Micro Focus Operations Bridge Manager 跨站脚本漏洞

Micro Focus Operations Bridge Manager is a software application from Micro Focus UK. It provides a monitoring function. A security vulnerability exists in Micro Focus Micro Focus Operations Bridge Manager versions prior to 2022.11, Micro Focus Micro Focus Operations Bridge- Containerized versions...

Micro Focus Operations Bridge Manager / Reporter Local Privilege Escalation

This module exploits an incorrectly permissioned folder in Micro Focus Operations Bridge Manager and Operations Bridge Reporter. An unprivileged user such as Guest can drop a JSP file in an exploded WAR directory and then access it without authentication by making a request to the OBM / OBR serve...

Micro Focus Operations Bridge Manager Local Privilege Escalation Exploit

This Metasploit module exploits an insecure permission vulnerability on a folder in Micro Focus Operations Bridge Manager. An unprivileged user such as Guest can drop a JSP file in an exploded WAR directory and then access it without authentication by making a request to the OBM server. This will...

CVE-2021-22504

Arbitrary code execution vulnerability on Micro Focus Operations Bridge Manager product, affecting versions 10.1x, 10.6x, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10. The vulnerability could allow remote attackers to execute arbitrary code on an OBM server...

CVE-2021-22504

Arbitrary code execution vulnerability on Micro Focus Operations Bridge Manager product, affecting versions 10.1x, 10.6x, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10. The vulnerability could allow remote attackers to execute arbitrary code on an OBM server...

GTX CMS 2013 Optima - SQL Injection

No description provided by source. Document Title: =============== GTX CMS 2013 Optima - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1124 Release Date: ============= 2013-10-29 Vulnerability Laboratory ID VL-ID:...

GTX CMS 2013 Optima - SQL Injection

Document Title: =============== GTX CMS 2013 Optima - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1124 Release Date: ============= 2013-10-29 Vulnerability Laboratory ID VL-ID: ==================================== 1124...

CVE-2011-5142

Multiple cross-site scripting XSS vulnerabilities in Open Business Management OBM 2.4.0-rc13 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the 1 tfdelegation, 2 tfip, or 3 tfname parameter in a search action to host/hostindex.php; 4 login parameter to...

CVE-2011-5141

Directory traversal vulnerability in exportcsv/exportcsvindex.php in Open Business Management OBM 2.4.0-rc13 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. dot dot in the module parameter in an exportpage action...

CVE-2011-5144

Open Business Management OBM 2.4.0-rc13 and earlier allows remote attackers to obtain configuration information via a direct request to test.php, which calls the phpinfo function...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Open Business Management OBM 2.3.20 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the 1 tfname, 2 tfdelegation, and 3 tfip parameters to index.php. NOTE: the provenance of this information is unknown; th...

Sql injection

Multiple SQL injection vulnerabilities in Open Business Management OBM 2.4.0-rc13 and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 seldomainid or 2 action parameter to obm.php; 3 tfuser parameter in a search action to group/groupindex.php; 4...

CVE-2011-5142

Multiple cross-site scripting XSS vulnerabilities in Open Business Management OBM 2.4.0-rc13 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the 1 tfdelegation, 2 tfip, or 3 tfname parameter in a search action to host/hostindex.php; 4 login parameter to...

CVE-2011-5141

Directory traversal vulnerability in exportcsv/exportcsvindex.php in Open Business Management OBM 2.4.0-rc13 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. dot dot in the module parameter in an exportpage action...

CVE-2011-5143

Multiple cross-site scripting XSS vulnerabilities in Open Business Management OBM 2.3.20 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the 1 tfname, 2 tfdelegation, and 3 tfip parameters to index.php. NOTE: the provenance of this information is unknown; th...

CVE-2011-5144

Open Business Management OBM 2.4.0-rc13 and earlier allows remote attackers to obtain configuration information via a direct request to test.php, which calls the phpinfo function...

CVE-2011-5145

Open Business Management (OBM)

CVE-2011-5141

Open Business Management (OBM) vulnerable in versions up to 2.4.0-rc13 due to a directory traversal in exportcsv/exportcsv_index.php. Remote authenticated users can abuse a .. in the module parameter within an export_page action to include and execute arbitrary local files. Affected component: OB...

CVE-2011-5142

Open Business Management (OBM) 2.4.0-rc13 and possibly earlier versions are affected by multiple XSS vulnerabilities. The issue allows remote attackers to inject arbitrary web script or HTML via several parameters in OBM’s web interfaces: tf_delegation, tf_ip, and tf_name in search action to host...

CVE-2011-5144

Open Business Management (OBM) server vulnerability CVE-2011-5144 affects OBM 2.4.0-rc13 and earlier. A direct request to test.php triggers phpinfo(), allowing remote attackers to obtain configuration information, i.e., partial disclosure of sensitive data. This is a server-side information discl...