Red Hat Security Advisory 2019-1734-01 - ironic-inspector is an auxiliary service for discovering hardware properties for a node managed by Ironic. Hardware introspection or hardware properties discovery is a process of getting hardware parameters required for scheduling from a bare metal node, given its power management credentials. Issues addressed include a remote SQL injection vulnerability.
f14a4783841d7f70b8405d02f25fb3b2Red Hat Security Advisory 2019-1722-01 - OpenStack Bare Metal is a tool used to provision bare metal machines. It leverages common technologies such as PXE boot and IPMI to cover a wide range of hardware. It also supports pluggable drivers to allow added, vendor-specific, functionality. Issues addressed include a remote SQL injection vulnerability.
19f6f48945ac32596aaaeaa96d41d2a5Karenderia CMS version 5.3 suffers from multiple remote SQL injection vulnerabilities.
80a6a13572da60c85a440a69f4e15049Red Hat Security Advisory 2019-1669-01 - Nodes managed by Ironic may use the ironic-inspector auxiliary service to discover hardware properties. Hardware introspection or hardware properties discovery is a process of getting hardware parameters required for scheduling from a bare metal node, given its power management credentials. Issues addressed include a remote SQL injection vulnerability.
ca185105db80cc82a2e077cd2a610687sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
cd65484226ad4921628244949633a2ecCarpool Web App version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
6edd1438af37859e1ce2eb61fcd190ccPremier Ilan Scripti version 1 suffers from a remote SQL injection vulnerability.
5133a7c95d32dec7583964b929bc752bVarient version 1.6.1 suffers from a remote SQL injection vulnerability.
a4160d292e9d5d7d06f1ff23e1f04972CiuisCRM version 1.6 suffers from a remote SQL injection vulnerability.
af32a6fd91e10147f1286a7c79defe39WorkSuite PRM version 2.4 suffers from a remote SQL injection vulnerability.
b77d744a922161347a67139b950c7346dotProject version 2.1.9 suffers from multiple remote SQL injection vulnerabilities.
5a2091b567087cd399ac27529bcb8e97AZADMIN CMS of HIDEA version 1.0 suffers from a remote SQL injection vulnerability.
6f69a1be162649ddd72862f5fe462234WebERP version 4.15 suffers from a remote SQL injection vulnerability.
524d1daaacb783fe4a7ce99fe97b305dSahi Pro version 8.x suffers from a remote SQL injection vulnerability.
350236181f3a06f7a7dc8a93983f94f4WebLord WL-Nuke Coppermine for PHP-Nuke version 1.3.1c suffers from a remote SQL injection vulnerability.
3f432015c33a468b733bff06ec61ce49Dell KACE System Management Appliance (SMA) versions prior to 9.0.270 patch SEC2018_20180410 suffers from cross site scripting and remote SQL injection vulnerabilities.
95a9e29ea8274badbf0a67c97cfc3239sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
4e843f114bcb2edfd2870c05f95800b1Petraware pTransformer ADC versions prior to 2.1.7.22827 suffer from a remote SQL injection vulnerability that allows for login bypass.
fdacd40b7f995ee16e885b9b75ab2e78Nagios XI version 5.6.1 suffers from a remote SQL injection vulnerability.
6a81223d724b2e54b0d9646abba4f855Slims CMS Akasia version 8.3.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
b206a2df6f22213d6d130b50f86b3892phpKF version 1.10 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
795ed99fa78d642c4fd08d6d72e99027Freelance Cockpit CRM version 3.3.1 suffers from a remote SQL injection vulnerability.
9517e26f9795d2d12180dbcabcd3756fHorde Webmail version 5.2.22 suffers from code execution, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
3a2774bb8454eb33abd06b33e79cff19Red Hat Security Advisory 2019-1243-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 74.0.3729.131. Issues addressed include an out of bounds access vulnerability.
14e6469ced70fcd2aa7d284a1b2f671aDeepSound version 1.0.4 suffers from a remote SQL injection vulnerability.
272ca755b02cce7ffe2c54fdb2b651d1
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed