Duxinxing

**Name of the Vulnerable Software and Affected Versions** UTT HiPER 2620G versions through 3.1.4 **Description** A flaw exists in UTT HiPER 2620G up to version 3.1.4. The `strcpy` function within the `/goform/fNTP` file is susceptible to a buffer overflow when the `NTPServerIP` argument is manipulated. This issue can be exploited remotely. The exploit for this issue has been publicly disclosed. The vendor was informed about the disclosure but did not respond. **Recommendations** Versions prior to 3.1.4 should be updated. As a temporary workaround, consider restricting access to the `/goform/fNTP` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** code-projects E-Commerce Website version 1.0 **Description** A SQL injection issue exists due to the manipulation of the `order id` argument. This affects an unknown function within the `/pages/edit order details.php` file. The attack can be launched remotely, and the exploit is publicly available. **Recommendations** Sanitize the `order id` input to prevent SQL injection in the `/pages/edit order details.php` file.

**Name of the Vulnerable Software and Affected Versions** Campcodes Online Recruitment Management System version 1.0 **Description** A critical vulnerability exists in Campcodes Online Recruitment Management System. The vulnerability is a SQL injection that affects an unknown functionality of the file `/admin/ajax.php?action=save recruitment status`. Manipulation of the `ID` argument can lead to successful exploitation, and the attack can be launched remotely. The exploit has been publicly disclosed. **Recommendations** Campcodes Online Recruitment Management System version 1.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.