Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Malicious code in evm-checkcode-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67c49d35b6096e7c647d830c11a75a90f1bd3b90677f1c72d1bdefcd87b134e8 The package evm-checkcode-cli was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-198836

Malicious code in evm-checkcode-cli npm...

MAL-2025-190841 Malicious code in evm-checkcode-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67c49d35b6096e7c647d830c11a75a90f1bd3b90677f1c72d1bdefcd87b134e8 The package evm-checkcode-cli was found to contain malicious code. Source: ghsa-malware...

Magento XXE Unserialize Arbitrary File Read

This module exploits a XXE vulnerability in Magento 2.4.7-p1 and below which allows an attacker to read any file on the system. Module Options msf use auxiliary/gather/magentoxxecve202434102 msf auxiliarymagentoxxecve202434102 show actions ...actions... msf auxiliarymagentoxxecve202434102 set...

LG Simple Editor Remote Code Execution Exploit

This Metasploit module exploits broken access control and directory traversal vulnerabilities in LG Simple Editor software for gaining code execution. The vulnerabilities exist in versions of LG Simple Editor prior to v3.21. By exploiting this flaw, an attacker can upload and execute a malicious...

TerraMaster TOS 4.2.06 - Unauthenticated Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "TerraMaster TOS 4.2.06 - Unauthenticated Remote Code Execution", 'Description' = %q This module exploits a unauthenticated command execution...

Login to Another User with Su on Linux / Unix Systems

This module attempts to create a new login session by invoking the su command of a valid username and password. If the login is successful, a new session is created via the specified payload. Because su forces passwords to be passed over stdin, this module attempts to invoke a psuedo-terminal wit...

CVE-2018-14940

PHPCMS 9 allows remote attackers to cause a denial of service resource consumption via large fontsize, height, and width parameters in an api.php?op=checkcode request...

CVE-2018-14940

PHPCMS 9 allows remote attackers to cause a denial of service resource consumption via large fontsize, height, and width parameters in an api.php?op=checkcode request...

CVE-2018-14940

PHPCMS 9 is affected by CVE-2018-14940 where remote attackers can trigger a denial of service by sending oversized font_size, height, and width values to api.php?op=checkcode. The connected sources reiterate the same description and CVSS data (NVD), with no concrete remediation details provided i...

Code injection

wancms 1.0 through 5.0 allows remote attackers to cause a denial of service resource consumption via a checkcode aka verification code URI in which the values of fontsize, width, and height are large numbers...

CVE-2018-14596

wancms 1.0 through 5.0 allows remote attackers to cause a denial of service resource consumption via a checkcode aka verification code URI in which the values of fontsize, width, and height are large numbers...

HPE iMC - dbman 'RestartDB' Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HPE iMC dbman RestartDB Unauthenticated RCE', 'Description' = %q This module exploits a remote command execution vulnerablity in Hewlett Packard...

NodeJS Debugger Command Injection Exploit

This Metasploit module uses the "evaluate" request type of the NodeJS V8 debugger protocol version 1 to evaluate arbitrary JS and call out to other system commands. The port default 5858 is not exposed non-locally in default configurations, but may be exposed either intentionally or via...

F5 iControl - Remote Command Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "F5 iControl Remote Root Command Execution", 'Description' = %q This module exploits an authenticated remote command execution...

SAP ConfigServlet Remote Unauthenticated Payload Execution

No description provided by source. require 'msf/core' class Metasploit3 Msf::Exploit Rank = GreatRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStagerVBS def initializeinfo = superupdateinfoinfo, 'Name' = 'SAP ConfigServlet Remote Code Execution', 'Description' = %q Thi...

Serv-U FTPD MDTM Overflow

No description provided by source. $Id: servumdtm.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

AjaXplorer checkInstall.php Remote Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'AjaXplorer checkInstall.php Remote...

AjaXplorer checkInstall.php Remote Command Execution

This module exploits an arbitrary command execution vulnerability in the AjaXplorer 'checkInstall.php' script. All versions of AjaXplorer prior to 2.6 are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...