| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
65501 |
CVE-2011-5197 |
352 |
1
|
CSRF |
2012-09-23 |
2016-09-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Harvester Systems 2.3.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files. |
|
65502 |
CVE-2011-5196 |
352 |
1
|
CSRF |
2012-09-23 |
2016-09-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files. |
|
65503 |
CVE-2011-5195 |
352 |
1
|
CSRF |
2012-09-23 |
2016-09-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Conference Systems 2.3.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload a PHP file. |
|
65504 |
CVE-2011-5194 |
79 |
1
|
XSS |
2012-09-23 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin before 1.4.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vulnerability than CVE-2011-5193. |
|
65505 |
CVE-2011-5192 |
79 |
|
XSS |
2012-09-23 |
2012-09-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5191. |
|
65506 |
CVE-2011-5191 |
79 |
|
XSS |
2012-09-23 |
2012-09-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5192. |
|
65507 |
CVE-2011-5190 |
79 |
1
|
XSS |
2012-09-20 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Social Book Facebook Clone 2010 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO parameter to (1) signup.php, (2) lostpass.php, (3) login.php, (4) index.php, (5) help_tos.php, (6) help_contact.php, or (7) help.php. |
|
65508 |
CVE-2011-5186 |
79 |
1
|
XSS |
2012-09-20 |
2012-12-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in jbshop.php in the jbShop plugin for e107 7 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter. |
|
65509 |
CVE-2011-5185 |
79 |
1
|
XSS |
2012-09-20 |
2012-09-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in video_comments.php in Online Subtitles Workshop before 2.0 rev 131 allows remote attackers to inject arbitrary web script or HTML via the comment parameter. |
|
65510 |
CVE-2011-5184 |
79 |
|
XSS |
2012-09-20 |
2018-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i 9.10 allow remote attackers to inject arbitrary web script or HTML via the (1) node parameter to nnm/mibdiscover; (2) nodename parameter to nnm/protected/configurationpoll.jsp, (3) nnm/protected/ping.jsp, (4) nnm/protected/statuspoll.jsp, or (5) nnm/protected/traceroute.jsp; or (6) field parameter to nmm/validate. NOTE: this might be a duplicate of CVE-2011-4155 or CVE-2011-4156. |
|
65511 |
CVE-2011-5183 |
89 |
1
|
Exec Code Sql |
2012-09-20 |
2012-12-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in OrderSys 1.6.4 and earlier allow remote attackers to execute arbitrary SQL commands via the where_clause parameter to (1) index.php, (2) index_long.php, or (3) index_short.php in ordering/interface_creator/. |
|
65512 |
CVE-2011-5182 |
79 |
|
XSS |
2012-09-20 |
2018-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
** DISPUTED ** Cross-site scripting (XSS) vulnerability in lanoba-social-plugin/index.php in the Lanoba Social plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor disputes this issue, stating "Lanoba's plug in does sanitize user input, and because that input is never sent to the browser, an attacker has no way of executing script or code on a user's behalf." |
|
65513 |
CVE-2011-5181 |
79 |
|
XSS |
2012-09-20 |
2018-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter. NOTE: some of these details are obtained from third party information. |
|
65514 |
CVE-2011-5180 |
79 |
|
XSS |
2012-09-20 |
2018-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in wp-1pluginjquery.php in the ZooEffect plugin 1.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: some of these details are obtained from third party information. NOTE: this has been disputed by a third party. |
|
65515 |
CVE-2011-5179 |
79 |
|
XSS |
2012-09-20 |
2018-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter. |
|
65516 |
CVE-2011-5178 |
79 |
|
XSS |
2012-09-20 |
2012-12-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in netmri/config/userAdmin/login.tdf in Infoblox NetMRI 6.0.2.42, 6.1.2, 6.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) eulaAccepted or (2) mode parameter. |
|
65517 |
CVE-2011-5177 |
79 |
1
|
XSS |
2012-09-20 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in admin/controller.php in eSyndiCat Pro 2.3.05 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to the admins (2) blocks, (3) articles, or (4) suggest-category; or (5) sort parameter to the search page. |
|
65518 |
CVE-2011-5176 |
79 |
|
XSS |
2012-09-15 |
2012-09-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in search.php in Banana Dance, possibly B.1.5 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) category parameter. |
|
65519 |
CVE-2011-5175 |
89 |
1
|
Exec Code Sql |
2012-09-15 |
2012-09-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in search.php in Banana Dance, possibly B.1.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the category parameter. |
|
65520 |
CVE-2011-5174 |
119 |
|
Exec Code Overflow Bypass |
2012-09-15 |
2017-11-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) in Intel Q67 Express, C202, C204, C206 Chipsets, and Mobile Intel QM67, and QS67 Chipset before 2nd_gen_i5_i7_SINIT_51.BIN Express; Intel Q57, 3450 Chipsets and Mobile Intel QM57 and QS57 Express Chipset before i5_i7_DUAL_SINIT_51.BIN and i7_QUAD_SINIT_51.BIN; Mobile Intel GM45, GS45, and PM45 Express Chipset before GM45_GS45_PM45_SINIT_51.BIN; Intel Q35 Express Chipsets before Q35_SINIT_51.BIN; and Intel 5520, 5500, X58, and 7500 Chipsets before SINIT ACM 1.1 allows local users to bypass the Trusted Execution Technology protection mechanism and perform other unspecified SINIT ACM functions via unspecified vectors. |
|
65521 |
CVE-2011-5173 |
119 |
1
|
DoS Exec Code Overflow |
2012-09-15 |
2017-08-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Bugbear Entertainment FlatOut 2005 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field in a bed file. |
|
65522 |
CVE-2011-5172 |
119 |
1
|
Exec Code Overflow |
2012-09-15 |
2017-08-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in StoryBoard Quick 6 Build 3786, and possibly StoryBoard Artist and StoryBoard Studio, allows remote attackers to execute arbitrary code via a long string in the string element field in a frame xml file. |
|
65523 |
CVE-2011-5171 |
119 |
1
|
Exec Code Overflow |
2012-09-15 |
2017-08-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple stack-based buffer overflows in CyberLink Power2Go 7 (build 196) and 8 (build 1031) allow remote attackers to execute arbitrary code via the (1) src and (2) name parameters in a p2g project file. |
|
65524 |
CVE-2011-5170 |
119 |
2
|
Exec Code Overflow |
2012-09-15 |
2017-08-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in Castillo Bueno Systems CCMPlayer 1.5 allows remote attackers to execute arbitrary code via a long track name in an m3u playlist. |
|
65525 |
CVE-2011-5169 |
89 |
|
Exec Code Sql |
2012-09-15 |
2018-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in sgms/reports/scheduledreports/configure/scheduleProps.jsp in SonicWall ViewPoint 6.0 SP2 allows remote attackers to execute arbitrary SQL commands via the scheduleID parameter. |
|
65526 |
CVE-2011-5168 |
89 |
1
|
Exec Code Sql |
2012-09-15 |
2013-09-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
65527 |
CVE-2011-5167 |
119 |
1
|
Exec Code Overflow |
2012-09-15 |
2017-08-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the SetDevNames method of the Tidestone Formula One ActiveX control (TTF16.ocx) 6.3.5 Build 1 in Oracle Hyperion Strategic Finance 12.x and possibly earlier allows remote attackers to execute arbitrary code via a long string to the DriverName parameter. |
|
65528 |
CVE-2011-5166 |
119 |
4
|
Exec Code Overflow |
2012-09-15 |
2017-08-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple stack-based buffer overflows in KnFTP 1.0.0 allow remote attackers to execute arbitrary code via a long string to the (1) USER, (2) PASS, (3) REIN, (4) QUIT, (5) PORT, (6) PASV, (7) TYPE, (8) STRU, (9) MODE, (10) RETR, (11) STOR, (12) APPE, (13) ALLO, (14) REST, (15) RNFR, (16) RNTO, (17) ABOR, (18) DELE, (19) CWD, (20) LIST, (21) NLST, (22) SITE, (23) STST, (24) HELP, (25) NOOP, (26) MKD, (27) RMD, (28) PWD, (29) CDUP, (30) STOU, (31) SNMT, (32) SYST, and (33) XPWD commands. |
|
65529 |
CVE-2011-5165 |
119 |
4
|
Exec Code Overflow |
2012-09-15 |
2016-06-15 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wav file. |
|
65530 |
CVE-2011-5164 |
119 |
1
|
Exec Code Overflow |
2012-09-15 |
2012-09-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in VanDyke Software AbsoluteFTP 1.9.6 through 2.2.10 allows remote FTP servers to execute arbitrary code via a crafted file name in a LIST command response. |
|
65531 |
CVE-2011-5163 |
119 |
|
Exec Code Overflow |
2012-09-15 |
2012-12-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in an unspecified third-party component in the Batch module for Schneider Electric CitectSCADA before 7.20 and Mitsubishi MX4 SCADA before 7.20 allows local users to execute arbitrary code via a long string in a login sequence. |
|
65532 |
CVE-2011-5162 |
119 |
1
|
Exec Code Overflow |
2012-09-15 |
2017-08-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in GOM Player 2.1.33.5071 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the "ref href" tag. NOTE: this issue exists because of a CVE-2007-0707 regression. |
|
65533 |
CVE-2011-5161 |
|
1
|
Exec Code |
2012-09-09 |
2017-08-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the patient directory under documents/. |
|
65534 |
CVE-2011-5160 |
79 |
1
|
XSS |
2012-09-09 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter. |
|
65535 |
CVE-2011-5159 |
79 |
|
XSS |
2012-09-09 |
2012-09-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the sub_group parameter, a different vulnerability than CVE-2011-4942. |
|
65536 |
CVE-2011-5158 |
426 |
|
+Priv |
2012-09-07 |
2018-05-23 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and DvInesLogFileViewer.Exe components in DATEV Grundpaket Basis CD23.20 allow local users to gain privileges via a Trojan horse (1) DVBSKNLANG101.dll or (2) DvZediTermSrvInfo004.dll file in the current working directory, as demonstrated by a directory that contains a .dmt, .adl, .c02, .dof, or .jrf file. NOTE: some of these details are obtained from third party information. |
|
65537 |
CVE-2011-5157 |
|
|
+Priv |
2012-09-06 |
2017-08-28 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in Attachmate Reflection before 14.1 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, a related issue to CVE-2011-0107. NOTE: some of these details are obtained from third party information. |
|
65538 |
CVE-2011-5156 |
|
|
+Priv |
2012-09-06 |
2012-09-06 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in Effective File Search 6.7 allows local users to gain privileges via a Trojan horse ztvunrar36.dll file in the current working directory, as demonstrated by a directory that contains a .efs file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
65539 |
CVE-2011-5155 |
|
|
+Priv |
2012-09-06 |
2012-09-06 |
6.3 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
None |
|
Untrusted search path vulnerability in Help & Manual 5.5.1 Build 1296 allows local users to gain privileges via a Trojan horse ijl15.dll file in the current working directory, as demonstrated by a directory that contains a .hmxz, .hmxp, .hmskin, .hmx, .hm3, .hpj, .hlp, or .chm file. NOTE: some of these details are obtained from third party information. |
|
65540 |
CVE-2011-5154 |
|
|
+Priv |
2012-09-06 |
2012-09-06 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and (2) BExAnalyzer.exe in SAP GUI 6.4 through 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .sap file. NOTE: some of these details are obtained from third party information. |
|
65541 |
CVE-2011-5153 |
|
|
+Priv |
2012-09-06 |
2012-09-06 |
6.3 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
None |
|
Untrusted search path vulnerability in FotoSlate 4.0 Build 146 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .plp file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
65542 |
CVE-2011-5152 |
|
|
+Priv |
2012-09-06 |
2012-09-06 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple untrusted search path vulnerabilities in ACDSee Photo Editor 2008 5.x build 291 allow local users to gain privileges via a Trojan horse (1) Wintab32.dll or (2) CV11-DialogEditor.dll file in the current working directory, as demonstrated by a directory that contains a .apd file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
65543 |
CVE-2011-5151 |
|
|
+Priv |
2012-09-06 |
2012-09-06 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in ACDSee Picture Frame Manager 1.0 Build 81 allows local users to gain privileges via a Trojan horse ShellIntMgrPFMU.dll file in the current working directory, as demonstrated by a directory that contains a .jpg file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
65544 |
CVE-2011-5150 |
79 |
|
XSS |
2012-08-31 |
2012-09-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.07 and possibly earlier allow remote attackers or authenticated users to inject arbitrary web script or HTML via the (1) ipaddress or (2) domain parameter to setup-network.php, different vectors than CVE-2011-5149. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
65545 |
CVE-2011-5149 |
79 |
1
|
XSS |
2012-08-31 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) testaddr or (2) testpass parameter to auth-settings.php; (3) hostname, (4) domainname, or (5) mailserver parameter to setup-relay.php; or (6) subnetmask or (7) defaultroute parameter to setup-network.php. |
|
65546 |
CVE-2011-5148 |
|
1
|
Exec Code |
2012-08-31 |
2017-08-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. .php.jpg) extension, then accessing it via a direct request to the file in images/, as exploited in the wild in January 2012. |
|
65547 |
CVE-2011-5147 |
94 |
1
|
|
2012-08-31 |
2013-09-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Static code injection vulnerability in ajax_save_name.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajax_file_cut.php and then to ajax_save_name.php. |
|
65548 |
CVE-2011-5145 |
89 |
|
Exec Code Sql |
2012-08-31 |
2017-08-28 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Multiple SQL injection vulnerabilities in Open Business Management (OBM) 2.4.0-rc13 and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sel_domain_id or (2) action parameter to obm.php; (3) tf_user parameter in a search action to group/group_index.php; (4) tf_delegation, (5) tf_ip, (6) tf_name to host/host_index.php; or (7) lang, (8) theme, (9) cal_alert, (10) cal_first_hour, (11) cal_interval, (12) cal_last_hour, (13) commentorder, (14) csv_sep, (15) date, (16) date_upd, (17) debug_exe, (18) debug_id, (19) debug_param, (20) debug_sess, (21) debug_solr, (22) debug_sql, (23) dsrc, (24) menu, (25) rows, (26) sel_display_days, (27) timeformat, (28) timezone, or (29) todo parameter to settings/settings_index.php. |
|
65549 |
CVE-2011-5144 |
264 |
|
+Info |
2012-08-31 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote attackers to obtain configuration information via a direct request to test.php, which calls the phpinfo function. |
|
65550 |
CVE-2011-5143 |
79 |
|
XSS |
2012-08-31 |
2012-09-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 2.3.20 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tf_name, (2) tf_delegation, and (3) tf_ip parameters to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
