191 |
medium |
5.3 |
5.3 |
|
|
cybozu |
10y ago |
Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors. |
| CVE-2015-7776 |
medium |
4.3 |
4.3 |
|
|
cybozu |
10y ago |
Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vul… |
| CVE-2016-1197 |
medium |
6.1 |
6.1 |
|
|
cybozu |
10y ago |
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2… |
| CVE-2016-1195 |
high |
7.4 |
7.4 |
|
|
cybozu |
10y ago |
Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. |
| CVE-2015-7775 |
medium |
5.4 |
5.4 |
|
|
cybozu |
10y ago |
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-20… |
| CVE-2016-1153 |
medium |
6.5 |
6.5 |
|
|
cybozu |
10y ago |
customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service via unspecified vectors, a different vulnerability than CVE-2015-8489. |
| CVE-2016-1152 |
medium |
5.4 |
5.4 |
|
|
cybozu |
10y ago |
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than CV… |
| CVE-2016-1151 |
high |
8.8 |
8.8 |
|
|
cybozu |
10y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users. |
| CVE-2016-1150 |
medium |
6.1 |
6.1 |
|
|
cybozu |
10y ago |
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C… |
| CVE-2016-1149 |
medium |
6.1 |
6.1 |
|
|
cybozu |
10y ago |
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C… |
| CVE-2015-8489 |
medium |
6.5 |
6.5 |
|
|
cybozu |
10y ago |
customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database locking) via a crafted CSV file, a different vulnerability than CVE-… |
| CVE-2015-8488 |
medium |
4.3 |
4.3 |
|
|
cybozu |
10y ago |
Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487. |
| CVE-2015-8487 |
medium |
4.3 |
4.3 |
|
|
cybozu |
10y ago |
Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488. |
| CVE-2015-8486 |
medium |
5.4 |
5.4 |
|
|
cybozu |
10y ago |
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary report titles via unspecified vectors, a different vulnerability than CV… |
| CVE-2015-8485 |
medium |
5.4 |
5.4 |
|
|
cybozu |
10y ago |
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than C… |
| CVE-2015-8484 |
medium |
5.4 |
5.4 |
|
|
cybozu |
10y ago |
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485, CVE-2015-8… |
| CVE-2015-8483 |
high |
7.4 |
7.4 |
|
|
cybozu |
10y ago |
Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. |
| CVE-2015-7798 |
medium |
6.1 |
6.1 |
|
|
cybozu |
10y ago |
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C… |
| CVE-2015-7797 |
medium |
6.1 |
6.1 |
|
|
cybozu |
10y ago |
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C… |
| CVE-2015-7796 |
medium |
6.1 |
6.1 |
|
|
cybozu |
10y ago |
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C… |
| CVE-2015-7795 |
medium |
6.1 |
6.1 |
|
|
cybozu |
10y ago |
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C… |
| CVE-2015-5647 |
high |
— |
8.5 |
|
|
cybozu |
11y ago |
The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866. |
| CVE-2015-5646 |
high |
— |
8.5 |
|
|
cybozu |
11y ago |
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867. |
| CVE-2015-5649 |
high |
— |
7.0 |
|
|
cybozu |
11y ago |
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended l… |
| CVE-2014-7266 |
high |
— |
7.8 |
|
|
cybozu |
12y ago |
Algorithmic complexity vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x through 3.1.2 allows remote attackers to cause a denial of service (CPU consumption) via vectors that trigg… |
| CVE-2014-5314 |
critical |
— |
9.0 |
|
|
cybozu |
12y ago |
Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages. |
| CVE-2014-1996 |
high |
— |
7.5 |
|
|
cybozu |
12y ago |
Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call. |
| CVE-2014-1993 |
medium |
— |
4.0 |
|
|
cybozu |
12y ago |
The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors. |
| CVE-2014-1987 |
critical |
— |
10.0 |
|
|
cybozu |
12y ago |
The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrary commands via unspecified vectors. |
| CVE-2014-1989 |
medium |
— |
6.0 |
|
|
cybozu |
12y ago |
Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information via unspecified API calls. |
| CVE-2014-1984 |
medium |
— |
6.8 |
|
|
cybozu |
12y ago |
Session fixation vulnerability in the management screen in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to hijack web sessions via unspecified vectors. |
| CVE-2014-1983 |
high |
— |
7.8 |
|
|
cybozu |
12y ago |
Unspecified vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to cause a denial of service (CPU consumption) via unknown vectors. |
| CVE-2014-0821 |
medium |
— |
6.5 |
|
|
cybozu |
12y ago |
SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vect… |
| CVE-2014-0820 |
medium |
— |
4.0 |
|
|
cybozu |
12y ago |
Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to read arbitrary files via unspecified vectors. |
| CVE-2014-0817 |
medium |
— |
4.9 |
|
|
cybozu |
12y ago |
Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors. |
| CVE-2013-6931 |
medium |
— |
6.5 |
|
|
cybozu |
13y ago |
SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than … |
| CVE-2013-6930 |
medium |
— |
6.5 |
|
|
cybozu |
13y ago |
SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0 through 2.5.4, 3.0.0 through 3.0.3, 3.5.0 through 3.5.5, and 3.7.x b… |
| CVE-2013-6929 |
medium |
— |
6.5 |
|
|
cybozu |
13y ago |
SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input. |
| CVE-2013-6006 |
medium |
— |
5.8 |
|
|
cybozu |
13y ago |
Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request. |
| CVE-2013-6005 |
medium |
— |
4.3 |
|
|
cybozu |
13y ago |
Cross-site scripting (XSS) vulnerability in Cybozu Dezie before 8.1.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Cancel button. |
