VMware vCenter Server version 6.7 authentication bypass exploit.

QuickBox Pro versions 2.1.8 and below suffer from an authenticated remote code execution vulnerability.

Microsoft Windows SMBGhost pre-authentication remote code execution exploit.

This Metasploit module exploits a SQL injection vulnerability found in vBulletin versions 5.6.1 and below. This module uses the getIndexableContent vulnerability to reset the administrator’s password and it then uses…

WordPress BBPress plugin version 2.5 suffers from an unauthenticated privilege escalation vulnerability.

We-Com Municipality Portal CMS version 2.1.x suffers from cross site scripting and remote SQL injection vulnerabilities.

We-Com OpenData CMS version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Avast suffers from an out-of-bounds copy vulnerability in Array.prototype.toString.

This archive contains all of the 166 exploits added to Packet Storm in May, 2020.