Gachong

**Name of the Vulnerable Software and Affected Versions** Qihoo 360 Total Security version 6.0 **Description** A security flaw exists in the Nucleus Engine Monitoring Logic component. A local attacker can cause the protection mechanism to fail by manipulating the `NetworkAddr` argument within the `RpcStringBindingComposeW()` function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Fees Management System version 1.0 **Description** A remote SQL injection exists in the `/ajax.php` endpoint. This issue occurs when the `Username` argument is manipulated, allowing an attacker to execute arbitrary SQL commands. **Recommendations** Update itsourcecode Fees Management System version 1.0 to a patched version. As a temporary workaround, restrict access to the `/ajax.php` endpoint or sanitize the `Username` parameter to prevent malicious input.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Fees Management System version 1.0 **Description** An issue exists in the `/manage course.php` file where the manipulation of the `ID` argument allows for SQL injection, a technique used to execute malicious SQL statements to control a database server. This attack can be initiated remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.