IBM Planning Analytics has an unspecified vulnerability (CNVD-2021-61430)

IBM Planning Analytics is a business planning and analysis solution from IBM Corporation. The solution supports automated execution of business planning, budgeting, and analysis processes.A security vulnerability exists in the Planning Analytics spreadsheet service component of IBM Planning...

CVE-2021-29739

IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. X-Force ID: 198846...

CVE-2021-29739

IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. X-Force ID: 198846...

Information disclosure

IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. X-Force ID: 198846...

CVE-2021-29739

IBM Planning Analytics Local 2.0 is affected by CVE-2021-29739 in the Planning Analytics Spreadsheet Services component, where returning a stack trace in a browser could disclose sensitive information to a remote attacker. Public documentation across multiple sources (NVD entry; CNVD/CNNVD entrie...

U.S. Dept Of Defense: System Error Reveals SQL Information

Hello, While testing your program i came across an endpoint that is leaking sql errors and queries from on of your websites. I use the following google dork to detect this: site:████████ "sql error" Endpoints leaking data: https://www.██████/██████████ https://www.███████/███ Some of the errors...

Preventing path disclosure in file upload functionality and Page export for security purposes

h3. Issue Summary While performing the file upload vulnerability test in confluence application, we are able to identify the sensitive path disclosure in following cases. • When we attached some malicious file and tried to downloading all attachments. • When we uploaded malicious file and tried t...

Heap-based Buffer Overflow in squell/id3

✍️ Description Hello! We compiled id3 from commit 857ac8 with Clang-13 + ASan, and we discovered a crafted file which triggers a negative-size-param and a heap-buffer-overflow with a READ of size 40987248. But for the purposes of this report, we are going to look at the heap-buffer-overflow, as it...

Heap-based Buffer Overflow in squell/id3

✍️ Description While testing id3 built from commit 0de713 with Clang 13 +ASan on Ubuntu 20.04.2, we discovered a POC which triggers a heap-buffer-overflow in tag::unbinarize. This particular flaw was discovered with the help of honggfuzz. 🕵️‍♂️ Proof of Concept echo...

IBM Cognos Analytics Information Disclosure Vulnerability (CNVD-2021-38672)

IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. IBM Cognos Analytics suffers fr...

CVE-2019-4722

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128...

CVE-2019-4722

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128...

Information disclosure

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128...

CVE-2019-4722

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128...

CVE-2019-4722

Summary of CVE-2019-4722 (IBM Cognos Analytics): IBM Cognos Analytics 11.0 and 11.1 contain an information-disclosure vulnerability that allows a remote attacker to obtain sensitive information via a stack trace, caused by mishandling certain error conditions. Public sources in the connected data...

IBM Cognos Analytics 信息泄露漏洞

IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. IBM Cognos Analytics suffers fr...

in utmsigep/member-directory

✍️ Description Entering unintended values during the member creation flow causes unusual database state, unhandled exceptions/stack trace disclosure and denial of service due to continuous page crashes. 🕵️‍♂️ Proof of Concept - Select a member-status/group - Create New Member - Enter an invalid...

Security Bulletin: Multiple vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology

Summary There are multiple vulnerabilities in the IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management CLM, Rational DOORS Next Generation RDNG, Rational Engineering Lifecycle Manager RELM, Rational Team Concert RTC, Rational Quality Manager RQM,...

Adding an extra forward slash '/' in the download attachment URL results in a stack trace.

h3. Issue Summary Adding an extra forward slash '/' in the download attachment URL results in a stack trace. h3. Steps to Reproduce Append an extra slash to a download attachment URL, similar to this: code:java http://:///download/attachments code h3. Expected Results A 'page not found', 404 or...

Adding an extra forward slash '/' in the download attachment URL results in a stack trace.

h3. Issue Summary Adding an extra forward slash '/' in the download attachment URL results in a stack trace. h3. Steps to Reproduce Append an extra slash to a download attachment URL, similar to this: code:java http://:///download/attachments code h3. Expected Results A 'page not found', 404 or...