This archive contains all of the 282 exploits added to Packet Storm in May, 2018.
04933a411b50a008b68e42c5b64c7618d95389f005dc2bd14803fe6400d304d7
Quest KACE System Management Appliance version 8.0 (Build 8.0.318) suffers from code execution, cross site scripting, path traversal, remote SQL injection, and various other vulnerabilities.
fd18c79b0364edc307ae0073788f224ea5fd016ba9223e6018267eb9911d3f41
This Metasploit module will bypass UAC on Windows 8-10 by hijacking a special key in the Registry under the Current User hive, and inserting a custom command that will get invoked when any binary (.exe) application is launched. But slui.exe is an auto-elevated binary that is vulnerable to file handler hijacking. When we run slui.exe with changed Registry key (HKCU:\Software\Classes\exefile\shell\open\command), it will run our custom command as Admin instead of slui.exe. The module modifies the registry in order for this exploit to work. The modification is reverted once the exploitation attempt has finished. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting the payload in a different process.
52eae7699fd217998bd9f71d972ca94c711fbd59761cf10ee7f2ba42b345263e
Quest DR Series Disk Backup Software version 4.0.3 suffers from multiple code execution vulnerabilities.
e313c1bcf4d85337e78155dc912283a22293cddaadd03f8b4acb51929c7e6e8c
PageKit CMS version 1.0.13 suffers from a cross site scripting vulnerability.
159b4f9b84d35d3f6a1f5d3bf55f4ab55a5d7c9402cba628709a4c7655460b17
TAC Xenta 511 and 911 suffer from a credential disclosure vulnerability.
90952fc563068e757f870ef57c9c2fb11c036d0d9a431a036bcc222061093dcc
New STAR version 2.1 suffers from cross site scripting and remote SQL injection vulnerabilities.
942f181d2cef121670ac4505bb620b06890b8ed43bc51798794f718651dabde2
PHP Dashboards NEW version 5.5 suffers from a remote SQL injection vulnerability.
3a0a42771f077f731c8acfd860f24ce43b9da0dd368e67e85cd17bf005c119b5
CSV Import and Export version 1.1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
08bf99e3c3d9f328e9bffab76058387d5d908cb206308aad51b9c5313e0d68f3
Grid Pro Big Data version 1.0 suffers from a remote SQL injection vulnerability.
b1a5b6b5ec54dcb35948fe2e94789131e2272e1fcfa3162ded64b1df27330a98
Chitasoft version 3.6.2 suffers from a remote SQL injection vulnerability.
b8e6ee3398abdd19039b38944eaffefcc4f40997b47c4b627b90f1c62624af70
Brother HL-L2340D and HL-L2380DW suffer from a cross site scripting vulnerability.
619bdaaa6484db813096e9f60d0936c2648c7b469e6a7525ec8533294ee85f8a
AXON PBX version 2.02 suffers from a cross site scripting vulnerability.
04a666c41333b5f3a6da50e9ea1dbdebeff05424793da848b007b56096f2c465
AXON PBX version 2.02 suffers from a DLL hijacking vulnerability.
c680c40bb9644184c45d660a62e2391edc86949192449483678e312f79d2cc46
Microsoft Edge Chakra suffers from an issue where EntrySimpleObjectSlotGetter can have side effects that cause a type confusion vulnerability.
dac02c231e7c37da88c204ab8918570d1df7d88c3ea07b2805f9d5afd9081f44
Yosoro version 1.0.4 suffers from a remote code execution vulnerability.
7ebfcb5f927d2791d4ad3186d92053dff609b0e0eae2397210d02318bce6c105
GNU Barcode version 0.99 suffers from a memory leak vulnerability.
9168ddd45efc4cc42aff07ec7a49258b7cb156acba0d7c06c76bf35c9ae2d1bc
Siemens SIMATIC S7-300 CPU suffers from a denial of service vulnerability.
afae74f6c927aaed832e67208dcc0484a377f93c907966f4d2b1a577e4eb09d5
SearchBlox version 8.6.6 suffers from a cross site request forgery vulnerability.
25278c33e75a22e31d96f8b4e5718da4dbacdb00597fb469fef40a4f0f09c1d9
IBM QRadar SIEM versions prior to 7.3.1 Patch 3 or 7.2.8 Patch 28 suffer from authentication bypass, code execution, and privilege escalation vulnerabilities.
09d2ce6f6bb5af6c230e14fb58055683cecf02e7b8d5fa6519e44d12f4118a15
GNU Barcode version 0.99 suffers from a buffer overflow vulnerability.
fbe0caf709c2a729a4f377d31d01707a6ff4588d473c3a49a7b628fb46d5df69
Vgate iCar2 WiFi OBD2 dongles suffer from having unprotected wifi access and unencrypted data transfer mechanisms alongside unauthenticated access to on-board diagnostics.
bd3bbe4b860b8670cff9df02a11d912d9ac2b5fc349324356a7837a8af5e447b
Facebook Clone Script version 1.0.5 suffers from a remote SQL injection vulnerability.
ff6ad977b79f5bc8eace2a2ced9ade0801422fd985e70ee4e78b1a0a47435eef
The foilChat backend fails to prevent brute force attempts of the PIN code. An attacker can attempt all 10000 different PIN codes until the correct one is found, and then use the correct PIN to complete the registration.
a7b76e238cdcac06ca5048bc7322bc06668b0a3e78ef4545e1699f1b0c8f632f
Pivotal Spring Java Framework versions 5.0.x and below suffer from a remote code execution vulnerability.
087734b5669bd630cd35fdbf2949d5549fe449eabe22b9c19c3956d3e1cd2462