4 matches found
HTTP Fetch, Hidden Bind Ipknock TCP Stager
Fetch and execute an x86 payload from an HTTP server. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could get your shellcode from any IP. The socke...
HTTP Fetch, Hidden Bind Ipknock TCP Stager
Fetch and execute an x86 payload from an HTTP server. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could get your shellcode from any IP. The socke...
PT-2026-24255
Name of the Vulnerable Software and Affected Versions affected versions not specified Description An issue exists that allows authenticated attackers to execute arbitrary JavaScript code in a victim's browser when the victim hovers over a specially crafted element on a web server containing the...
📄 Cacti Graph Template Authenticated Remote Code Execution
This Metasploit module exploits an authenticated remote code execution vulnerability in Cacti versions prior to 1.2.29. Authenticated users can upload a graph template through the /graphtemplates.php endpoint. The rightaxislabel parameter is vulnerable to code injection, allowing attackers to...