HTTP Fetch, Windows shellcode stage, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)

Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/custom/reversetcprc4dns msf payloadreversetcprc4dns show actions ...actions... msf payloadreversetcprc4dns set ACTION msf...

HTTP Fetch, Windows shellcode stage, Reverse UDP Stager with UUID Support

Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/http/x86/custom/reverseudp msf payloadreverseudp show actions ...actions... msf payloadreverseudp set ACTION msf payloadreverseud...

HTTP Fetch, Reverse All-Port TCP Stager

Fetch and execute an x86 payload from an HTTP server. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options msf use payload/cmd/windows/http/x86/dllinject/reversetcpallports msf payloadreversetcpallports show actions ...actions... msf payloadreversetcpallports...

HTTP Fetch, DNS TXT Record Payload Download and Execution

Fetch and execute an x86 payload from an HTTP server. Performs a TXT query against a series of DNS records and executes the returned x86 shellcode. The DNSZONE option is used as the base name to iterate over. The payload will first request the TXT contents of the a hostname, followed by b, then c...

HTTP Fetch, Bind TCP Stager (Windows x86)

Fetch and execute an x86 payload from an HTTP server. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/http/x86/dllinject/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options... ms...

HTTP Fetch, Windows Reverse HTTP Stager (wininet)

Fetch and execute an x86 payload from an HTTP server. Tunnel communication over HTTP Windows wininet Module Options msf use payload/cmd/windows/http/x86/dllinject/reversehttp msf payloadreversehttp show actions ...actions... msf payloadreversehttp set ACTION msf payloadreversehttp show options...

HTTP Fetch, Windows shellcode stage, Windows x86 Reverse Named Pipe (SMB) Stager

Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Connect back to the attacker via a named pipe pivot Module Options msf use payload/cmd/windows/http/x86/custom/reversenamedpipe msf payloadreversenamedpipe show actions ...actions... msf payloadreversenamedpipe set ACTI...

HTTP Fetch, Bind TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTP server. Listen for a connection No NX Module Options msf use payload/cmd/windows/http/x86/dllinject/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf payloadbindnonxtcp show options ...show and set...

HTTP Fetch, Find Tag Ordinal Stager

Fetch and execute an x86 payload from an HTTP server. Use an established connection Module Options msf use payload/cmd/windows/http/x86/dllinject/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show options ...show and set options... msf...

HTTP Fetch, Reverse TCP Stager (IPv6)

Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker over IPv6 Module Options msf use payload/cmd/windows/http/x86/dllinject/reverseipv6tcp msf payloadreverseipv6tcp show actions ...actions... msf payloadreverseipv6tcp set ACTION msf payloadreverseipv6tcp show option...

HTTP Fetch, Windows shellcode stage, Windows Reverse HTTPS Stager (wininet)

Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Tunnel communication over HTTPS Windows wininet Module Options msf use payload/cmd/windows/http/x86/custom/reversehttps msf payloadreversehttps show actions ...actions... msf payloadreversehttps set ACTION msf...

CVE-2026-34742

The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.0, the Model Context Protocol MCP Go SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with StreamableHTTPHandler or...

CVE-2026-34742

The CVE-2026-34742 entry concerns the Model Context Protocol (MCP) Go SDK. Prior to version 1.4.0, an HTTP-based MCP server running on localhost without authentication did not enable DNS rebinding protection by default, allowing a malicious website to bypass same-origin policy and send requests t...

EUVD-2026-18428

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing loop when appending segmented request bodies without continuous write‑boundary verification, due to insufficient boundary validation when handling externally supplied HTTP input. An...

EUVD-2026-18436

A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion performed during normalization. An attacker on the adjacent...

CVE-2026-34124

A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion performed during normalization. An attacker on the adjacent...

CVE-2026-34119

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing loop when appending segmented request bodies without continuous write‑boundary verification, due to insufficient boundary validation when handling externally supplied HTTP input. An...

CVE-2026-34121

An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthenticated attacker can append an...

CVE-2026-34715

Vulnerability: ewe (Gleam web server) prior to 3.0.6 allows HTTP header injection via encode_headers in src/ewe/internal/encoder.gleam. The function directly interpolates response header keys and values into raw HTTP bytes without validating or stripping CRLF sequences, so user-controlled data (e...

CVE-2026-34124

TP-Link Tapo C520WS v2.6 contains a DoS in HTTP path parsing: the raw request path length is restricted but path expansion during normalization is not accounted for, enabling adjacent-network attackers to craft requests that may cause buffer overflow and memory corruption, potentially interruptin...