32 matches found
Micro Focus Operations Bridge Manager 跨站脚本漏洞
Micro Focus Operations Bridge Manager is a software application from Micro Focus UK. It provides a monitoring function. A security vulnerability exists in Micro Focus Micro Focus Operations Bridge Manager versions prior to 2022.11, Micro Focus Micro Focus Operations Bridge- Containerized versions...
Micro Focus Operations Bridge Manager / Reporter Local Privilege Escalation
This module exploits an incorrectly permissioned folder in Micro Focus Operations Bridge Manager and Operations Bridge Reporter. An unprivileged user such as Guest can drop a JSP file in an exploded WAR directory and then access it without authentication by making a request to the OBM / OBR serve...
Micro Focus Operations Bridge Manager Local Privilege Escalation Exploit
This Metasploit module exploits an insecure permission vulnerability on a folder in Micro Focus Operations Bridge Manager. An unprivileged user such as Guest can drop a JSP file in an exploded WAR directory and then access it without authentication by making a request to the OBM server. This will...
CVE-2021-22504
Arbitrary code execution vulnerability on Micro Focus Operations Bridge Manager product, affecting versions 10.1x, 10.6x, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10. The vulnerability could allow remote attackers to execute arbitrary code on an OBM server...
CVE-2021-22504
Arbitrary code execution vulnerability on Micro Focus Operations Bridge Manager product, affecting versions 10.1x, 10.6x, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10. The vulnerability could allow remote attackers to execute arbitrary code on an OBM server...
GTX CMS 2013 Optima - SQL Injection
No description provided by source. Document Title: =============== GTX CMS 2013 Optima - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1124 Release Date: ============= 2013-10-29 Vulnerability Laboratory ID VL-ID:...
GTX CMS 2013 Optima - SQL Injection
Document Title: =============== GTX CMS 2013 Optima - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1124 Release Date: ============= 2013-10-29 Vulnerability Laboratory ID VL-ID: ==================================== 1124...
CVE-2011-5142
Multiple cross-site scripting XSS vulnerabilities in Open Business Management OBM 2.4.0-rc13 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the 1 tfdelegation, 2 tfip, or 3 tfname parameter in a search action to host/hostindex.php; 4 login parameter to...
Sql injection
Multiple SQL injection vulnerabilities in Open Business Management OBM 2.4.0-rc13 and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 seldomainid or 2 action parameter to obm.php; 3 tfuser parameter in a search action to group/groupindex.php; 4...
CVE-2011-5142
Multiple cross-site scripting XSS vulnerabilities in Open Business Management OBM 2.4.0-rc13 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the 1 tfdelegation, 2 tfip, or 3 tfname parameter in a search action to host/hostindex.php; 4 login parameter to...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Open Business Management OBM 2.3.20 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the 1 tfname, 2 tfdelegation, and 3 tfip parameters to index.php. NOTE: the provenance of this information is unknown; th...
CVE-2011-5141
Directory traversal vulnerability in exportcsv/exportcsvindex.php in Open Business Management OBM 2.4.0-rc13 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. dot dot in the module parameter in an exportpage action...
CVE-2011-5144
Open Business Management OBM 2.4.0-rc13 and earlier allows remote attackers to obtain configuration information via a direct request to test.php, which calls the phpinfo function...
CVE-2011-5143
CVE-2011-5143 — Multiple XSS vulnerabilities in Open Business Management (OBM) 2.3.20 and earlier allow remote attackers to inject arbitrary script/HTML via index.php parameters tf_name, tf_delegation, and tf_ip. The OpenVAS entry for Open Business Management
CVE-2011-5141
Open Business Management (OBM) vulnerable in versions up to 2.4.0-rc13 due to a directory traversal in exportcsv/exportcsv_index.php. Remote authenticated users can abuse a .. in the module parameter within an export_page action to include and execute arbitrary local files. Affected component: OB...
CVE-2011-5143
Multiple cross-site scripting XSS vulnerabilities in Open Business Management OBM 2.3.20 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the 1 tfname, 2 tfdelegation, and 3 tfip parameters to index.php. NOTE: the provenance of this information is unknown; th...
CVE-2011-5144
Open Business Management OBM 2.4.0-rc13 and earlier allows remote attackers to obtain configuration information via a direct request to test.php, which calls the phpinfo function...
CVE-2011-5141
Directory traversal vulnerability in exportcsv/exportcsvindex.php in Open Business Management OBM 2.4.0-rc13 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. dot dot in the module parameter in an exportpage action...
CVE-2011-5144
Open Business Management (OBM) server vulnerability CVE-2011-5144 affects OBM 2.4.0-rc13 and earlier. A direct request to test.php triggers phpinfo(), allowing remote attackers to obtain configuration information, i.e., partial disclosure of sensitive data. This is a server-side information discl...
CVE-2011-5145
Open Business Management (OBM)