RSS   Vulnerabilities for 'Garoon'   RSS

2017-04-28
 
CVE-2017-2095

 

 
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors.

 
 
CVE-2017-2094

 

 
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.

 
 
CVE-2017-2093

 

 
Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.

 
 
CVE-2017-2092

 

 
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

 
 
CVE-2017-2091

 

 
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.

 
2017-04-21
 
CVE-2016-1194

 

 
Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service.

 
2017-04-20
 
CVE-2016-1220

 

 
Cybozu Garoon before 4.2.2 does not properly restrict access.

 
 
CVE-2016-1218

 

 
SQL injection vulnerability in Cybozu Garoon before 4.2.2.

 
 
CVE-2016-1217

 

 
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.

 
 
CVE-2016-1216

 

 
Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2.

 


Copyright 2017, cxsecurity.com