This archive contains all of the 166 exploits added to Packet Storm in May, 2020.
a6359e27ffd6427602b7529507292b2724470653202c67ec9232ae110d2e766d
WordPress BBPress plugin version 2.5 suffers from an unauthenticated privilege escalation vulnerability.
721ba0e3478ef95b7a328c53b4993c0adc41d6f9a6ebe6837319e50d98f45d75
Crystal Shard http-protection version 0.2.0 suffers from an IP spoofing bypass vulnerability.
5541826f04a3a19d5af667dd573923bfd3ca06a9c8ea0aac07e7a6742fd3ff60
WordPress Multi-Scheduler plugin version 1.0.0 suffers from a cross site request forgery vulnerability.
99dbc846378685b2323c34771392c6ef834d8a9183459926257b3a17519139d8
Various PanaceaSoft products appear to suffer from a shell upload vulnerability.
e7ff3b66bb7350d5b9bc20efd9077e3228ee400411b82793b4fee4a799111543
This Metasploit module exploits a command execution in Pi-Hole versions 4.3.2 and below. A new DHCP static lease is added with a MAC address which includes a remote code execution issue.
359e5af00d21f40799f66c4def97b9142ec248ec7b78fc2f54d6c7286881fa62
The Firefox content processes do not sufficiently lockdown access control which can result in a sandbox escape.
5ab57ea898f6984a1d902219e6b5dad81c2a3fda15ddd5b7b3e8b94690951fda
QNAP QTS and Photo Station version 6.0.3 suffers from a remote command execution vulnerability.
604298053dafd0abe28f387617874da35d43eb2b5d986c0ce5674a7007367477
Online-Exam-System 2015 suffers from a remote SQL injection vulnerability.
30a65160caaf9089ecbac10698104fa0f25786673eeeb5312507f56693b83bcb
EyouCMS version 1.4.6 suffers from a persistent cross site scripting vulnerability.
c1633e096fd7ffb684c4d315be68aa3c97f84fe185e74fb5e0c5a8b58ee5307b
NOKIA VitalSuite SPM 2020 suffers from a remote SQL injection vulnerability.
4b2f2f524685c71ebbea6918e30aab44516bbaa3ba7628233adfab36ee03593b
osTicket version 1.14.1 has been found to be susceptible to multiple additional persistent cross site scripting vulnerabilities.
ece38dfe0b78b4d12c78d458561067a0b97f2949cd82f199e0d6a0061f46a19d
LimeSurvey version 4.1.11 suffers from a persistent cross site scripting vulnerability.
30d939865abf87145843d253320e96f1e28e072f156c8b7e3c9cd97c71aed39a
Online Marriage Registration System version 1.0 suffers from a persistent cross site scripting vulnerability.
b4d0b82fba85f8a8973f9fe62363f2806a31a82d14033ccbff285549f14b1403
Kuicms PHP EE version 2.0 suffers from a persistent cross site scripting vulnerability.
e82f65400279306185606f0ab6e762f70da91a5cbfb2959d9f562424a6066f8f
Pi-hole version 4.4.0 suffers from a remote code execution vulnerability.
c7a92f42c54992e326709bf0e3e1ed94ba5f65503d1d8babc2253d1fecbc3a84
StreamRipper32 version 2.6 buffer overflow proof of concept exploit.
0feb3156390b780f200e8dc706a07d595728f4cfc309e6bd7ab831b37f8ed532
WordPress Drag and Drop File Upload Contact Form plugin version 1.3.3.2 suffers from a remote shell upload vulnerability.
36da7f722845fbc942179b4637fb9e3df8d66888734d49a9f4a425645863787a
BIND TSIG denial of service exploit.
d5de081d8f074ab17f17ab3bb8bf92ccf47e34c228b15fc1557bfc3b911a004c
OXID eShop version 6.3.4 suffers from a remote SQL injection vulnerability.
7bb1a3bc51aaedfe1571b18d845e37fc1d0c2f4b394f2096ba120ca3f34672b7
This Metasploit module exploits a command execution vulnerability in Pi-Hole versions 3.3 and below. When adding a new domain to the whitelist, it is possible to chain a command to the domain that is run on the OS.
cfc36a06914072c52416ddfd61eac6960d61e2221a60fe7ace44ef28f80b6a52
Joomla XCloner Backup version 3.5.3 suffers from a local file disclosure vulnerability.
ef04c92567e5b156450ea7e6559a869a0534f1b915695f0224bd3b46fda6017f
OpenEMR versions prior to 5.0.1 suffer from a remote code execution vulnerability.
cef69fb8f736848a842b3b4f42a6007301ace4c581b4522cb7c84afa0d549868
Online Discussion Forum Site version 1.0 suffers from a remote code execution vulnerability.
ea586a27eb02fa39a4fd1a1dcfa0e3c62879ba0256ca8bfaf808b8fd2aa7e17f
Victor CMS version 1.0 suffers from an add_user persistent cross site scripting vulnerability.
af2d44af85919ce3ff7507d9ddeb9effeb9185aebb9e00c04d9f22a22b331924