:: Deepquest ::

http://kpp.nfe.go.th/kurd.html notified by 0x1998

Men Salon Management System version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

WordPress Download From Files plugin version 1.48 suffers from a remote shell upload vulnerability.

Apartment Visitor Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for a shell upload.

Active WebCam version 11.5 suffers from an unquoted service path vulnerability.

Purchase Order Management System version 1.0 suffers from a remote shell upload vulnerability.

Facebook ParlAI version 1.0.0 suffers from a deserialization vulnerability that can allow for code execution.

Zenitel AlphaCom XE Audio Server versions up to 11.2.3.10 have a web interface called AlphaWeb XE that allows for a remote shell upload.

Ulfius Web Framework suffers from a remote memory corruption vulnerability. When parsing malformed HTTP requests, a heap-related initialization bug is triggered resulting in a crash in the server or potentially remote code execution with privileges of the running process.

DMA Softlab Radius Manager version 4.4.0 chained exploit written in go that exploits session management and cross site scripting vulnerabilities.