Refine your search
4 vulnerabilities found for ENISYS by Techno Project Japan Co.
jvndb-2015-000169
Vulnerability from jvndb
Published
2015-10-29 13:46
Modified
2015-11-02 18:05
Summary
Enisys Gw vulnerable to cross-site scripting
Details
Enisys Gw provided by Techno Project Japan Co. is an open source groupware. Enisys Gw contains a cross-site scripting vulnerability (CWE-79).
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000169.html",
"dc:date": "2015-11-02T18:05+09:00",
"dcterms:issued": "2015-10-29T13:46+09:00",
"dcterms:modified": "2015-11-02T18:05+09:00",
"description": "Enisys Gw provided by Techno Project Japan Co. is an open source groupware. Enisys Gw contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nShoji Baba reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000169.html",
"sec:cpe": {
"#text": "cpe:/a:techno_project_japan:enisys_gw",
"@product": "ENISYS",
"@vendor": "Techno Project Japan Co.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000169",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN13874649/index.html",
"@id": "JVN#13874649",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5670",
"@id": "CVE-2015-5670",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5670",
"@id": "CVE-2015-5670",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Enisys Gw vulnerable to cross-site scripting"
}
jvndb-2015-000170
Vulnerability from jvndb
Published
2015-10-29 13:46
Modified
2015-11-02 18:05
Summary
Enisys Gw fails to restrict access permissions
Details
Enisys Gw provided by Techno Project Japan Co. is an open source groupware. Enisys Gw fails to restrict access permissions.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000170.html",
"dc:date": "2015-11-02T18:05+09:00",
"dcterms:issued": "2015-10-29T13:46+09:00",
"dcterms:modified": "2015-11-02T18:05+09:00",
"description": "Enisys Gw provided by Techno Project Japan Co. is an open source groupware. Enisys Gw fails to restrict access permissions.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000170.html",
"sec:cpe": {
"#text": "cpe:/a:techno_project_japan:enisys_gw",
"@product": "ENISYS",
"@vendor": "Techno Project Japan Co.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000170",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN68289108/index.html",
"@id": "JVN#68289108",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5671",
"@id": "CVE-2015-5671",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5671",
"@id": "CVE-2015-5671",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Enisys Gw fails to restrict access permissions"
}
jvndb-2015-000167
Vulnerability from jvndb
Published
2015-10-29 13:37
Modified
2015-11-02 18:05
Summary
Enisys Gw vulnerable to SQL injection
Details
Enisys Gw provided by Techno Project Japan Co. is an open source groupware. Enisys Gw contains an SQL injection vulnerability (CWE-89).
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000167.html",
"dc:date": "2015-11-02T18:05+09:00",
"dcterms:issued": "2015-10-29T13:37+09:00",
"dcterms:modified": "2015-11-02T18:05+09:00",
"description": "Enisys Gw provided by Techno Project Japan Co. is an open source groupware. Enisys Gw contains an SQL injection vulnerability (CWE-89).\r\n\r\nShoji Baba reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000167.html",
"sec:cpe": {
"#text": "cpe:/a:techno_project_japan:enisys_gw",
"@product": "ENISYS",
"@vendor": "Techno Project Japan Co.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000167",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN58615092/index.html",
"@id": "JVN#58615092",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5668",
"@id": "CVE-2015-5668",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5668",
"@id": "CVE-2015-5668",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
}
],
"title": "Enisys Gw vulnerable to SQL injection"
}
jvndb-2015-000168
Vulnerability from jvndb
Published
2015-10-29 13:37
Modified
2015-11-02 18:05
Summary
Enisys Gw vulnerable to arbitrary file creation
Details
Enisys Gw provided by Techno Project Japan Co. is an open source groupware. Enisys Gw contains a vulnerability that may allow a remote attacker to create arbitrary files.
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000168.html",
"dc:date": "2015-11-02T18:05+09:00",
"dcterms:issued": "2015-10-29T13:37+09:00",
"dcterms:modified": "2015-11-02T18:05+09:00",
"description": "Enisys Gw provided by Techno Project Japan Co. is an open source groupware. Enisys Gw contains a vulnerability that may allow a remote attacker to create arbitrary files.\r\n\r\nShoji Baba reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000168.html",
"sec:cpe": {
"#text": "cpe:/a:techno_project_japan:enisys_gw",
"@product": "ENISYS",
"@vendor": "Techno Project Japan Co.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000168",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN33179297/index.html",
"@id": "JVN#33179297",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5669",
"@id": "CVE-2015-5669",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5669",
"@id": "CVE-2015-5669",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Enisys Gw vulnerable to arbitrary file creation"
}