|
219171
|
4.3 |
MEDIUM
Network
|
cybozu
|
garoon
|
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to change user information without access privileges via the Item function of User Information.
|
NVD-CWE-noinfo
|
CVE-2019-5935
|
2024-11-21 13:45 |
2019-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219172
|
7.2 |
HIGH
Network
|
cybozu
|
garoon
|
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application 'logging'.
|
CWE-89
SQL Injection
|
CVE-2019-5934
|
2024-11-21 13:45 |
2019-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219173
|
4.3 |
MEDIUM
Network
|
cybozu
|
garoon
|
Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to bypass access restriction to view the Bulletin Board without view privileges via the application 'Bulletin'.
|
NVD-CWE-noinfo
|
CVE-2019-5933
|
2024-11-21 13:45 |
2019-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219174
|
4.8 |
MEDIUM
Network
|
cybozu
|
garoon
|
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Portal'.
|
CWE-79
Cross-site Scripting
|
CVE-2019-5932
|
2024-11-21 13:45 |
2019-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219175
|
8.7 |
HIGH
Network
|
cybozu
|
garoon
|
Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2019-5931
|
2024-11-21 13:45 |
2019-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219176
|
4.3 |
MEDIUM
Network
|
cybozu
|
garoon
|
Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access restriction to browse unauthorized pages via the application 'Management of Basic System'.
|
NVD-CWE-noinfo
|
CVE-2019-5930
|
2024-11-21 13:45 |
2019-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219177
|
6.1 |
MEDIUM
Network
|
cybozu
|
garoon
|
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the application 'Memo'.
|
CWE-79
Cross-site Scripting
|
CVE-2019-5929
|
2024-11-21 13:45 |
2019-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219178
|
6.1 |
MEDIUM
Network
|
cybozu
|
garoon
|
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function.
|
CWE-79
Cross-site Scripting
|
CVE-2019-5928
|
2024-11-21 13:45 |
2019-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219179
|
9.1 |
CRITICAL
Network
|
gitlab
|
gitlab
|
An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 6.0 and later but before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. The issue comments featur…
|
NVD-CWE-noinfo
|
CVE-2019-5883
|
2024-11-21 13:45 |
2019-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219180
|
7.5 |
HIGH
Network
|
freebsd
|
freebsd
|
In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in pf does not check if the outer ICMP or I…
|
CWE-20
Improper Input Validation
|
CVE-2019-5598
|
2024-11-21 13:45 |
2019-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
