This Metasploit module exploits an arbitrary config write/update vulnerability to achieve remote code execution. Unauthenticated users can execute a terminal command under the context of the web server user. Grav…
WordPress Plugin WP Super Edit 2.5.4 – Remote File Upload
Schlix CMS 2.2.6-6 – Remote Code Execution (Authenticated)
Schlix CMS 2.2.6-6 – ‘title’ Persistent Cross-Site Scripting (Authenticated)
Apple Security Advisory 2021-05-03-2 – iOS 12.5.3 addresses buffer overflow, code execution, integer overflow, and use-after-free vulnerabilities.
Apple Security Advisory 2021-05-03-1 – iOS 14.5.1 and iPadOS 14.5.1 addresses code execution and integer overflow vulnerabilities.
Apple Security Advisory 2021-05-03-4 – macOS Big Sur 11.3.1 addresses code execution and integer overflow vulnerabilities.
Apple Security Advisory 2021-05-03-3 – watchOS 7.4.1 addresses a code execution vulnerability.
This archive contains all of the 162 exploits added to Packet Storm in April, 2021.
The Custom JS plugin version 0.1 for GetSimple CMS suffers from a cross site request forgery vulnerability that allows remote unauthenticated attackers to inject arbitrary client-side code into authenticated administrators…