CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-5143
https://notcve.org/view.php?id=CVE-2011-5143
Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 2.3.20 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tf_name, (2) tf_delegation, and (3) tf_ip parameters to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Open Business Management (OBM) v2.3.20 y probablemente antes permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del tf_name (1), tf_delegation (2), y (3) los parámetros tf_ip a index.php. NOTA: el origen de esta información es desconocida, los datos se obtienen exclusivamente a partir de información de terceros • http://secunia.com/advisories/47139 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2CVE-2011-5144
https://notcve.org/view.php?id=CVE-2011-5144
Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote attackers to obtain configuration information via a direct request to test.php, which calls the phpinfo function. Open Business Management (OBM) v2.4.0-rc13 y anteriores permite a atacantes remotos obtener información de la configuración a través de una petición directa a test.php, que hace una llamada a la función phpinfo. • http://osvdb.org/78009 http://secunia.com/advisories/47139 https://exchange.xforce.ibmcloud.com/vulnerabilities/71924 https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_obm.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2011-5142
https://notcve.org/view.php?id=CVE-2011-5142
Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 2.4.0-rc13 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tf_delegation, (2) tf_ip, or (3) tf_name parameter in a search action to host/host_index.php; (4) login parameter to obm.php; or (5) tf_user parameter in a search action to group/group_index.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Open Business Management (OBM) v2.4.0-rc13 y probablemente antes permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del tf_delegation (1), (2) tf_ip, o (3) tf_name parámetro en una acción de búsqueda de host / host_index.php, (4) los parámetros de inicio de sesión para obm.php, o (5) parámetro tf_user en una acción de búsqueda de grupo / group_index.php • http://osvdb.org/78007 http://osvdb.org/78008 http://secunia.com/advisories/47139 https://exchange.xforce.ibmcloud.com/vulnerabilities/71923 https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_obm.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 2CVE-2011-5141
https://notcve.org/view.php?id=CVE-2011-5141
Directory traversal vulnerability in exportcsv/exportcsv_index.php in Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the module parameter in an export_page action. Vulnerabilidad de ejecución directorio transversal en exportcsv/exportcsv_index.php en Open Business Management (OBM) v2.4.0-RC13 y anteriores permite a usuarios remotos autenticados incluir y ejecutar archivos locales a través de un .. (punto punto) en el parámetro de módulo en una acción export_page. • http://osvdb.org/78003 https://exchange.xforce.ibmcloud.com/vulnerabilities/71921 https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_obm.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2011-5145
https://notcve.org/view.php?id=CVE-2011-5145
Multiple SQL injection vulnerabilities in Open Business Management (OBM) 2.4.0-rc13 and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sel_domain_id or (2) action parameter to obm.php; (3) tf_user parameter in a search action to group/group_index.php; (4) tf_delegation, (5) tf_ip, (6) tf_name to host/host_index.php; or (7) lang, (8) theme, (9) cal_alert, (10) cal_first_hour, (11) cal_interval, (12) cal_last_hour, (13) commentorder, (14) csv_sep, (15) date, (16) date_upd, (17) debug_exe, (18) debug_id, (19) debug_param, (20) debug_sess, (21) debug_solr, (22) debug_sql, (23) dsrc, (24) menu, (25) rows, (26) sel_display_days, (27) timeformat, (28) timezone, or (29) todo parameter to settings/settings_index.php. Múltiples vulnerabilidades de inyección SQL en Open Business Management (OBM) v2.4.0-rc13 y probablemente anteriores permite a atacantes autenticados ejecutar comandos SQL de su elección a través de los parámetros (1) sel_domain_id o (2) action de obm.php; el parámetro (3) tf_user en una acción de búsqueda de group/group_index.php; los parámetros (4) tf_delegation, (5) tf_ip, (6) tf_name de host/host_index.php; o los parámetros (7) lang, (8) theme, (9) cal_alert, (10) cal_first_hour, (11) cal_interval, (12) cal_last_hour, (13) commentorder, (14) csv_sep, (15) date, (16) date_upd, (17) debug_exe, (18) debug_id, (19) debug_param, (20) debug_sess, (21) debug_solr, (22) debug_sql, (23) dsrc, (24) menu, (25) rows, (26) sel_display_days, (27) timeformat, (28) timezone, o (29) todo de settings/settings_index.php. • http://osvdb.org/78004 http://osvdb.org/78005 http://osvdb.org/78006 http://secunia.com/advisories/47139 https://exchange.xforce.ibmcloud.com/vulnerabilities/71922 https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_obm.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •