32 matches found
CVE-2011-5141
Open Business Management (OBM) vulnerable in versions up to 2.4.0-rc13 due to a directory traversal in exportcsv/exportcsv_index.php. Remote authenticated users can abuse a .. in the module parameter within an export_page action to include and execute arbitrary local files. Affected component: OB...
Multiple vulnerabilities in OBM
No description provided by source. Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinobm.html Product: OBM Vendor: obm.org http://obm.org Vulnerable Version: 2.4.0-rc13 and probably prior Tested Version: 2.4.0-rc13 Vendor Notification: 30 November 2011 Vulnerability Type: XSS,...
OBM 2.4.0-rc13 XSS / LFI / SQL Injection
Vulnerability ID: HTB23060 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinobm.html Product: OBM Vendor: obm.org http://obm.org Vulnerable Version: 2.4.0-rc13 and probably prior Tested Version: 2.4.0-rc13 Vendor Notification: 30 November 2011 Vulnerability Type: XSS, SQL...
Multiple vulnerabilities in OBM
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in OBM, which can be exploited to perform cross-site scripting, local file inclusion and SQL injection attacks and gain access to sensitive information. 1 Local File Inclusion in OBM 1.1 Input passed via the "module...
CVE-2008-5194
The provided connected documents confirm a concrete vulnerability: SQL injection in SoftVisions Software Online Booking Manager (obm) 2.2, exploitable through the id parameter in checkavail.php. This allows remote attackers to execute arbitrary SQL commands. The issue is documented across CVE-200...
CVE-2007-2316
Unspecified vulnerability in the admin script in Open Business Management OBM before 2.0.0 allows remote attackers to have an unknown impact by calling the script "in txt mode from a browser."...
CVE-2007-2316
Technical details for CVE-2007-2316 are not publicly available in the provided documents. Monitor for updates.
CVE-2006-3009
Multiple cross-site scripting XSS vulnerabilities in Open Business Management OBM 1.0.3 pl1 allow remote attackers to inject arbitrary HTML or web script via the 1 tflang, 2 tfname, 3 tfuser, 4 tflastname, 5 tfcontact, 6 tfdatebefore, and 7 tfdateafter parameters to files such as a...
CVE-2006-3009
Multiple cross-site scripting XSS vulnerabilities in Open Business Management OBM 1.0.3 pl1 allow remote attackers to inject arbitrary HTML or web script via the 1 tflang, 2 tfname, 3 tfuser, 4 tflastname, 5 tfcontact, 6 tfdatebefore, and 7 tfdateafter parameters to files such as a...
CVE-2006-3010
Multiple SQL injection vulnerabilities in Open Business Management OBM 1.0.3 pl1 allow remote attackers to execute arbitrary SQL commands via the 1 neworder and 2 orderdir parameters to a index.php, b group/groupindex.php, c user/userindex.php, d list/listindex.php, and e company/companyindex.php...
CVE-2006-3010
CVE-2006-3010 concerns multiple SQL injection vulnerabilities in Open Business Management (OBM) 1.0.3 pl1. The issues enable remote attackers to execute arbitrary SQL commands via the following input vectors: (1) new_order and (2) order_dir parameters to (a) index.php, (b) group/group_index.php, ...
CVE-2006-3009
Open Business Management (OBM) 1.0.3 pl1 is affected by multiple XSS flaws. The vulnerabilities allow remote attackers to inject arbitrary HTML/Script via parameters tf_lang, tf_name, tf_user, tf_lastname, tf_contact, tf_datebefore, and tf_dateafter in several pages (publication_index.php, group_...