HTTPS Fetch

Fetch and execute an ARMBE payload from an HTTPS server. Module Options msf use payload/cmd/linux/https/armbe/meterpreterreversehttp msf payloadmeterpreterreversehttp show actions ...actions... msf payloadmeterpreterreversehttp set ACTION msf payloadmeterpreterreversehttp show options ...show and...

HTTP Fetch, Linux Execute Command

Fetch and execute an MIPSLE payload from an HTTP server. A very small shellcode for executing commands. This module is sometimes helpful for testing purposes as well as on targets with extremely limited buffer space. Module Options msf use payload/cmd/linux/http/mipsle/exec msf payloadexec show...

TFTP Fetch

Fetch and execute an MIPSLE payload from a TFTP server. Module Options msf use payload/cmd/linux/tftp/mipsle/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf payloadmeterpreterreversehttps set ACTION msf payloadmeterpreterreversehttps show options ...show...

TFTP Fetch, Linux Command Shell, Reverse TCP Inline

Fetch and execute an MIPSBE payload from a TFTP server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/tftp/mipsbe/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp sh...

HTTPS Fetch, Linux Execute Command

Fetch and execute an MIPSBE payload from an HTTPS server. A very small shellcode for executing commands. This module is sometimes helpful for testing purposes. Module Options msf use payload/cmd/linux/https/mipsbe/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf...

TFTP Fetch

Fetch and execute an AARCH64 payload from a TFTP server. Module Options msf use payload/cmd/linux/tftp/aarch64/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and se...

HTTP Fetch, Reverse TCP Stager

Fetch and execute an MIPSBE payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/linux/http/mipsbe/meterpreter/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set...

CVE-2024-13556

The Affiliate Links: WordPress Plugin for Link Cloaking and Link Management plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.1 via deserialization of untrusted input from an file export. This makes it possible for unauthenticated attackers to...

CVE-2025-25893

An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the inIP, insPort, inePort, exsPort, exePort, and protocol parameters. This vulnerability allows attackers to execute arbitrary operating system OS commands via a crafted packet...

Linux Ratfor Buffer Overflow Vulnerability

Linux Ratfor is a programming language implemented as a preprocessor for Fortran 66. A buffer overflow vulnerability exists in Linux Ratfor 1.06 and earlier versions, which stems from an application boundary error when handling untrusted input. An attacker could exploit the vulnerability to execu...

The vulnerability of the Mobile Security Framework (MobSF) for mobile application security research lies in an incorrect pathname limitation, which allows a malicious actor to gain unauthorized access for reading, deleting protected information, and executing arbitrary code.

The vulnerability of the Mobile Security Framework MobSF for mobile application security research is related to an incorrect restriction on the path name to the directory. Exploiting this vulnerability could allow a remote attacker to gain unauthorized access to read, delete protected information...

CVE-2024-13636

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-24926. Reason: This candidate is a reservation duplicate of CVE-2024-24926. Notes: All CVE users should reference CVE-2024-24926 instead of this candidate. All references and descriptions in this candidate have been...

CVE-2024-57964

Insecure Loading of Dynamic Link Libraries have been discovered in HVAC Energy Saving Program, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems. This issue affects HVAC Energy Saving Program:...

CVE-2024-13556 Affiliate Links: WordPress Plugin for Link Cloaking and Link Management <= 3.0.1 - Missing Authorization to Unauthenticated Import/Export and PHP Object Injection

The Affiliate Links: WordPress Plugin for Link Cloaking and Link Management plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.1 via deserialization of untrusted input from an file export. This makes it possible for unauthenticated attackers to...

CVE-2024-12562

The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2memberproremoteop' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No know...

CVE-2025-22209

A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature...

Adobe Illustrator Memory Misreference Vulnerability (CNVD-2025-04203)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. A memory misreference vulnerability exists in Adobe Illustrator, which can be exploited by an attacker to execute arbitrary code in the current user's environment...

Unspecified Vulnerability in Apple GarageBand (CNVD-2025-06484)

Apple GarageBand is an application from Apple USA. An unspecified vulnerability exists in Apple GarageBand, which can be exploited by an attacker to execute arbitrary code...

CVE-2025-22209

A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature...

CVE-2024-34930

A SQL injection vulnerability in /model/allevents1.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the month parameter...