This archive contains all of the 198 exploits added to Packet Storm in May, 2019.
490fbfb7755aa8f7ee0ae2db30c12aaad16abb21c56e2242ac881491a795644f
Shopware version 5.5.6 suffers from multiple cross site scripting vulnerabilities.
eb25c1077ef6a645db6b377e7b7a016595162543b874efa6accee2d46294a0ee
The ZyXEL P-660HN-T1 V2 rpWLANRedirect.asp page is missing authentication and discloses an administrator password.
cd8bb7af8822a1c75ff1134d8c9adce8d94144c9aa905f9b2571d26b3cd740ee
Microsoft Windows Remote Desktop BlueKeep denial of service exploit.
12f1ce90327e477e2b6666c24b8434b49b8d09e8fc972915cbc601e0c5244dff
Serv-U FTP Server version 15.1.6.25 suffers from a local privilege escalation vulnerability via authentication bypass.
9520e5100bd633aacd33186e92020821a17ae8024fc9d8d2d19c57caa1bceb16
Due to storing passwords in a recoverable format on Siemens LOGO! 8 PLCs, an attacker can gain access to configured passwords as cleartext.
bf19d9111516d40322d38739d39310498750019c2b579269ac24b9a2f7e683b3
Due to storing passwords in a recoverable format on Siemens LOGO! 8 PLCs, an attacker can gain access to configured passwords as cleartext.
95e944e33b6b49156158226e4700374427c35dfaaa04a226bf39cb8debb11f9a
Due to the use of a hard-coded cryptographic key, an attacker can put the integrity and confidentiality of encrypted data of all Siemens LOGO! 8 PLCs using this key at risk, for instance decrypting network communication during a man-in-the-middle attack.
fd53041141c43f3ef168910c3f5306ea1625eb1f860ca0581cc979bff7758f8c
The Qualcomm Android kernel suffers from a use-after-free vulnerability via an incorrect set_page_dirty() in KGSL.
d1eaf5eaeeac362ce563227b34a9b558decbd017fd35378e6adfac048ff8284f
Microsoft Windows suffers from a deployment service local privilege escalation vulnerability that bypasses the fix for CVE-2019-0841.
caaa2612710f8787fcf3720235ce07701e951b4de14708d2dd49578f5a204107
Free SMTP Server version 2.5 denial of service proof of concept exploit.
2849f3a8ffc6d468cc077bf5e6488730c5fd8b2595cf64a3bcd27c0e10c7df75
WordPress WPAds plugin version 1.0 suffers from an open redirection vulnerability.
4291a6c8d7d95463d91e19f7103924f208da8f7166bce7ff3d32b3eaa1f737c3
WordPress Nya-Comment-DoFollow plugin version 1.0 suffers from an open redirection vulnerability.
e6176a5a85376661135d3c377baab7c52eec225e5a784b2c6b883549d135f226
pfSense version 2.4.4-p3 with ACMEPackage version 0.5.7_1 suffers from a persistent cross site scripting vulnerability.
2cd8d35a1df97b628a3715b79cd50b0ba64578d7266d3a4f9fa2b30053971fa7
VFront version 0.99.5 suffers from a persistent cross site scripting vulnerability.
19ea0e081b2e83830a6b066096c11d04dcc0acec966ec97d6377681e36ca6c9b
VFront version 0.99.5 suffers from multiple reflective cross site scripting vulnerabilities.
0d216805ffd29114e6cd997888f40343e29ba2dc8cd90edfb1e67454e391efa7
Phraseanet DAM versions prior to 4.0.7 suffer from a cross site scripting vulnerability.
166ef462121e291f4d59faf8c6bdd8b7ee79a5052d276c5dcd95b72688d80a88
Petraware pTransformer ADC versions prior to 2.1.7.22827 suffer from a remote SQL injection vulnerability that allows for login bypass.
be5cf0e4686ee81291a49394c74a1db3d5f2794df10cc646e837e51258c6be83
EquityPandit version 1.0 suffers from a password disclosure vulnerability.
649dff8b67659a326f609de4bbb014349e6ad8991c8d9fb2adbe102234e64654
Spidermonkey IonMonkey can, during a bailout, leak an internal JS_OPTIMIZED_OUT magic value to the running script. This magic value can then be used to achieve memory corruption.
21e617fce84dfd81b604a208a22a2b6eddb28a37714ca8e794f2f450afc722a0
Typora version 0.9.9.24.6 suffers from a directory traversal vulnerability.
d701e0872d46eff9fc856c8428a213430d7d1c726d700916ecbb1772e5e4f60e
Kanboard version 1.2.7 suffers from a cross site scripting vulnerability.
a58b7d6eeb41ea41e14a67f936e8739705bd08162e668835de7bf2b9bb704ad7
Deltek Maconomy version 2.2.5 suffers from a local file inclusion vulnerability.
f2cecf22cbc31eab8ed4e6c44b59435d507f9fbc96f52b16c9d342cea5cf19d5
MacOS X versions 10.14.5 and below suffer from a Gatekeeper bypass vulnerability.
76e6187e250514c50b8fb1fa0a230303592e3a59928db823711053d46ba942c4
Joomla Attachments component version 3.x suffers from a remote file upload vulnerability.
d5cf192e5152e876357d03867d1696944ce222fb9fd6fc28bbda9eb210bdfcec