Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for power_iq by raritan

    CVE-2014-9095 (GCVE-0-2014-9095)

    Vulnerability from nvd – Published: 2014-11-26 15:00 – Updated: 2024-08-06 13:33
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://packetstormsecurity.com/files/127525/Rarit… x_refsource_MISC
    http://secunia.com/advisories/60138 third-party-advisoryx_refsource_SECUNIA
    http://seclists.org/fulldisclosure/2014/Jul/79 mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/bid/68722 vdb-entryx_refsource_BID
    Date Public
    2014-07-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:33:13.609Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/127525/Raritan-PowerIQ-Unauthenticated-SQL-Injection.html"
              },
              {
                "name": "60138",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60138"
              },
              {
                "name": "20140717 Raritan PowerIQ v4.10 and v4.2.1 Unauthenticated SQL injection and possible RCE",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2014/Jul/79"
              },
              {
                "name": "68722",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/68722"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-07-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-07T21:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/127525/Raritan-PowerIQ-Unauthenticated-SQL-Injection.html"
            },
            {
              "name": "60138",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60138"
            },
            {
              "name": "20140717 Raritan PowerIQ v4.10 and v4.2.1 Unauthenticated SQL injection and possible RCE",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2014/Jul/79"
            },
            {
              "name": "68722",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/68722"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-9095",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://packetstormsecurity.com/files/127525/Raritan-PowerIQ-Unauthenticated-SQL-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/127525/Raritan-PowerIQ-Unauthenticated-SQL-Injection.html"
                },
                {
                  "name": "60138",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60138"
                },
                {
                  "name": "20140717 Raritan PowerIQ v4.10 and v4.2.1 Unauthenticated SQL injection and possible RCE",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2014/Jul/79"
                },
                {
                  "name": "68722",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/68722"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-9095",
        "datePublished": "2014-11-26T15:00:00.000Z",
        "dateReserved": "2014-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:33:13.609Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-9095 (GCVE-0-2014-9095)

    Vulnerability from cvelistv5 – Published: 2014-11-26 15:00 – Updated: 2024-08-06 13:33
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://packetstormsecurity.com/files/127525/Rarit… x_refsource_MISC
    http://secunia.com/advisories/60138 third-party-advisoryx_refsource_SECUNIA
    http://seclists.org/fulldisclosure/2014/Jul/79 mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/bid/68722 vdb-entryx_refsource_BID
    Date Public
    2014-07-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:33:13.609Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/127525/Raritan-PowerIQ-Unauthenticated-SQL-Injection.html"
              },
              {
                "name": "60138",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60138"
              },
              {
                "name": "20140717 Raritan PowerIQ v4.10 and v4.2.1 Unauthenticated SQL injection and possible RCE",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2014/Jul/79"
              },
              {
                "name": "68722",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/68722"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-07-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-07T21:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/127525/Raritan-PowerIQ-Unauthenticated-SQL-Injection.html"
            },
            {
              "name": "60138",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60138"
            },
            {
              "name": "20140717 Raritan PowerIQ v4.10 and v4.2.1 Unauthenticated SQL injection and possible RCE",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2014/Jul/79"
            },
            {
              "name": "68722",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/68722"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-9095",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://packetstormsecurity.com/files/127525/Raritan-PowerIQ-Unauthenticated-SQL-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/127525/Raritan-PowerIQ-Unauthenticated-SQL-Injection.html"
                },
                {
                  "name": "60138",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60138"
                },
                {
                  "name": "20140717 Raritan PowerIQ v4.10 and v4.2.1 Unauthenticated SQL injection and possible RCE",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2014/Jul/79"
                },
                {
                  "name": "68722",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/68722"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-9095",
        "datePublished": "2014-11-26T15:00:00.000Z",
        "dateReserved": "2014-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:33:13.609Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }