This archive contains all of the 151 exploits added to Packet Storm in May, 2016.
7d1ae806d142e11adfdc4a4c72908bb6e3fb61700b07a9e91c2c3a795ab21e8f
CMSimple versions 4.6.2 and below suffer from a cross site scripting vulnerability.
81de68bdf9a7b279cdc44cfd72219c6809d4b4491086e1b683f57281cbc6f591
Relay Ajax Directory Manager versions relayb01-071706, 1.5.1, and 1.5.3 suffer from an unauthenticated file upload vulnerability that can result in a shell upload.
86f16a585b31311d54705ed9a9f89e3e7f9a9f7fb81cc770e74eb4ff7bc82dbc
Websockify versions 0.8.0 and below suffer a buffer overflow vulnerability that allows for remote code execution.
caea35c7d2790c9ab4ea828774b280bdbc0c89b8236bbec43cd1a0bed3e1876f
PRTG Network Monitor version 14.4.12.3282 suffers from an XML eXternal Entity expansion vulnerability.
41babc73fc9bda76f17c48714fa073370cc3e8261d71210d28b3b5a3b479575f
ProcessMaker version 3.0.1.7 suffers from cross site request forgery and cross site scripting vulnerabilities.
3a93fa579b0acb61f85260e2bf41982d4ffb8418eb1a4ab73d10041be2d5b819
Konica Minolta FTP Utility version 1.0 CWD command SEH buffer overflow exploit.
5fb3c4082734b2bea7d205e6e01eaf8eae340d8653251aa86db8fe5c587c8f88
FlatPress version 1.0.3 suffers from cross site request forgery and remote shell upload vulnerabilities.
d278db65414293aefea2af73e991df9eb2374b5d235dccdc7abb5847713bb09e
Lorex LH162400 DVR firmware version 5.2.0-20141008 has a hard-coded administrative backdoor credential.
e8f13a783ea42627048c1254e1521e597f8febb49cdc37b444c32eeec559dc49
Publisher in Microsoft Office 2010 suffers from three denial of service vulnerabilities that can result in a crash.
92d4806502ddbfb861c44b73ab19354dd02252559e04a185f6e8ea97c63c7f33
Microsoft Internet Explorer divide by zero proof of concept denial of service exploit.
0e70e4c082f946f359c63b9b6a4e594dc50965980351a81ff1b82297a5f7c2e7
Open Source Real Estate Script version 3.6.0 suffers from a remote SQL injection vulnerability.
bb88bb3834dcbef9cdc1902fa62ffb25bab0923b51d5eb8cbcd4182e4ab4c649
Process Hacker suffers from a DLL hijacking vulnerability.
93e511472b88d8d215a59cb6899d94b2f2f2c90b30be52cea4866c56a3d6e291
MySQL Procedure Analyse denial of service exploit that affects versions up to 5.5.45.
d572109b0189ecd815c569ad47520780444acf35842b036897634bb7c97017fb
The login page of the Citrix Netscaler Gateway web front-end is vulnerable to a DOM-based cross site scripting (XSS) vulnerability due to improper sanitization of the content of the "NSC_TMAC" cookie.
a907282e85cbd46ffd00df290cafdd51155648f582be3aa5b66d82cc3e3fbe7b
PHP Real Estate Script version 4.9.0 suffers from a remote SQL injection vulnerability.
a3d0e8975de183eab61fd4e51fae11a0ffdb9ee0737e12c2b4f7dffaac28a836
Joomla Simple Calendar component version 0.7.6b suffers from a remote SQL injection vulnerability.
909535d927b0a5f9ec70c23acbde120032291e1894baa58b23ed8900b178752e
Versions 2.9.36 to 2.9.42 of the Ninja Forms plugin contain an unauthenticated file upload vulnerability, allowing guests to upload arbitrary PHP code that can be executed in the context of the web server.
cc15398ab11d0e8cb5fd8ef9052046e7b29bea4c4d0c3133e418bc99ac79897b
Micro Focus Rumba+ version 9.4 suffers from multiple stack buffer overflow vulnerabilities.
b06940b609cc3f264b437346350d607cf47b03cc6ffea20d742ff4e2f5a403fb
Real Estate Portal version 4.1 suffers from multiple persistent cross site scripting vulnerabilities.
132b0a88c9bf85e088ae6a14d8bc97646acfe63f65b9b9e78602d0d7fc6e2ff9
Real Estate Portal version 4.1 suffers from a remote code execution vulnerability via a remote shell upload.
ee40d9bcfcc0351770d9249cb68627f2796fa878c95e2755270299d38b835caa
EduSec version 4.2.5 suffers from multiple remote SQL injection vulnerabilities.
ae2fb04d350828c0760dafcadaba1d40df871f24f55e80016a0916e53bf4cf74
HP Data Protector version A.09.00 suffers from an arbitrary command execution vulnerability.
d3f1ffffb6eef9ed7cc7377227cb355ba26d3c2faa89427fe68466377916027e
Graphite2 suffers from multiple heap-based out-of-bounds reads in NameTable::getName.
92ab9355abc4162c25a4e991f02a788212ed2613a916de8407f6e25cdf93f470
Graphite2 suffers from a heap-based over-read in TtfUtil::CmapSubtable4NextCodepoint.
98cd8ac56c6af770b144124e7601583c8dd096fb701d50c77d5360b3bb28df8e