15 matches found
MiracleLinux 4 : python-sqlalchemy-0.5.5-3.AXS4 (AXSA:2012-366:01)
The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-366:01 advisory. SQLAlchemy is an Object Relational Mappper ORM that provides a flexible, high-level interface to SQL databases. Database and domain concepts are decoupled,...
SUSE CVE-2012-0805
Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the 1 limit or 2 offset keyword to the select function, or unspecified vectors to the 3 select.limit or 4 select.offset function...
Mandriva Linux Security Advisory : python-sqlalchemy (MDVSA-2012:059)
It was discovered that SQLAlchemy did not sanitize values for the limit and offset keywords for SQL select statements. If an application using SQLAlchemy accepted values for these keywords, and did not filter or sanitize them before passing them to SQLAlchemy, it could allow an attacker to perfor...
Fedora Update for python-sqlalchemy0.5 FEDORA-2012-3373
Check for the Version of python-sqlalchemy0.5 OpenVAS Vulnerability Test Fedora Update for python-sqlalchemy0.5 FEDORA-2012-3373 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...
Mandriva Update for python-sqlalchemy MDVSA-2012:059 (python-sqlalchemy)
Check for the Version of python-sqlalchemy OpenVAS Vulnerability Test Mandriva Update for python-sqlalchemy MDVSA-2012:059 python-sqlalchemy Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...
Scientific Linux Security Update : python-sqlalchemy on SL6.x (20120307)
SQLAlchemy is an Object Relational Mapper ORM that provides a flexible, high-level interface to SQL databases. It was discovered that SQLAlchemy did not sanitize values for the limit and offset keywords for SQL select statements. If an application using SQLAlchemy accepted values for these...
CentOS Update for python-sqlalchemy CESA-2012:0369 centos6
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CVE-2012-0805
CVE-2012-0805 concerns SQLAlchemy before 0.7.0b4, where SQL injection can occur via the limit/offset keywords in the select() API (and related functions). The issue affects SQLAlchemy as used by Keystone, enabling remote attackers to execute arbitrary SQL commands and potentially impact databases...
[SECURITY] [DSA 2449-1] sqlalchemy security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2449-1 [email protected] http://www.debian.org/security/ Nico Golde April 12, 2012 http://www.debian.org/security/faq -...
Fedora Update for python-sqlalchemy0.5 FEDORA-2012-3414
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora Update for python-sqlalchemy0.5 FEDORA-2012-3412
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
SQLAlchemy 'limit'和'offset'参数SQL注入漏洞
Bugtraq ID: 52330 CVE ID: CVE-2012-0805 SQLAlchemy是一个Python的SQL工具包以及数据库对象映射框架 通过"limit"和"offset"关键词传递给"select"函数的输入在用于SQL查询之前缺少过滤,攻击者可以利用漏洞进行SQL注入攻击,可获得敏感信息或操作数据库 0 SQLAlchemy 0.7.0 SQLAlchemy 0.6.8 SQLAlchemy 0.6.7 厂商解决方案 SQLAlchemy 0.7.0b已经修复此漏洞,建议用户下载使用: http://www.sqlalchemy.org/...
RHEL 6 : python-sqlalchemy (RHSA-2012:0369)
An updated python-sqlalchemy package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
CentOS 6 : python-sqlalchemy (CESA-2012:0369)
An updated python-sqlalchemy package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
python-sqlalchemy security update
0.5.5-3 - sanitize inputs to limit and offset Resolves: CVE-2012-0805...