| CVE-2017-10857 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function. |
| CVE-2017-2258 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications". |
| CVE-2017-2257 |
medium |
6.1 |
6.1 |
|
|
cybozu |
9y ago |
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function. |
| CVE-2017-2256 |
medium |
5.4 |
5.4 |
|
|
cybozu |
9y ago |
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo". |
| CVE-2017-2255 |
medium |
5.4 |
5.4 |
|
|
cybozu |
9y ago |
Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space". |
| CVE-2017-2254 |
medium |
4.9 |
4.9 |
|
|
cybozu |
9y ago |
Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input |
| CVE-2017-2172 |
medium |
6.1 |
6.1 |
|
|
cybozu |
9y ago |
Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2017-2146 |
medium |
4.8 |
4.8 |
|
|
cybozu |
9y ago |
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu. |
| CVE-2017-2145 |
medium |
5.4 |
5.4 |
|
|
cybozu |
9y ago |
Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors. |
| CVE-2017-2144 |
medium |
5.4 |
5.4 |
|
|
cybozu |
9y ago |
Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page. |
| CVE-2016-7833 |
high |
7.5 |
7.5 |
|
|
cybozu |
9y ago |
Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors. |
| CVE-2016-7832 |
medium |
5.3 |
5.3 |
|
|
cybozu |
9y ago |
Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors. |
| CVE-2016-7816 |
medium |
5.9 |
5.9 |
|
|
cybozu |
9y ago |
The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information… |
| CVE-2016-7803 |
high |
8.8 |
8.8 |
|
|
cybozu |
9y ago |
SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function. |
| CVE-2016-7802 |
medium |
6.5 |
6.5 |
|
|
cybozu |
9y ago |
Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors. |
| CVE-2016-7801 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors. |
| CVE-2016-4910 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors. |
| CVE-2016-4909 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors. |
| CVE-2016-4908 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors. |
| CVE-2016-4907 |
high |
8.8 |
8.8 |
|
|
cybozu |
9y ago |
Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors. |
| CVE-2016-4906 |
medium |
6.1 |
6.1 |
|
|
cybozu |
9y ago |
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai. |
| CVE-2017-2116 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors. |
| CVE-2017-2115 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors. |
| CVE-2017-2114 |
medium |
5.4 |
5.4 |
|
|
cybozu |
9y ago |
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2017-2109 |
low |
2.5 |
2.5 |
|
|
cybozu |
9y ago |
Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application. |
| CVE-2017-2095 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors. |
| CVE-2017-2094 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors. |
| CVE-2017-2093 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors. |
| CVE-2017-2092 |
medium |
5.4 |
5.4 |
|
|
cybozu |
9y ago |
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2017-2091 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors. |
| CVE-2016-7815 |
medium |
4.2 |
4.2 |
|
|
cybozu |
9y ago |
Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network. |
| CVE-2016-1187 |
medium |
6.8 |
6.8 |
|
|
cybozu |
9y ago |
Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates. |
| CVE-2016-1186 |
medium |
5.9 |
5.9 |
|
|
cybozu |
9y ago |
Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates. |
| CVE-2016-4841 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers. |
| CVE-2016-1194 |
medium |
6.5 |
6.5 |
|
|
cybozu |
9y ago |
Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service. |
| CVE-2016-4844 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks. |
| CVE-2016-4843 |
medium |
6.5 |
6.5 |
|
|
cybozu |
9y ago |
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information. |
| CVE-2016-4842 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read. |
| CVE-2016-1220 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Garoon before 4.2.2 does not properly restrict access. |
| CVE-2016-1218 |
high |
8.8 |
8.8 |
|
|
cybozu |
9y ago |
SQL injection vulnerability in Cybozu Garoon before 4.2.2. |
| CVE-2016-1217 |
medium |
6.1 |
6.1 |
|
|
cybozu |
9y ago |
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2. |
| CVE-2016-1216 |
medium |
6.1 |
6.1 |
|
|
cybozu |
9y ago |
Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2. |
| CVE-2016-1215 |
medium |
6.1 |
6.1 |
|
|
cybozu |
9y ago |
Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2. |
| CVE-2016-1214 |
medium |
6.1 |
6.1 |
|
|
cybozu |
9y ago |
Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2. |
| CVE-2016-1213 |
medium |
6.1 |
6.1 |
|
|
cybozu |
9y ago |
The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites. |
| CVE-2016-1219 |
critical |
9.8 |
9.8 |
|
|
cybozu |
9y ago |
Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use. |
| CVE-2016-4874 |
low |
3.5 |
3.5 |
|
|
cybozu |
9y ago |
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack. |
| CVE-2016-4873 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function. |
| CVE-2016-4872 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail. |
| CVE-2016-4871 |
medium |
6.5 |
6.5 |
|
|
cybozu |
9y ago |
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service. |
| CVE-2016-4870 |
medium |
5.4 |
5.4 |
|
|
cybozu |
9y ago |
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function. |
| CVE-2016-4869 |
medium |
6.5 |
6.5 |
|
|
cybozu |
9y ago |
Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed. |
| CVE-2016-4868 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests. |
| CVE-2016-4867 |
medium |
4.3 |
4.3 |
|
|
cybozu |
9y ago |
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function. |
| CVE-2016-4866 |
medium |
4.8 |
4.8 |
|
|
cybozu |
9y ago |
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function. |
| CVE-2016-4865 |
medium |
4.8 |
4.8 |
|
|
cybozu |
9y ago |
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function. |
| CVE-2016-1193 |
high |
7.5 |
7.5 |
|
|
cybozu |
10y ago |
Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors. |
| CVE-2016-1190 |
medium |
6.5 |
6.5 |
|
|
cybozu |
10y ago |
Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors. |
| CVE-2016-1189 |
high |
8.1 |
8.1 |
|
|
cybozu |
10y ago |
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors. |
| CVE-2016-1188 |
medium |
6.5 |
6.5 |
|
|
cybozu |
10y ago |
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors. |
| CVE-2016-1196 |
medium |
4.3 |
4.3 |
|
|
cybozu |
10y ago |
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerabilit… |
| CVE-2016-1192 |
medium |
4.3 |
4.3 |
|
|
cybozu |
10y ago |
Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors. |
| CVE-2016-1191 |
medium |
5.3 |
5.3 |
|
|
cybozu |
10y ago |
Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors. |
| CVE-2015-7776 |
medium |
4.3 |
4.3 |
|
|
cybozu |
10y ago |
Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vul… |
| CVE-2016-1197 |
medium |
6.1 |
6.1 |
|
|
cybozu |
10y ago |
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2… |
| CVE-2016-1195 |
high |
7.4 |
7.4 |
|
|
cybozu |
10y ago |
Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. |
| CVE-2015-7775 |
medium |
5.4 |
5.4 |
|
|
cybozu |
10y ago |
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-20… |
| CVE-2016-1185 |
low |
2.5 |
2.5 |
|
|
cybozu |
10y ago |
The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application. |
| CVE-2016-1153 |
medium |
6.5 |
6.5 |
|
|
cybozu |
10y ago |
customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service via unspecified vectors, a different vulnerability than CVE-2015-8489. |
| CVE-2016-1152 |
medium |
5.4 |
5.4 |
|
|
cybozu |
10y ago |
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than CV… |
| CVE-2016-1151 |
high |
8.8 |
8.8 |
|
|
cybozu |
10y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users. |
| CVE-2016-1150 |
medium |
6.1 |
6.1 |
|
|
cybozu |
10y ago |
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C… |
| CVE-2016-1149 |
medium |
6.1 |
6.1 |
|
|
cybozu |
10y ago |
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C… |
| CVE-2015-8489 |
medium |
6.5 |
6.5 |
|
|
cybozu |
10y ago |
customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database locking) via a crafted CSV file, a different vulnerability than CVE-… |
| CVE-2015-8488 |
medium |
4.3 |
4.3 |
|
|
cybozu |
10y ago |
Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487. |
| CVE-2015-8487 |
medium |
4.3 |
4.3 |
|
|
cybozu |
10y ago |
Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488. |
| CVE-2015-8486 |
medium |
5.4 |
5.4 |
|
|
cybozu |
10y ago |
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary report titles via unspecified vectors, a different vulnerability than CV… |
| CVE-2015-8485 |
medium |
5.4 |
5.4 |
|
|
cybozu |
10y ago |
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than C… |
| CVE-2015-8484 |
medium |
5.4 |
5.4 |
|
|
cybozu |
10y ago |
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485, CVE-2015-8… |
| CVE-2015-8483 |
high |
7.4 |
7.4 |
|
|
cybozu |
10y ago |
Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. |
| CVE-2015-7798 |
medium |
6.1 |
6.1 |
|
|
cybozu |
10y ago |
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C… |
| CVE-2015-7797 |
medium |
6.1 |
6.1 |
|
|
cybozu |
10y ago |
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C… |
| CVE-2015-7796 |
medium |
6.1 |
6.1 |
|
|
cybozu |
10y ago |
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C… |
| CVE-2015-7795 |
medium |
6.1 |
6.1 |
|
|
cybozu |
10y ago |
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C… |
| CVE-2015-5647 |
high |
— |
8.5 |
|
|
cybozu |
11y ago |
The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866. |
| CVE-2015-5646 |
high |
— |
8.5 |
|
|
cybozu |
11y ago |
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867. |
| CVE-2015-5649 |
high |
— |
7.0 |
|
|
cybozu |
11y ago |
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended l… |
| CVE-2014-7266 |
high |
— |
7.8 |
|
|
cybozu |
12y ago |
Algorithmic complexity vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x through 3.1.2 allows remote attackers to cause a denial of service (CPU consumption) via vectors that trigg… |
| CVE-2014-5314 |
critical |
— |
9.0 |
|
|
cybozu |
12y ago |
Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages. |
| CVE-2014-1996 |
high |
— |
7.5 |
|
|
cybozu |
12y ago |
Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call. |
| CVE-2014-1995 |
low |
— |
3.5 |
|
|
cybozu |
12y ago |
Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspe… |
| CVE-2014-1994 |
low |
— |
3.5 |
|
|
cybozu |
12y ago |
Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified ve… |
| CVE-2014-1993 |
medium |
— |
4.0 |
|
|
cybozu |
12y ago |
The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors. |
| CVE-2014-1992 |
low |
— |
3.5 |
|
|
cybozu |
12y ago |
Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML… |
| CVE-2014-1987 |
critical |
— |
10.0 |
|
|
cybozu |
12y ago |
The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrary commands via unspecified vectors. |
| CVE-2014-1989 |
medium |
— |
6.0 |
|
|
cybozu |
12y ago |
Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information via unspecified API calls. |
| CVE-2014-1988 |
low |
— |
3.5 |
|
|
cybozu |
12y ago |
The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors. |
| CVE-2014-1984 |
medium |
— |
6.8 |
|
|
cybozu |
12y ago |
Session fixation vulnerability in the management screen in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to hijack web sessions via unspecified vectors. |
| CVE-2014-1983 |
high |
— |
7.8 |
|
|
cybozu |
12y ago |
Unspecified vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to cause a denial of service (CPU consumption) via unknown vectors. |
| CVE-2014-0821 |
medium |
— |
6.5 |
|
|
cybozu |
12y ago |
SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vect… |
