Lucene search
+L

64 matches found

cve
cve
added 2019/04/30 7:40 p.m.44 views

CVE-2019-11614

CVE-2019-11614 refers to a SQL injection in doorGets 7.0, specifically in /doorgets/app/views/ajax/commentView.php. The connected documents confirm a remote, unauthorized attacker could extract sensitive information from the database. The vulnerability is due to improper handling of user-controll...

7.5CVSS7.5AI score0.01518EPSS
Exploits1References1Affected Software1
osv
osv
added 2018/09/24 11:29 p.m.5 views

CVE-2018-11614

This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

8.8CVSS6AI score0.01296EPSS
Exploits0References1
cve
cve
added 2018/09/24 11:0 p.m.57 views

CVE-2018-11614

CVE-2018-11614 affects Samsung Members. The flaw is in Intent handling that allows a reachable-intent to escalate privileges from a low-privilege context. A remote attacker with initial low-privilege code execution can escalate to protected resources. The advisory trail includes ZDI-18-562 and mu...

8.8CVSS8.9AI score0.01296EPSS
Exploits0References1Affected Software1
cve
cve
added 2017/07/25 5:0 p.m.58 views

CVE-2017-11614

CVE-2017-11614 involves MEDHOST Connex hard-coded IBM i DB2 user credentials (HMSCXPDN). The vulnerability arises because the password is embedded in multiple locations in the Connex application and cannot be changed by customers, and the account has elevated DB2 roles enabling access to all obje...

9.8CVSS9.2AI score0.01103EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder