Sql injection

SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

CVE-2015-5023

CVE-2015-5023 : IBM Cúram Social Program Management (SPM) 6.1 is vulnerable to SQL injection. The IBM security bulletin notes that an attacker who is already authenticated and has console access can send specially crafted SQL statements to view, modify, or delete data. Affected version: SPM 6.1 (...

CVE-2015-7402

IBM Cúram Social Program Management 6.1 is affected by CVE-2015-7402 (XSS) due to improper validation of user-supplied input. An already authenticated remote attacker can exploit a specially crafted URL to execute arbitrary script in the victim’s browser within the site’s context, potentially ste...

CVE-2015-7402

Cross-site scripting XSS vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

Multiple Vulnerabilities in the Program Management System of Zhengzhou Wecom Technology Co.

WKM Technology is is a broadband network multimedia application system solutions and equipment providers, system integrators and information service providers, is the Beidou timing application system solutions and equipment providers, the main business of education informatization, party members ...

HackerOne: Team Member███ associated with a Custom Group Created with 'Program Managment' only permissions can Comments on Bug Reports

Hi Team, Legend ====== AppSecBounty = Bug ProgramSandbox Program Hacker1001 = Bug Reporter BugAdmin = Program Admin BugMember = Team Member associated ProgramManagement Group ProgramManagement Group = Custom Group created with "Program Management Permission" Steps: 1. Hacker1001 reports a Bug to...

IBM Cúram Social Program Management SQL注入漏洞

No description provided by source...

IBM Emptoris Strategic Supply Management Platform and Emptoris Program Management Cross-Site Scripting Vulnerability

IBM Emptoris Strategic Supply Management Platform is a strategic supply management solution from IBM that helps organizations maximize cost savings, improve supplier performance and reduce risk. A cross-site scripting vulnerability exists in IBM Emptoris Strategic Supply Management Platform and...

IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management Cross-Site Scripting Vulnerabilities

IBM Emptoris Supplier Lifecycle Management is a suite of supply chain lifecycle management programs from IBM in the United States. A cross-site scripting vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management allows remote attackers to inject arbitrary web...

CVE-2014-6192

Cross-site scripting XSS vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5 before 6.0.5.6, and 6.0.5.5a before 6.0.5.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

CVE-2014-6192

Cross-site scripting XSS vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5 before 6.0.5.6, and 6.0.5.5a before 6.0.5.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

CVE-2014-6192

CVE-2014-6192 affects IBM Cúram Social Program Management (SPM). The vulnerability is an XSS flaw caused by improper validation of user-supplied input, allowing a remote authenticated user to execute script via a crafted URL. Affected versions include: SPM 6.0 SP2 before EP26, 6.0.4 before 6.0.4....

IBM Curam Social Program Management Denial of Service Vulnerability

IBM Curam Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A denial of service vulnerability exists in IBM Curam Social Program Management. An attacker is allowed to exploit this...

IBM Curam Social Program Management (SPM) Cross-Site Request Forgery Vulnerability (CNVD-2015-02805)

IBM Curam Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A cross-site request forgery vulnerability exists in IBM Curam Social Program Management SPM. An attacker is allowed to...

CVE-2014-6090

CVE-2014-6090 affects IBM Cúram SPM (DataMappingEditorCommands, DatastoreEditorCommands, IEGEditorCommands) across multiple versions (5.2 SP6 before EP6; 6.0 SP2 before EP26; 6.0.3/6.0.4/6.0.5 before respective iFix/EP levels). The root cause is CSRF in these servlets, allowing remote attackers t...

CVE-2014-4804

Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page...

CVE-2014-4804

Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page...

CVE-2014-4804

CVE-2014-4804 affects IBM Curam Social Program Management (Cúram SPM) – Curam Universal Access when SPI is enabled. A page with SPI included can allow a remote attacker to obtain sensitive user data. Affected versions include 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5....

Crlf injection

CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when WebSphere Application Server is not used, allows remote authenticated users to inject arbitrary HTTP...

CVE-2014-4803

IBM Cúram Universal Access (part of IBM Cúram Social Program Management) is vulnerable to a CRLF injection when not deployed on WebSphere, due to improper sanitization on a page parameter. A remote authenticated attacker could inject arbitrary HTTP headers and perform HTTP response splitting, pot...