This Metasploit module exploits an arbitrary config write/update vulnerability to achieve remote code execution. Unauthenticated users can execute a terminal command under the context of the web server user. Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an […]
WordPress Plugin WP Super Edit 2.5.4 – Remote File Upload
Tags:
0day,
remote exploit
Schlix CMS 2.2.6-6 – Remote Code Execution (Authenticated)
Tags:
0day,
remote exploit
Schlix CMS 2.2.6-6 – ‘title’ Persistent Cross-Site Scripting (Authenticated)
Tags:
0day,
remote exploit
Apple Security Advisory 2021-05-03-2 – iOS 12.5.3 addresses buffer overflow, code execution, integer overflow, and use-after-free vulnerabilities.
Tags:
Apple,
ios,
osx
Apple Security Advisory 2021-05-03-1 – iOS 14.5.1 and iPadOS 14.5.1 addresses code execution and integer overflow vulnerabilities.
Tags:
Apple,
ios,
osx
Apple Security Advisory 2021-05-03-4 – macOS Big Sur 11.3.1 addresses code execution and integer overflow vulnerabilities.
Tags:
Apple,
ios,
osx
Apple Security Advisory 2021-05-03-3 – watchOS 7.4.1 addresses a code execution vulnerability.
Tags:
Apple,
ios,
osx
This archive contains all of the 162 exploits added to Packet Storm in April, 2021.
The Custom JS plugin version 0.1 for GetSimple CMS suffers from a cross site request forgery vulnerability that allows remote unauthenticated attackers to inject arbitrary client-side code into authenticated administrators browsers, which results in remote code execution on the hosting server, when an authenticated administrator visits a malicious third party website.