HTTPS Fetch, Bind TCP Stager (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/https/x86/vncinject/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options...

HTTPS Fetch, Linux Chmod

Fetch and execute an RISC-V 32-bit payload from an HTTPS server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/https/riscv32le/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and s...

MAL-2025-167106 Malicious code in teagood-manaki40 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cea8de29e266d19d4d2256309406f99e53bfc5bc6c2ae9ef59ad96444bd83a1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2023-42534

Malicious code in bioql PyPI...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-18562)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2024-52723

In TOTOLINK X6000R V9.4.0cu.1041B20240224 in the shttpd file, the UciSet Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload...

CVE-2024-36819

MAP-OS 4.45.0 and earlier is vulnerable to Cross-Site Scripting XSS. This vulnerability allows malicious users to insert a malicious payload into the "Client Name" input. When a service order from this client is created, the malicious payload is displayed on the administrator and employee...

Exploit for Argument Injection in Php

This repository is an exploit module for CVE-2018-19518, a vulnerability in the PHPMailer library. The exploit is written in Python and targets the PHPMailer library's use of the "mail" function to send emails. The vulnerability allows an attacker to inject malicious code into the email body, whi...

MiniWeb (Build 300) Arbitrary File Upload

This module exploits a vulnerability in MiniWeb HTTP server build 300. The software contains a file upload vulnerability that allows an unauthenticated remote attacker to write arbitrary files to the file system. Code execution can be achieved by first uploading the payload to the remote machine ...

LibXt XtAppInitialize() overflow *xterm exploit

Exploit for linux platform in category local exploits =============================================== LibXt XtAppInitialize overflow xterm exploit =============================================== / cxterm buffer overflow exploit for Linux. This code is tested on both Slackware 3.1 and 3.2. Ming...