CVE-2026-9097 CVE-2026-9097

Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken function in object/tokenoauth.go validates the JWT signature and parses its claims, but never queries the Token table to verify whether the subject token has been revok...

CVE-2025-9097

A vulnerability was found in Euro Information CIC banque et compte en ligne App 12.56.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.cicprod.bad. The manipulation leads to improper export of android application...

CVE-2025-9097 Euro Information CIC banque et compte en ligne App com.cic_prod.bad AndroidManifest.xml improper export of android application components

A vulnerability was found in Euro Information CIC banque et compte en ligne App 12.56.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.cicprod.bad. The manipulation leads to improper export of android application...

ManageEngine Endpoint Central 11.3.2428.x <= 11.3.2428.01, 11.3.2440.x <= 11.3.2440.0 Insecure Direct Object References

The version of ManageEngine Endpoint Central installed on the remote Windows host is either prior to 11.3.2428.26 or prior to 11.3.2440.09. It is,therefore, affected by an insecure direct object references vulnerability. For more information, consult the vendor advisory. Note that Nessus has not...

CVE-2024-9097

ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat...

CVE-2024-9097 IDOR

ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat...

CVE-2024-9097

Summary: CVE-2024-9097 affects ManageEngine Endpoint Central before 11.3.2440.09. The vulnerability is an insecure direct object reference (IDOR) that allows an attacker to change a user’s name in chat. The issue is present in the endpoint central desktop management system (Host/Chat component) a...

CVE-2017-9097

creationtimestamp| type| source ---|---|--- 2021-08-26 07:07:08+00:00| seen| MISP/07999c91-f34e-40d0-9807-b49414a5f070 2024-11-14 06:09:47+00:00| seen| MISP/bfc4948d-6571-4c25-9918-6c8f47ca4b6a...

CVE-2019-9097

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A high rate of transit traffic may cause a low-memory condition and a denial of service...

CVE-2019-9097

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A high rate of transit traffic may cause a low-memory condition and a denial of service...

CVE-2019-9097

CVE-2019-9097 affects Moxa MB3xxx Protocol Gateways (MB3170/MB3270 before 4.1, MB3280/MB3480 before 3.1, MB3660 before 2.3, MB3180 before 2.1). The issue is an overload from high transit traffic that can exhaust memory and cause a denial of service. The Tenable OT plugin and CVE overview describe...

CVE-2019-9097

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A high rate of transit traffic may cause a low-memory condition and a denial of service...

CVE-2017-9097

CVE-2017-9097 (Anti-Web LFI) is an LFI vulnerability affecting Anti-Web versions up to 3.8.7 on NetBiter FGW200 (up to 3.21.2), WS100 (up to 3.30.5), EC150 (up to 1.40.0), WS200 (up to 3.30.4), EC250 (up to 1.40.0), and related products. The issue allows a remote attacker to read or modify files ...

CVE-2015-9097

The CVE-2015-9097 entry affects the Ruby mail gem (aka A Really Ruby Mail Library) prior to 2.5.5. The vulnerability is a SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands, demonstrated by CRLF sequences around a DATA substring. This is a concrete vulnerability in the mai...

CVE-2016-9097

The Symantec Advanced Secure Gateway ASG 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only acce...

CVE-2016-9097

The CVE-2016-9097 issue affects Symantec ProxySG and Advanced Secure Gateway (ASG) management consoles. Root cause: improper user authorization allowing a read-only administrator to access read-write functionality. Affected versions and fixes are documented: ASG 6.6 prior to 6.6.5.8 requires upgr...

CVE-2015-9097 rubygem-mail: SMTP injection via recipient email addresses

The mail gem before 2.5.5 for Ruby aka A Really Ruby Mail Library is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring...

Wordpress Video Gallery Plugin SQL Injection (CVE-2014-9097)

An SQL injection vulnerability has been reported in Wordpress Video Gallery Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

CVE-2014-9097

CVE-2014-9097 involves multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5. The issues allow (1) remote attackers to execute arbitrary SQL via vid in myextract action to wp-admin/admin-ajax.php, (2) remote authenticated users to run SQL v...