CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cybozu » Garoon » 2.1 SP3 : Security Vulnerabilities

Cpe Name:cpe:/a:cybozu:garoon:2.1:sp3
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-0821 89 Exec Code Sql 2014-02-26 2014-03-07
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931.
2 CVE-2014-0820 22 Dir. Trav. 2014-02-26 2014-03-10
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to read arbitrary files via unspecified vectors.
3 CVE-2014-0817 264 2014-02-26 2014-02-27
4.9
None Remote Medium Single system Partial Partial None
Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors.
4 CVE-2013-6930 89 Exec Code Sql 2014-01-29 2014-02-21
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0 through 2.5.4, 3.0.0 through 3.0.3, 3.5.0 through 3.5.5, and 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929.
5 CVE-2013-6916 79 XSS 2013-12-05 2013-12-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface Library in Cybozu Garoon before 3.7.2, when Internet Explorer 9 or 10 or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
6 CVE-2013-6915 79 XSS 2013-12-05 2013-12-31
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
7 CVE-2013-6914 79 XSS 2013-12-05 2013-12-31
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
8 CVE-2013-6913 79 XSS 2013-12-05 2013-12-13
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
9 CVE-2013-6912 79 XSS 2013-12-05 2013-12-13
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2, when Internet Explorer 6 through 9 is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
10 CVE-2013-6911 79 XSS 2013-12-05 2013-12-13
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
11 CVE-2013-6910 79 XSS 2013-12-05 2013-12-31
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Ajax components in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
12 CVE-2013-6909 79 XSS 2013-12-05 2013-12-31
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in a report component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13 CVE-2013-6907 79 XSS 2013-12-05 2013-12-31
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 2.x and 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14 CVE-2013-6906 79 XSS 2013-12-05 2013-12-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon before 3.7.0, when Internet Explorer 6 through 8 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
15 CVE-2013-6905 79 XSS 2013-12-05 2013-12-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in a phone component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
16 CVE-2013-6904 79 XSS 2013-12-05 2013-12-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in a note component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
17 CVE-2013-6903 79 XSS 2013-12-05 2013-12-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in a schedule component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
18 CVE-2013-6902 79 XSS 2013-12-05 2014-01-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
19 CVE-2013-6901 79 XSS 2013-12-05 2013-12-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
20 CVE-2013-6900 79 XSS 2013-12-05 2014-01-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
21 CVE-2013-6004 264 2013-12-05 2014-01-03
6.8
None Remote Medium Not required Partial Partial Partial
Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors.
22 CVE-2013-6002 399 DoS 2013-12-05 2014-01-03
5.0
None Remote Low Not required None None Partial
The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
23 CVE-2013-6001 89 Exec Code Sql 2013-12-05 2014-01-03
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the Space function in Cybozu Garoon before 3.7 SP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Total number of vulnerabilities : 23   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.