SMB Fetch

Fetch and execute an x64 payload from an SMB server. Module Options msf use payload/cmd/windows/smb/x64/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec run This module requires Metasploit:...

Stack overflow

A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service DoS condition. This issue affect...

Oracle Linux 7 : bash (ELSA-2020-1113)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-1113 advisory. 4.2.46-34 - BASHCMD should not be writable in restricted shell Resolves: 1693181 Tenable has extracted the preceding description block directly from the Oracle...

Maltrail 0.53 Unauthenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Maltrail Unauthenticated Command Injection', 'Description' = %q Maltrail is a malicious traffic detection system, utilizing publicly available...

HTTPS Fetch, Linux Execute Command

Fetch and execute an x86 payload from an HTTPS server. Execute an arbitrary command or just a /bin/sh shell Module Options msf use payload/cmd/linux/https/x86/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf...

HTTPS Fetch

Fetch and execute an x64 payload from an HTTPS server. Module Options msf use payload/cmd/windows/https/x64/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec run This module requires Metasploit:...

TFTP Fetch, Linux Execute Command

Fetch and execute an x64 payload from a TFTP server. Execute an arbitrary command or just a /bin/sh shell Module Options msf use payload/cmd/linux/tftp/x64/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf...

HTTPS Fetch, Linux Execute Command

Fetch and execute an x64 payload from an HTTPS server. Execute an arbitrary command or just a /bin/sh shell Module Options msf use payload/cmd/linux/https/x64/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf...

Command injection

OS command injection vulnerability in PIX-RT100 versions RT100TEQ2.1.1EQ101 and RT100TEQ2.1.2EQ101 allows a network-adjacent attacker who can access product settings to execute an arbitrary OS command...

CVE-2022-43464

Hidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings...

PT-2022-5603 · Aveva · Aveva Edge

Name of the Vulnerable Software and Affected Versions: AVEVA Edge formerly InduSoft Web Studio versions R2020 and prior Description: An issue was discovered in the ExecuteCommand function that allows unauthenticated arbitrary commands to be executed. This is related to errors in access control...

Exploit for Improper Access Control in Webmin

WebminRCE-exploit CVE-2022-0824, CVE-2022-0829 - File Manger p...

Kubernetes: RCE on ingress-nginx-controller via Ingress spec.rules.http.paths.path field

A vulnerability was exploited that allowed arbitrary files to be written and executed on the ingress-nginx-controller pod through the manipulation of Ingress resource specifications. By configuring log formats and locations, malicious configurations could gain remote code execution capabilities o...

CVE-2022-31845

A vulnerability in livecheck.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function...

CVE-2022-31308

A vulnerability in livemfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to obtain sensitive router information via execution of the exec cmd function...

WAVLINK WN535 G3 安全漏洞

The WAVLINK WN535 G3 is a wireless router from the Chinese company WAVLINK. A security vulnerability exists in the WAVLINK WN535 G3 M35G3R.V5030.180927 version, which originates from a vulnerability in livemfg.shtml. An attacker can exploit this vulnerability to obtain sensitive router informatio...

PT-2022-20681 · Wavlink · Wavlink Aerial X 1200M

Name of the Vulnerable Software and Affected Versions: WAVLINK AERIAL X 1200M version M79X3.V5030.180719 Description: A vulnerability in live check.shtml allows attackers to obtain sensitive router information via execution of the exec cmd function. Recommendations: For version M79X3.V5030.180719...

Powershell Exec, Windows Upload/Execute, Reverse Ordinal TCP Stager (No NX or Win7)

Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it staged. Connect back to the attacker Module Options msf use payload/cmd/windows/powershell/upexec/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf...

CVE-2021-23556

Guake is vulnerable before version 3.8.5 to Exposed Dangerous Method or Function due to exposure of execute_command and execute_command_by_uuid via the D-Bus interface, allowing a malicious user to run an arbitrary command. Exploitation requires the attacker to have or trigger another malicious p...

Enterprise Distributed Technologies CompleteFTP Server 命令注入漏洞

Enterprise Distributed Technologies CompleteFTP Server is a Windows-based SFTP SHH File Transfer Protocol server from Enterprise Distributed Technologies, Australia. A security vulnerability exists in Enterprise Distributed Technologies CompleteFTP Server versions prior to 12.1.4 that stems from...