Security Vulnerabilities - CVEs Published In December 2023
An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-12-21
Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-12-21
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_newsauth parameter at /admin/ajax.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-12-21
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_bbsauth parameter at /admin/ajax.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-12-21
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the /update.php?q=quiz resource does not validate the characters received and they are sent unfiltered to the database.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-12-21
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'demail' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-12-21
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the /update.php?q=rmquiz resource does not validate the characters received and they are sent unfiltered to the database.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-12-21
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-12-21
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'ch' parameter of the /update.php?q=addqns resource does not validate the characters received and they are sent unfiltered to the database.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-12-21
Inadequate validation of permissions when employing remote tools and
macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and
earlier permits a user to initiate a connection without proper execution
rights via the remote tools feature. This affects only SQL data sources.
CVSS Score
4.4
EPSS Score
0.001
Published
2023-12-21