Product:

Garoon

(Cybozu)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 190
Date Id Summary Products Score Patch Annotated
2017-06-09 CVE-2016-7803 SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function. Garoon 8.8
2017-06-09 CVE-2016-7802 Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors. Garoon 6.5
2017-06-09 CVE-2016-7801 Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors. Garoon 4.3
2017-06-09 CVE-2016-4910 Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors. Garoon 4.3
2017-06-09 CVE-2016-4909 Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors. Garoon 4.3
2017-06-09 CVE-2016-4908 Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors. Garoon 4.3
2017-06-09 CVE-2016-4907 Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors. Garoon 8.8
2017-06-09 CVE-2016-4906 Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai. Garoon 6.1
2017-04-20 CVE-2016-1220 Cybozu Garoon before 4.2.2 does not properly restrict access. Garoon 4.3
2017-04-20 CVE-2016-1219 Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use. Garoon 9.8