This archive contains all of the 193 exploits added to Packet Storm in May, 2017.
26fc166294f508802d9d337041eea7e914e6da3ef5ab631fc1d0144d30fcb790
Piwigo Facetag plugin version 0.0.3 suffers from a remote SQL injection vulnerability.
3f72fcb8ece0adc26b0ccbdbcfeb68fd34b23af7b91df6f5b9dc2fe3a3041a20
OV3 Online Administration version 3.0 suffers from multiple unauthenticated remote SQL injection vulnerabilities.
f4e0ed42c7cdf22bd2a600ec5839995ad5649db85fc9209f988faf25d90d15e1
OV3 Online Administration version 3.0 suffers from an authenticated remote code execution vulnerability.
9b12192c30c33bbae65bf04c6774a126a919f815212c82f293754d45342d964d
OV3 Online Administration version 3.0 suffers from a traversal vulnerability that allows for arbitrary file access.
a392bf3b481a40ea58d1544ce2ba02f18757959c59d6184fa4e3fed5fdca7576
WordPress Simple Slideshow Manager plugin versions 2.2 and below suffer from multiple cross site scripting vulnerabilities.
de8d084a354a9a22976a85a2b82537644cf6619fed4c57ece740d7a79e011e9d
This proof of concept code shows how manager functionality can be abused in ModX CMS to upload a shell.
716aad67ffbd1e03ee636500fb005acbd2d5d6ac6569cc879ee02aa5114964b1
KEMP LoadMaster version 7.135.0.13245 suffers from persistent cross site scripting and remote code execution vulnerabilities.
40a63bf9cbf46ca01a18785c8a019b65341c0efbcd81542b5279e2a98b25ce9c
IBM Informix Dynamic Server suffers from dll injection, PHP code injection, and heap buffer overflow vulnerabilities.
ac5d0ef0f10cad9d7b9a1524abc605c6815ee7dc5254833cf12c5cdbb411f95b
Trend Micro Deep Security version 6.5 suffers from XML external entity injection, local privilege escalation, and remote code execution vulnerabilities.
7734e239114061512b4ac1ebb3b04a639de98f84e9b038a1c584b34f794fd8ce
Microsoft Windows MsMpEng suffers from a saved caller use-after-free vulnerability.
eb08a025f45ed24c82f64c6675c1bb35662e65430180b83f4bb679101ca6fdab
TerraMaster F2-420 NAS TOS version 3.0.30 suffers from an unauthenticated remote root code execution vulnerability.
aec3efc9d8d66284f07bd071e69c63cdec654b577e52326543bbb519412ea907
Microsoft Windows MsMpEng suffers from a remotely exploitable use-after-free vulnerability due to a design issue in the GC engine.
d279bd01ec69e2a865d0f1da9c97d28f84fd74c96f36a4000b1826c9ad115979
uc-httpd suffers from local file inclusion and directory traversal vulnerabilities.
3a341738a708f989775254401f6a4b13470afc5a93121ecd88281080592e613a
Intel SSD Toolbox version 3.4.3 suffers from a dll hijacking vulnerability.
bca118f21515d6e1ab924c929e6631ec6f06fdcdc4033d6b440b013abd6b8660
TiEmu versions 2.08 and below suffer from a stack-based buffer overflow vulnerability.
d7f63f6b109c64688cd679a3e23d920c4c59ac4ddeda65c96a0c42ccd281e329
Ampache version 3.8.2 suffers from a cross site scripting vulnerability.
840c447bd9f09e54a8a47c9e4812cbdacc54fed01861bcaa4abf20e47560f145
CERIO 11nbg 2.4Ghz high power wireless router (pekcmd) has multiple backdoor accounts that yield rootshells.
2134455cc726f1991757dc7605c1ded2b3bb0b429b58b89ceaa328ddd71d91cc
RealPlayer version 18.1.7.344 suffers from memory corruption vulnerabilities.
34735884e57bf041f2ef2d6a51aff4eac035924e94a271abafaa53b0e7f52ed3
This proof of concept code shows how administrator functionality can be abused in Joomla to upload a shell.
87a728b87ac587ae5b8e6ee3b500ceb0624fe986b8ed1bfd032bd116ff3c79a3
MARSAgentInstaller.exe, the Microsoft Azure Recovery Services Agent, suffers from a dll hijacking vulnerability.
c6cd0ae7d7fa40be499d1ccd81b8951142a42e44c1b2be56de288485c5f93f38
This proof of concept code shows how administrative functionality can be abused in DokuWiki to upload a shell.
898865a317bcc77f576b4558759df3d84a4cbe466095de9d767b2e148a4909db
This proof of concept code shows how functionality can be abused in Concrete5 to upload a shell.
d3561f919f95a84828625cf5bd9e0f2bdfc5da586f3e00580cf1cd43a8d35f83
Home FTP Server version 1.14.0 build 176 suffers from a directory traversal vulnerability.
4ec85b5f6b839459802f2de18bcb46d5924e124ebf779e0b6ddcc54ce211c6a5
This Metasploit module can be used to execute a payload on an Octopus Deploy server given valid credentials or an API key. The payload is executed as a powershell script step on the Octopus Deploy server during a deployment.
c4855db7df7cb678dd9da32ffe4ac3575beac9fd02dbc2ba53eb304fca0a4ff7