5 matches found
CVE-2011-5144
Open Business Management (OBM) server vulnerability CVE-2011-5144 affects OBM 2.4.0-rc13 and earlier. A direct request to test.php triggers phpinfo(), allowing remote attackers to obtain configuration information, i.e., partial disclosure of sensitive data. This is a server-side information discl...
CVE-2011-5142
Open Business Management (OBM) 2.4.0-rc13 and possibly earlier versions are affected by multiple XSS vulnerabilities. The issue allows remote attackers to inject arbitrary web script or HTML via several parameters in OBM’s web interfaces: tf_delegation, tf_ip, and tf_name in search action to host...
CVE-2011-5145
Open Business Management (OBM)
CVE-2011-5143
CVE-2011-5143 — Multiple XSS vulnerabilities in Open Business Management (OBM) 2.3.20 and earlier allow remote attackers to inject arbitrary script/HTML via index.php parameters tf_name, tf_delegation, and tf_ip. The OpenVAS entry for Open Business Management
CVE-2011-5141
Open Business Management (OBM) vulnerable in versions up to 2.4.0-rc13 due to a directory traversal in exportcsv/exportcsv_index.php. Remote authenticated users can abuse a .. in the module parameter within an export_page action to include and execute arbitrary local files. Affected component: OB...