Oracle iPlanet Web Server 7.0.x - Image Injection

Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. id: CVE-2020-9314 info: name: Oracle iPlanet Web Server 7.0.x - Image Injection author:...

ECHO-9984-9314-DB21

Bulletin has no description...

MAL-2025-9314 Malicious code in @sellerly-kit/theme-sellerly (npm)

The package @sellerly-kit/theme-sellerly was found to contain malicious code...

CVE-2020-9314

PRODUCT NOT SUPPORTED WHEN ASSIGNED Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. NOTE: a related support policy can be found in the...

CVE-2019-9314

In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112329563...

Dahua Security NVR NVR50XX, NVR52XX, NVR54XX, and NVR58XX Improper Authentication (CVE-2017-9314)

Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DHNVR5xxxEngPV2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message. This plugin only works with...

CVE-2024-9314

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted input 'setredirections' function. This makes it possible for authenticated attackers, with...

WordPress Rank Math SEO Plugin <= 1.0.228 is vulnerable to PHP Object Injection

Software Rank Math SEO Type Plugin Vulnerable versions = 1.0.228 Fixed in 1.0.229 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-9314 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID d4844a229841 Credits Leo Required privilege Administrator...

Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2022-9314)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-9314 advisory. - netfilter: nftables: initialize registers in nftdochain Pablo Neira Ayuso Orabug: 34012925 CVE-2022-1016 - btrfs: unlock newly allocated extent buffe...

Oracle Linux 6 : dhcp (ELSA-2021-9314)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-9314 advisory. 12:4.1.1-63.P1.0.2 - Added dhcp-4.1.1-P1-CVE-2021-25217.patch Orabug: 33005948 Tenable has extracted the preceding description block directly from the Oracle...

Unpatched Bugs in Oracle iPlanet Open Door to Info-Disclosure, Injection

A pair of vulnerabilities in Oracle’s iPlanet Web Server have been disclosed that can lead to sensitive data exposure and image injections onto web pages if exploited. However, no patch is forthcoming for either flaw. The bugs CVE-2020-9315 and CVE-2020-9314 are specifically found in the web...

CVE-2020-9314

creationtimestamp| type| source ---|---|--- 2020-05-11 16:22:37+00:00| seen| https://t.me/techpwnews/623 2020-05-11 17:02:10+00:00| seen| https://t.me/thebugbountyhunter/4239 2020-05-11 22:32:31+00:00| seen| https://t.me/cibsecurity/11996 2020-05-12 11:45:03+00:00| seen|...

CVE-2020-9314

PRODUCT NOT SUPPORTED WHEN ASSIGNED Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. NOTE: a related support policy can be found in the...

CVE-2020-9314

CVE-2020-9314 affects Oracle iPlanet Web Server 7.0.x. The issue is described as image injection in the Administration console via the productNameSrc parameter to an admingui URI, arising from an incomplete fix for CVE-2012-0516. It is part of a pair with CVE-2020-9315; while CVE-2020-9314 enable...

CVE-2019-9314

In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112329563...

CVE-2019-9314

CVE-2019-9314 affects Android 10 in the libavc component, where a missing variable initialization leads to remote information disclosure. The issue can be exploited without privileges via a network vector, but requires user interaction to trigger. The exploit details, affected versions beyond And...

CVE-2015-9314

creationtimestamp| type| source ---|---|--- 2019-08-14 18:28:25+00:00| seen| https://t.me/cibsecurity/6132...

CVE-2015-9314

The CVE-2015-9314 entry concerns the WordPress plugin NewStatPress, affected versions prior to 1.0.4. The vulnerability is an XSS issue tied to the Referer header, impacting the plugin’s handling of HTTP Referer data. Several connected sources corroborate the same flaw (XSS related to Referer hea...

Zoho ManageEngine ServiceDesk Plus Local File Inclusion Vulnerability

ZOHO ManageEngine ServiceDesk Plus SDP is the United States ZhuoHao ZOHO company's set of ITIL-based architecture of IT service management software. The software integrates incident management, problem management, asset management IT project management, procurement and contract management and oth...

CVE-2017-9376

ManageEngine ServiceDesk Plus is affected by CVE-2017-9376 via a Local File Inclusion (LFI) in the defModule parameter of DefaultConfigDef.do and AssetDefaultConfigDef.do. Affected software versions are SDP before 9314; the issue arises from insufficient input validation, enabling an attacker to ...