:: Deepquest ::

Ntpd versions ntp-4.2.6p5 and below ctl_putdata() buffer overflow exploit.

Manage Engine OPutils version 8.0 suffers from an authorization bypass vulnerability due to a missing function level access control.

smbgrind.exe suffers from a buffer overflow vulnerability.

Microsoft afd.sys version 6.1.7600.16385 suffers from a dangling pointer privilege escalation vulnerability. This exploit demonstrates the vulnerability discussed in MS14-040.

phpMyBackupPro version 2.5 suffers from multiple cross site scripting vulnerabilities.

phpMyBackupPro version 2.5 suffers from a remote shell upload vulnerability.

phpMyBackupPro version 2.5 suffers from remote command execution and cross site request forgery vulnerabilities.

TOTVS RM PORTAL suffers from multiple cross site scripting vulnerabilities. The vendor has not responded to reports.

Redaxo CMS version 5.0.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

Remote unauthenticated attackers are able to read arbitrary data from other HTTP sessions because Ignition uses a vulnerable Jetty server. When the Jetty web server receives a HTTP request, the below code is used to parse through the HTTP headers and their associated values. Inductive Automation versions 7.8.1 (b2016012216) and 7.8.0 (b2015101414) are affected.