PHP Exec, PHP Meterpreter, Bind TCP Stager

Execute a PHP payload as an OS command from a Posix-compatible shell. Run a meterpreter server in PHP. Listen for a connection Module Options msf use payload/cmd/unix/php/meterpreter/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show option...

FoxCMS 安全漏洞

FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS company. A security vulnerability exists in FoxCMS v1.2.5, which originates from improper handling of the executeCommand method in DataBackup.php, which may lead to SQL injection attacks...

Exploit for Code Injection in Langflow

CVE-2025-3248-POC POC of CVE-2025-...

TFTP Fetch, Linux Execute Command

Fetch and execute an MIPSBE payload from a TFTP server. A very small shellcode for executing commands. This module is sometimes helpful for testing purposes. Module Options msf use payload/cmd/linux/tftp/mipsbe/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf...

HTTP Fetch, Linux Execute Command

Fetch and execute an MIPSLE payload from an HTTP server. A very small shellcode for executing commands. This module is sometimes helpful for testing purposes as well as on targets with extremely limited buffer space. Module Options msf use payload/cmd/linux/http/mipsle/exec msf payloadexec show...

HTTPS Fetch, Linux Execute Command

Fetch and execute an MIPSBE payload from an HTTPS server. A very small shellcode for executing commands. This module is sometimes helpful for testing purposes. Module Options msf use payload/cmd/linux/https/mipsbe/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf...

CVE-2021-26616

An OS command injection was found in SecuwaySSL, when special characters injection on execute command with runCommand arguments...

Exploit for Type Confusion in Mozilla Firefox

CVE-2024-8381 A SpiderMonkey Interpreter Type Confusion Bug...

Exploit for Out-of-bounds Write in Apple Ipados

TRAVERTINE...

Python Execute Command

Execute an arbitrary OS command. Compatible with Python 2.7 and 3.4+. Module Options msf use payload/python/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec run module MetasploitModule CachedSize =...

Python Exec, Python Execute Command

Execute a Python payload from a command. Execute an arbitrary OS command. Compatible with Python 2.7 and 3.4+. Module Options msf use payload/cmd/windows/python/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf...

CVE-2024-22033 obs-service-download_url is vulnerable to argument injection

The OBS service obs-service-downloadurl was vulnerable to a command injection vulnerability. The attacker could provide a configuration to the service that allowed to execute command in later steps...

CVE-2024-22033

CVE-2024-22033 affects the OBS service obs-service-download_url. The flaw is a command injection vulnerability where a configuration passed to the service can lead to command execution in subsequent steps. Public references confirm this impact and the vulnerable component is the obs-service-downl...

CVE-2024-22033 obs-service-download_url is vulnerable to argument injection

The OBS service obs-service-downloadurl was vulnerable to a command injection vulnerability. The attacker could provide a configuration to the service that allowed to execute command in later steps...

Gambio Online Webshop 4.9.2.0 Code Injection

============================================================================================================================================= | Title : Gambio Online Webshop 4.9.2.0 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

CVE-2022-27486

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 and 4.5.0 and FortiDDoS-F version 6.3.0 through 6.3.1, 6.2.0 through 6.2.2, 6.1...

Metasploit Weekly Wrap-Up 06/07/2024

New OSX payloads:ARMed and Dangerous In addition to an RCE leveraging CVE-2024-5084 to gain RCE through a WordPress Hash form, this release features the addition of several new binary OSX stageless payloads with aarch64 support: Execute Command, Shell Bind TCP, and Shell Reverse TCP. The new...

Fortinet Fortigate Path traversal in execute command (FG-IR-22-369)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-369 advisory. - A improper limitation of a pathname to a restricted directory vulnerability 'path traversal' CWE-22 in Fortinet FortiOS...

Exploit for Use of Hard-coded Credentials in Dlink Dns-320L_Firmware

Dinkleberry 🫐 Are you one of the 92,000+ people1 stuck with a...

PT-2024-18110 · Unknown · Lollms-Webui

Name of the Vulnerable Software and Affected Versions: lollms-webui affected versions not specified Description: A Cross-Site Request Forgery CSRF issue in the lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The issue stems from the "/execute code" API...