275 matches found
SQLAlchemy SQL injection
SQL request data is not checked...
[ MDVSA-2012:059 ] python-sqlalchemy
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:059 http://www.mandriva.com/security/ Package : python-sqlalchemy Date : April 16, 2012 Affected: 2011., Enterprise Server 5.0 Problem Description: It was discovered that SQLAlchemy did not sanitize values f...
Debian DSA-2449-1 : sqlalchemy - missing input sanitization
It was discovered that SQLAlchemy, a SQL toolkit and object relational mapper for Python, is not sanitizing input passed to the limit/offset keywords to select as well as the value passed to select.limit/offset. This allows an attacker to perform SQL injection attacks against applications using...
[SECURITY] [DSA 2449-1] sqlalchemy security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2449-1 [email protected] http://www.debian.org/security/ Nico Golde April 12, 2012 http://www.debian.org/security/faq -...
DSA-2449-1 sqlalchemy - missing input sanitization
Bulletin has no description...
[SECURITY] Fedora 15 Update: python-sqlalchemy0.5-0.5.8-9.fc15
SQLAlchemy is an Object Relational Mappper ORM that provides a flexible, high-level interface to SQL databases. Database and domain concepts are decoupled, allowing both sides maximum flexibility and power. SQLAlchemy provides a powerful mapping layer that can work as automatically or as manu all...
SQLAlchemy 'limit'和'offset'参数SQL注入漏洞
Bugtraq ID: 52330 CVE ID: CVE-2012-0805 SQLAlchemy是一个Python的SQL工具包以及数据库对象映射框架 通过"limit"和"offset"关键词传递给"select"函数的输入在用于SQL查询之前缺少过滤,攻击者可以利用漏洞进行SQL注入攻击,可获得敏感信息或操作数据库 0 SQLAlchemy 0.7.0 SQLAlchemy 0.6.8 SQLAlchemy 0.6.7 厂商解决方案 SQLAlchemy 0.7.0b已经修复此漏洞,建议用户下载使用: http://www.sqlalchemy.org/...
CentOS 6 : python-sqlalchemy (CESA-2012:0369)
An updated python-sqlalchemy package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
RHEL 6 : python-sqlalchemy (RHSA-2012:0369)
An updated python-sqlalchemy package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
python security update
CentOS Errata and Security Advisory CESA-2012:0369 An updated python-sqlalchemy package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System...
python-sqlalchemy: SQL injection flaw due to not checking LIMIT input for correct type
Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the 1 limit or 2 offset keyword to the select function, or unspecified vectors to the 3 select.limit or 4 select.offset function...
Moderate: Red Hat Security Advisory: python-sqlalchemy security update
An updated python-sqlalchemy package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
python-sqlalchemy security update
0.5.5-3 - sanitize inputs to limit and offset Resolves: CVE-2012-0805...
[SECURITY] Fedora 16 Update: python-celery-2.2.8-1.fc16
An open source asynchronous task queue/job queue based on distributed message passing. It is focused on real-time operation, but supports scheduling as well. The execution units, called tasks, are executed concurrently on one or more worker nodes using multiprocessing, Eventlet or gevent. Tasks c...
[SECURITY] Fedora 15 Update: python-celery-2.2.8-1.fc15
An open source asynchronous task queue/job queue based on distributed message passing. It is focused on real-time operation, but supports scheduling as well. The execution units, called tasks, are executed concurrently on one or more worker nodes using multiprocessing, Eventlet or gevent. Tasks c...