HTTP Fetch, Linux Command Shell, Bind TCP Inline

Fetch and execute an PPC payload from an HTTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/http/ppc/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show...

TFTP Fetch, Linux Command Shell, Find Port Inline

Fetch and execute an PPC payload from an TFTP server. Spawn a shell on an established connection Module Options msf use payload/cmd/linux/tftp/ppc/shellfindport msf payloadshellfindport show actions ...actions... msf payloadshellfindport set ACTION msf payloadshellfindport show options ...show an...

TFTP Fetch, Linux Command Shell, Bind TCP Inline

Fetch and execute an PPC payload from an TFTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/tftp/ppc/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show...

HTTPS Fetch, Linux Command Shell, Reverse TCP Inline

Fetch and execute an MIPSLE payload from an HTTPS server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/https/ppc/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp sh...

Apache HTTP Server < 2.4.66 SSI Vulnerability - Linux

Apache HTTP Server is prone to a Server Side Includes SSI vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-66431

WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated users to execute arbitrary code as root via domain creation. The attacker needs "Create and manage sites" with "Domains management" and "Subdomains management."...

PT-2025-48434

An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service...

Linux Distros Unpatched Vulnerability : CVE-2025-12893

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usa...

CVE-2025-12893

Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...

Stable Channel Update for Desktop

The Stable channel has been updated to 142.0.7444.175/.176 for Windows and 142.0.7444.176 for Mac and 142.0.7444.175 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and...

IBM Db2 Denial of Service Vulnerability (CNVD-2025-29175)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a...

Stable Channel Update for Desktop

The Stable channel has been updated to 142.0.7444.162/.163 for Windows and 142.0.7444.162 for Mac and 142.0.7444.162 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and...

EUVD-2025-38310

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date...

CVE-2025-33012

CVE-2025-33012 is afflicting IBM Db2 under Linux (10.5.0–10.5.11, 11.1.0–11.1.4.7, 11.5.0–11.5.9, 12.1.0–12.1.3). The IBM bulletin details that an authenticated user could regain access after an account lockout due to password use after expiration. The connected IBM Security Bulletin confirms the...

CVE-2025-33012 IBM Db2 improper account lockout

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date...

ISC BIND DoS Vulnerability (CVE-2025-8677) - Linux

ISC BIND is prone to a denial of service DoS vulnerability via malformed DNSKEY handling. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

ISC BIND Cache Poisoning Vulnerability (CVE-2025-40780) - Linux

ISC BIND is prone to cache poisoning attacks due to a weak Pseudo Random Number Generator PRNG. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

cobbler-file-read-exploit

Cobbler XML-RPC Arbitrary File Read Exploit !Python Version...

EUVD-2019-6811

Malware in sbrugna...

Stable Channel Update for Desktop

The Stable channel has been updated to 141.0.7390.65/.66 for Windows and Mac and 141.0.7390.65 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept...