Guotingting

**Name of the Vulnerable Software and Affected Versions** UTT 进取 520W version 1.7.7-180627 **Description** A flaw exists in the `strcpy` function within the /goform/APSecurity file. Manipulation of the `wepkey1` argument can lead to a buffer overflow, potentially allowing for remote attacks. The exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UTT 进取 520W version 1.7.7-180627 UTT 512W (affected versions not specified) **Description** A flaw exists in the `strcpy()` function within the software. This issue stems from insufficient input validation during buffer copying, specifically when handling the `importpictureurl` argument. Successful exploitation allows a remote attacker to trigger a buffer overflow. The vulnerability is present in the file `/goform/formPictureUrl`. The exploit is publicly available. Reports indicate offensive activities targeting this vulnerability. **API Endpoints** /goform/formPictureUrl **Vulnerable Parameters or Variables** `importpictureurl` **Recommendations** UTT 进取 520W version 1.7.7-180627: At the moment, there is no information about a newer version that contains a fix for this vulnerability. UTT 512W: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UTT 进取 520W version 1.7.7-180627 **Description** A security issue exists in UTT 进取 520W version 1.7.7-180627. The `strcpy` function within the `/goform/formConfigNoticeConfig` file is susceptible to a buffer overflow when the `timestart` argument is manipulated. This allows for remote exploitation of the system. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UTT 进取 512W version 1.7.7-171114 **Description** A flaw exists in UTT 进取 512W version 1.7.7-171114. The `strcpy` function within the file `/goform/formFtpServerDirConfig` is susceptible to a buffer overflow when the `filename` argument is manipulated. This allows for remote exploitation of the issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UTT 进取 512W version 1.7.7-171114 **Description** A flaw exists in UTT 进取 512W 1.7.7-171114 that allows remote attackers to trigger a buffer overflow. The issue is located in the `strcpy` function within the `/goform/formFtpServerShareDirSelcet` file. Manipulation of the `oldfilename` argument can lead to the overflow. The exploit for this issue is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: itsourcecode Project Expense Monitoring System version 1.0 Description: A critical issue was found in the Backend Login component of the itsourcecode Project Expense Monitoring System. The manipulation of the `user` argument in the login1.php file leads to SQL injection. This issue can be exploited remotely. Recommendations: For itsourcecode Project Expense Monitoring System version 1.0, as a temporary workaround, consider restricting access to the login1.php file until a patch is available. Avoid using the `user` argument in the affected Backend Login component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: itsourcecode Project Expense Monitoring System version 1.0 Description: A critical issue has been identified, affecting an unknown functionality of the file execute.php. The manipulation of the `code` argument leads to sql injection. This issue can be exploited remotely. Recommendations: For itsourcecode Project Expense Monitoring System version 1.0, consider disabling the execute.php file or restricting access to it until a patch is available. Avoid using the `code` argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: itsourcecode Project Expense Monitoring System version 1.0 Description: A critical vulnerability has been found in the itsourcecode Project Expense Monitoring System. This issue affects an unknown part of the file `transferred report.php`. The manipulation of the arguments `start`, `end`, and `employee` leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Recommendations: For itsourcecode Project Expense Monitoring System version 1.0, consider disabling the `transferred report.php` file or restricting access to it until a patch is available. As a temporary workaround, avoid using the arguments `start`, `end`, and `employee` in the affected file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: itsourcecode Project Expense Monitoring System version 1.0 Description: A critical issue affects some unknown functionality of the file print.php. The manipulation of the `map id` argument leads to SQL injection. This issue can be exploited remotely. The exploit has been disclosed publicly. Recommendations: For itsourcecode Project Expense Monitoring System version 1.0, consider disabling the `print.php` file or restricting access to it until a patch is available. As a temporary workaround, avoid using the `map id` argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: itsourcecode Project Expense Monitoring System version 1.0 Description: A critical vulnerability was found in the itsourcecode Project Expense Monitoring System. This issue affects the file printtransfer.php and is related to the manipulation of the `transfer id` argument, leading to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Recommendations: For itsourcecode Project Expense Monitoring System version 1.0, consider restricting access to the printtransfer.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the `transfer id` argument in the affected file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.