Lucene search
K

17053 matches found

BDU FSTEC
BDU FSTEC
added yesterday18 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

10CVSS7.2AI score0.00709EPSS
Exploits1References11Affected Software9
BDU FSTEC
BDU FSTEC
added yesterday10 views

The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager lies in the lack of a mechanism for verifying input data during backup scenarios. This allows a malicious actor to execute arbitrary code with SYSTEM privileges.

The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager is related to deficiencies in the mechanism for verifying input data during backup scenario execution. Exploiting this vulnerability could allow an attacker, operating...

9.1CVSS6.1AI score0.00625EPSS
Exploits0References2Affected Software1
Metasploit
Metasploit
added yesterday11 views

FTP Fetch, Windows x86 Bind Named Pipe Stager

Fetch and execute an x86 payload from an FTP server. Listen for a pipe connection Windows x86 Module Options msf use payload/cmd/windows/ftp/x86/dllinject/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf payloadbindnamedpipe show options...

6.2AI score
Exploits0
Metasploit
Metasploit
added yesterday8 views

FTP Fetch, Bind TCP Stager (Windows x86)

Fetch and execute an x86 payload from an FTP server. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/ftp/x86/meterpreter/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options... ms...

6.2AI score
Exploits0
Metasploit
Metasploit
added yesterday8 views

FTP Fetch, Windows x64 Pingback, Reverse TCP Inline

Fetch and execute an x64 payload from an FTP server. Connect back to attacker and report UUID Windows x64 Module Options msf use payload/cmd/windows/ftp/x64/pingbackreversetcp msf payloadpingbackreversetcp show actions ...actions... msf payloadpingbackreversetcp set ACTION msf...

6.2AI score
Exploits0
Metasploit
Metasploit
added yesterday10 views

FTP Fetch, Reverse TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an FTP server. Connect back to the attacker No NX Module Options msf use payload/cmd/windows/ftp/x86/peinject/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION msf payloadreversenonxtcp show options ...sh...

6.2AI score
Exploits0
Metasploit
Metasploit
added yesterday9 views

FTP Fetch, Windows x64 Command Shell, Bind TCP Inline

Fetch and execute an x64 payload from an FTP server. Listen for a connection and spawn a command shell Windows x64 Module Options msf use payload/cmd/windows/ftp/x64/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show...

6.2AI score
Exploits0
Metasploit
Metasploit
added yesterday8 views

FTP Fetch, Linux Command Shell, Find Port Inline

Fetch and execute an x64 payload from an FTP server. Spawn a shell on an established connection Module Options msf use payload/cmd/linux/ftp/x64/shellfindport msf payloadshellfindport show actions ...actions... msf payloadshellfindport set ACTION msf payloadshellfindport show options ...show and...

6.2AI score
Exploits0
Metasploit
Metasploit
added yesterday7 views

FTP Fetch, Linux Command Shell, Bind TCP Inline (IPv6)

Fetch and execute a x86 payload from an FTP server. Listen for a connection over IPv6 and spawn a command shell Module Options msf use payload/cmd/linux/ftp/x86/shellbindipv6tcp msf payloadshellbindipv6tcp show actions ...actions... msf payloadshellbindipv6tcp set ACTION msf payloadshellbindipv6t...

6.2AI score
Exploits0
Metasploit
Metasploit
added yesterday7 views

FTP Fetch, Linux Command Shell, Reverse TCP Stager

Fetch and execute an MIPSLE payload from an FTP server. Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/cmd/linux/ftp/mipsle/shell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show...

6.2AI score
Exploits0
Metasploit
Metasploit
added yesterday8 views

FTP Fetch, Bind TCP Stager (Linux x86)

Fetch and execute a x86 payload from an FTP server. Listen for a connection Linux x86 Module Options msf use payload/cmd/linux/ftp/x86/meterpreter/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options... msf...

6.2AI score
Exploits0
Metasploit
Metasploit
added yesterday8 views

FTP Fetch, Linux Chmod

Fetch and execute an RISC-V 32-bit payload from an FTP server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/ftp/riscv32le/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set...

6.2AI score
Exploits0
Metasploit
Metasploit
added yesterday7 views

FTP Fetch

Fetch and execute an MIPSLE payload from an FTP server. Module Options msf use payload/cmd/linux/ftp/mipsle/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and set...

6.2AI score
Exploits0
Nuclei
Nuclei
added yesterday14 views

DELMIA Apriso - Command Injection

An Improper Control of Generation of Code code injection / file upload → RCE vulnerability affecting DELMIA Apriso Release 2020 → Release 2025. When an authenticated user can upload files and the upload handler fails to canonicalize filenames or enforce storage restrictions, an attacker may place...

8CVSS6.8AI score0.76148EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday115 views

MajorDoMo thumb.php - OS Command Injection

MajorDoMo aka Major Domestic Module before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager. id: CVE-2023-50917 info: name: MajorDoMo thumb.php - OS Command Injection author: DhiyaneshDK severity: critical...

9.8CVSS7.3AI score0.38263EPSS
Exploits6References5
Nuclei
Nuclei
added yesterday27 views

Apache Unomi <1.5.2 - Remote Code Execution

Apache Unomi allows conditions to use OGNL and MVEL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process. This vulnerability affects all versions of Apache Unomi prior to 1.5.2. id:...

9.8CVSS7.3AI score0.68398EPSS
Exploits9References5
Nuclei
Nuclei
added yesterday103 views

Spring Cloud Gateway Code Injection

Applications using Spring Cloud Gateway prior to 3.1.1+ and 3.0.7+ are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote...

10CVSS7.4AI score0.98253EPSS
Exploits54References5
Nuclei
Nuclei
added yesterday41 views

Cuppa CMS v1.0 - Authenticated Local File Inclusion

The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using function parameter value as LFI payload. id: CVE-2022-37191 info: name: Cuppa CMS v1.0 - Authenticated Local File Inclusion author: theamanrawat...

6.5CVSS6.7AI score0.02497EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday122 views

Advantech R-SeeNet 2.4.12 - OS Command Injection

Advantech R-SeeNet 2.4.12 is susceptible to remote OS command execution via the ping.php script functionality. An attacker, via a specially crafted HTTP request, can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering...

10CVSS7.4AI score0.69631EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday25 views

Evertz SDVN 3080ipx-10G - Unauthenticated Arbitrary Command Injection

The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among...

9.3CVSS6.2AI score0.74535EPSS
Exploits0References1
Rows per page
Query Builder