HTTP Fetch, Bind TCP Stager with UUID Support (Windows x86)

Fetch and execute an x86 payload from an HTTP server. Listen for a connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/http/x86/peinject/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf payloadbindtcpuuid show...

HTTP Fetch, Windows Reverse HTTP Stager (winhttp)

Fetch and execute an x86 payload from an HTTP server. Tunnel communication over HTTP Windows winhttp Module Options msf use payload/cmd/windows/http/x86/meterpreter/reversewinhttp msf payloadreversewinhttp show actions ...actions... msf payloadreversewinhttp set ACTION msf payloadreversewinhttp...

HTTP Fetch, Reverse TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker No NX Module Options msf use payload/cmd/windows/http/x86/vncinject/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION msf payloadreversenonxtcp show options...

HTTP Fetch, Reverse TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/meterpreter/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf payloadreversetcprc4 show options ...show an...

HTTP Fetch, Windows Reverse HTTP Stager (wininet)

Fetch and execute an x86 payload from an HTTP server. Tunnel communication over HTTP Windows wininet Module Options msf use payload/cmd/windows/http/x86/vncinject/reversehttp msf payloadreversehttp show actions ...actions... msf payloadreversehttp set ACTION msf payloadreversehttp show options...

HTTP Fetch, Bind TCP Stager (Windows x86)

Fetch and execute an x86 payload from an HTTP server. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/http/x86/peinject/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options... msf...

HTTP Fetch, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)

Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/dllinject/reversetcprc4dns msf payloadreversetcprc4dns show actions ...actions... msf payloadreversetcprc4dns set ACTION msf payloadreversetcprc4dns show options...

HTTP Fetch, Windows Reverse HTTP Stager (wininet)

Fetch and execute an x86 payload from an HTTP server. Tunnel communication over HTTP Windows wininet Module Options msf use payload/cmd/windows/http/x86/dllinject/reversehttp msf payloadreversehttp show actions ...actions... msf payloadreversehttp set ACTION msf payloadreversehttp show options...

HTTP Fetch, Bind TCP Stager (Windows x86)

Fetch and execute an x86 payload from an HTTP server. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/http/x86/dllinject/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options... ms...

HTTP Fetch, Windows shellcode stage, Windows x86 Reverse Named Pipe (SMB) Stager

Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Connect back to the attacker via a named pipe pivot Module Options msf use payload/cmd/windows/http/x86/custom/reversenamedpipe msf payloadreversenamedpipe show actions ...actions... msf payloadreversenamedpipe set ACTI...

HTTP Fetch, Find Tag Ordinal Stager

Fetch and execute an x86 payload from an HTTP server. Use an established connection Module Options msf use payload/cmd/windows/http/x86/dllinject/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show options ...show and set options... msf...

HTTP Fetch, Reverse TCP Stager (IPv6)

Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker over IPv6 Module Options msf use payload/cmd/windows/http/x86/dllinject/reverseipv6tcp msf payloadreverseipv6tcp show actions ...actions... msf payloadreverseipv6tcp set ACTION msf payloadreverseipv6tcp show option...

CVE-2026-34742

The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.0, the Model Context Protocol MCP Go SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with StreamableHTTPHandler or...

K000159875: Apache HTTP Server vulnerability CVE-2025-65082

Security Advisory Description Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HT...

Security Bulletin: IBM HTTP Server is affected by multiple vulnerabilities due to libexpat (CVE-2026-32776, CVE-2026-32777, CVE-2026-32778)

Summary IBM HTTP Server used by IBM WebSphere Application Server is affected by multiple vulnerabilities due to libexpat. Vulnerability Details CVEID:CVE-2026-32776 DESCRIPTION: libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. CWE:CWE-476: NULL...

CLSA-2026-1775033286 Fix CVE(s): CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945

OpenJDK 11.0.30 release, build 7. - CVE-2026-21925: Improve JMX connections - CVE-2026-21932: Enhance handling of URIs AWT/JavaFX - CVE-2026-21933: Improve HttpServer request handling - CVE-2026-21945: Enhance certificate checking - Release notes:...

ALPINE-CVE-2026-21710

A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called on a non-array...

CVE-2026-21710

Summary: CVE-2026-21710 is a denial-of-service-type issue in Node.js HTTP request handling triggered by a header named __proto__ accessed via req.headersDistinct, which can cause an uncaught TypeError and crash the process when dest["proto "] resolves to Object.prototype and .push() is called on ...

CVE-2025-41359

Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable located at 'C:\Program Files x86\shttpsmg\http.exe service'. This misconfiguration allows a local attacker to place a malicious executable with the same name in a higher priority...

EUVD-2025-209051

Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable located at 'C:\Program Files x86\shttpsmg\http.exe service'. This misconfiguration allows a local attacker to place a malicious executable with the same name in a higher priority...