Moist

**Name of the Vulnerable Software and Affected Versions** Tenda CX12L version 16.03.53.12 **Description** A stack-based buffer overflow can be triggered remotely via the Wi-Fi Schedule Configuration Endpoint. The issue exists within the `setSchedWifi()` function located in the `/goform/openSchedWifi` file. This occurs when the `schedStartTime` or `schedEndTime` arguments are manipulated. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Class and Exam Timetabling System version 1.0 **Description** An SQL injection issue exists in the `/archive1.php` endpoint. This occurs when the `sy` argument is manipulated, allowing for remote exploitation. SQL injection is a technique where an attacker inserts malicious SQL code into a query, potentially allowing them to read or modify data within the database. **Recommendations** Update SourceCodester Class and Exam Timetabling System version 1.0 to a patched version. As a temporary workaround, restrict access to the `/archive1.php` file or avoid using the `sy` parameter until a fix is applied.

**Name of the Vulnerable Software and Affected Versions** Tenda CX12L version 16.03.53.12 **Description** A stack-based buffer overflow occurs in the Wi-Fi Configuration Endpoint. This issue is triggered by manipulating the `ssid` argument within the `form fast setting wifi set()` function located in the '/goform/fast setting wifi set' file. This flaw allows for remote attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Class and Exam Timetabling System version 1.0 **Description** An SQL injection issue exists that can be initiated remotely. The flaw is located in an unknown function within the '/archive5.php' endpoint, where manipulation of the `sy` argument allows for the execution of arbitrary SQL commands. **Recommendations** Update SourceCodester Class and Exam Timetabling System version 1.0 to a patched version. As a temporary workaround, restrict access to the '/archive5.php' endpoint or avoid using the `sy` parameter until a fix is applied.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Class and Exam Timetabling System version 1.0 **Description** A security flaw allows for remote SQL injection, which is a technique where an attacker inserts malicious SQL code into a query to manipulate a database. The issue exists in the file '/archive4.php' through the manipulation of the `sy` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Class and Exam Timetabling System version 1.0 **Description** An issue exists in the file '/archive3.php' where manipulation of the `sy` argument allows for SQL injection, a technique used to interfere with the queries that an application makes to its database. This attack can be initiated remotely. **Recommendations** Update SourceCodester Class and Exam Timetabling System version 1.0 to a patched version. As a temporary workaround, restrict access to the '/archive3.php' file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Class and Exam Timetabling System version 1.0 **Description** An issue exists in the file '/archive2.php' where improper handling of the `sy` argument allows for SQL injection. This allows a remote attacker to manipulate database queries. SQL injection is a technique where an attacker inserts malicious SQL code into a query, potentially allowing them to view, modify, or delete data from the database. **Recommendations** Update SourceCodester Class and Exam Timetabling System version 1.0 to a patched version. As a temporary workaround, restrict access to the '/archive2.php' file or avoid using the `sy` parameter until a fix is applied.

**Name of the Vulnerable Software and Affected Versions** Tenda HG7HG9 (affected versions not specified) Tenda HG10 300001138 en xpon (affected versions not specified) **Description** A stack-based buffer overflow can be triggered remotely via the `formDOMAINBLK` function located in the `/boaform/formDOMAINBLK` file. This occurs when the `blkDomain` argument is manipulated. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda HG7HG9 and HG10 (affected versions not specified) **Description** A stack-based buffer overflow can be triggered remotely within the Web Management Interface. The issue exists in the `asp voip OtherSet()` function located in the `/boaform/voip other set` file, specifically when manipulating the `funckey transfer` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.