64 matches found
CVE-2019-11614
CVE-2019-11614 refers to a SQL injection in doorGets 7.0, specifically in /doorgets/app/views/ajax/commentView.php. The connected documents confirm a remote, unauthorized attacker could extract sensitive information from the database. The vulnerability is due to improper handling of user-controll...
CVE-2018-11614
This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...
CVE-2018-11614
CVE-2018-11614 affects Samsung Members. The flaw is in Intent handling that allows a reachable-intent to escalate privileges from a low-privilege context. A remote attacker with initial low-privilege code execution can escalate to protected resources. The advisory trail includes ZDI-18-562 and mu...
CVE-2017-11614
CVE-2017-11614 involves MEDHOST Connex hard-coded IBM i DB2 user credentials (HMSCXPDN). The vulnerability arises because the password is embedded in multiple locations in the Connex application and cannot be changed by customers, and the account has elevated DB2 roles enabling access to all obje...