2 matches found
CVE-2006-3010
CVE-2006-3010 concerns multiple SQL injection vulnerabilities in Open Business Management (OBM) 1.0.3 pl1. The issues enable remote attackers to execute arbitrary SQL commands via the following input vectors: (1) new_order and (2) order_dir parameters to (a) index.php, (b) group/group_index.php, ...
CVE-2006-3009
Open Business Management (OBM) 1.0.3 pl1 is affected by multiple XSS flaws. The vulnerabilities allow remote attackers to inject arbitrary HTML/Script via parameters tf_lang, tf_name, tf_user, tf_lastname, tf_contact, tf_datebefore, and tf_dateafter in several pages (publication_index.php, group_...