Lucene search
+L

32 matches found

CVE
CVE
added 2012/08/31 9:0 p.m.39 views

CVE-2011-5141

Open Business Management (OBM) vulnerable in versions up to 2.4.0-rc13 due to a directory traversal in exportcsv/exportcsv_index.php. Remote authenticated users can abuse a .. in the module parameter within an export_page action to include and execute arbitrary local files. Affected component: OB...

6CVSS6.9AI score0.01296EPSS
Exploits1References3Affected Software1
seebug.org
seebug.org
added 2011/12/21 12:0 a.m.24 views

Multiple vulnerabilities in OBM

No description provided by source. Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinobm.html Product: OBM Vendor: obm.org http://obm.org Vulnerable Version: 2.4.0-rc13 and probably prior Tested Version: 2.4.0-rc13 Vendor Notification: 30 November 2011 Vulnerability Type: XSS,...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2011/12/21 12:0 a.m.30 views

OBM 2.4.0-rc13 XSS / LFI / SQL Injection

Vulnerability ID: HTB23060 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinobm.html Product: OBM Vendor: obm.org http://obm.org Vulnerable Version: 2.4.0-rc13 and probably prior Tested Version: 2.4.0-rc13 Vendor Notification: 30 November 2011 Vulnerability Type: XSS, SQL...

0.2AI score
Exploits0
htbridge
htbridge
added 2011/11/30 12:0 a.m.32 views

Multiple vulnerabilities in OBM

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in OBM, which can be exploited to perform cross-site scripting, local file inclusion and SQL injection attacks and gain access to sensitive information. 1 Local File Inclusion in OBM 1.1 Input passed via the "module...

7.6CVSS8.2AI score
Exploits0Affected Software1
CVE
CVE
added 2008/11/21 5:0 p.m.48 views

CVE-2008-5194

The provided connected documents confirm a concrete vulnerability: SQL injection in SoftVisions Software Online Booking Manager (obm) 2.2, exploitable through the id parameter in checkavail.php. This allows remote attackers to execute arbitrary SQL commands. The issue is documented across CVE-200...

7.5CVSS8.4AI score0.01151EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2007/04/26 9:19 p.m.15 views

CVE-2007-2316

Unspecified vulnerability in the admin script in Open Business Management OBM before 2.0.0 allows remote attackers to have an unknown impact by calling the script "in txt mode from a browser."...

10CVSS6.6AI score0.02237EPSS
Exploits0References5
CVE
CVE
added 2007/04/26 9:0 p.m.60 views

CVE-2007-2316

Technical details for CVE-2007-2316 are not publicly available in the provided documents. Monitor for updates.

10CVSS6.6AI score0.02237EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2006/06/13 10:2 p.m.14 views

CVE-2006-3009

Multiple cross-site scripting XSS vulnerabilities in Open Business Management OBM 1.0.3 pl1 allow remote attackers to inject arbitrary HTML or web script via the 1 tflang, 2 tfname, 3 tfuser, 4 tflastname, 5 tfcontact, 6 tfdatebefore, and 7 tfdateafter parameters to files such as a...

5.8CVSS5.9AI score0.02568EPSS
Exploits1References9
Cvelist
Cvelist
added 2006/06/13 10:0 p.m.20 views

CVE-2006-3009

Multiple cross-site scripting XSS vulnerabilities in Open Business Management OBM 1.0.3 pl1 allow remote attackers to inject arbitrary HTML or web script via the 1 tflang, 2 tfname, 3 tfuser, 4 tflastname, 5 tfcontact, 6 tfdatebefore, and 7 tfdateafter parameters to files such as a...

5.9AI score0.02568EPSS
Exploits1References9
Cvelist
Cvelist
added 2006/06/13 10:0 p.m.22 views

CVE-2006-3010

Multiple SQL injection vulnerabilities in Open Business Management OBM 1.0.3 pl1 allow remote attackers to execute arbitrary SQL commands via the 1 neworder and 2 orderdir parameters to a index.php, b group/groupindex.php, c user/userindex.php, d list/listindex.php, and e company/companyindex.php...

8.5AI score0.01844EPSS
Exploits1References9
CVE
CVE
added 2006/06/13 10:0 p.m.56 views

CVE-2006-3010

CVE-2006-3010 concerns multiple SQL injection vulnerabilities in Open Business Management (OBM) 1.0.3 pl1. The issues enable remote attackers to execute arbitrary SQL commands via the following input vectors: (1) new_order and (2) order_dir parameters to (a) index.php, (b) group/group_index.php, ...

7.5CVSS8.9AI score0.01844EPSS
Exploits1References9Affected Software1
CVE
CVE
added 2006/06/13 10:0 p.m.51 views

CVE-2006-3009

Open Business Management (OBM) 1.0.3 pl1 is affected by multiple XSS flaws. The vulnerabilities allow remote attackers to inject arbitrary HTML/Script via parameters tf_lang, tf_name, tf_user, tf_lastname, tf_contact, tf_datebefore, and tf_dateafter in several pages (publication_index.php, group_...

5.8CVSS6.1AI score0.02568EPSS
Exploits1References9Affected Software1
Rows per page
Query Builder