:: Deepquest ::

Student Management System 1.0 – SQLi Authentication Bypass

TestLink 1.19 – Arbitrary File Download (Unauthenticated)

Employees Daily Task Management System 1.0 – ‘username’ SQLi Authentication Bypass

Chikitsa Patient Management System 2.0.2 – ‘backup’ Remote Code Execution (RCE) (Authenticated)

Chikitsa Patient Management System 2.0.2 – Remote Code Execution (RCE) (Authenticated)

Simple Online Men’s Salon Management System version 1.0 appears to suffer from a time-based remote SQL injection vulnerability.

HCL Lotus Notes version 12 suffers from an unquoted service path vulnerability.

Microsoft Internet Explorer suffers from an active-x related bypass vulnerability. Microsoft will not address the issue as it is end of life.

Croogo version 3.0.2 suffers from an authenticated remote code execution vulnerability.

RedTeam Pentesting discovered a vulnerability in the web-based configuration management interface of the Auerswald COMfortel 1400 and 2600 IP desktop phones. The vulnerability allows accessing configuration data and settings in the web-based management interface without authentication. Versions 2.8F and below are affected.