221 matches found
EUVD-2026-45266
A flaw was found in xdgmime. A heap-based buffer overflow can be triggered in xdgmimemagicparsemagicline in the xdgmimemagic.c file on little-endian systems when an attacker-controlled MIME magic file in a user-writable XDG data location e.g., in the $XDGDATAHOME/mime/magic path is parsed by an...
CVE-2026-16118
CVE-2026-16118 : Affects the xdgmime component, specifically the heap-based overflow in _xdg_mime_magic_parse_magic_line() within xdgmimemagic.c. On little-endian systems, parsing a user-writable MIME magic file (e.g., $XDG_DATA_HOME/mime/magic) can trigger an out-of-bounds write of 2 bytes durin...
CVE-2026-16118 Xdgmime: heap-based buffer overflow in _xdg_mime_magic_parse_magic_line() in xdgmimemagic.c
A flaw was found in xdgmime. A heap-based buffer overflow can be triggered in xdgmimemagicparsemagicline in the xdgmimemagic.c file on little-endian systems when an attacker-controlled MIME magic file in a user-writable XDG data location e.g., in the $XDGDATAHOME/mime/magic path is parsed by an...
CVE-2026-16118
A flaw was found in xdgmime. A heap-based buffer overflow can be triggered in xdgmimemagicparsemagicline in the xdgmimemagic.c file on little-endian systems when an attacker-controlled MIME magic file in a user-writable XDG data location e.g., in the $XDGDATAHOME/mime/magic path is parsed by an...
PT-2026-60848
Name of the Vulnerable Software and Affected Versions xdgmime affected versions not specified Description A heap-based buffer overflow exists in the xdg mime magic parse magic line function within the xdgmimemagic.c file on little-endian systems. The issue occurs when an application performs MIME...
FTP Fetch, Linux dup2 Command Shell, Bind TCP Stager
Fetch and execute an ARMLE payload from an FTP server. dup2 socket in r12, then execve. Listen for a connection Module Options msf use payload/cmd/linux/ftp/armle/shell/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and...
FTP Fetch, Linux Reboot
Fetch and execute an MIPSLE payload from an FTP server. A very small shellcode for rebooting the system using the reboot syscall. This payload is sometimes helpful for testing purposes. Requires CAPSYSBOOT privileges. Module Options...
FTP Fetch
Fetch and execute an MIPSLE payload from an FTP server. Module Options...
FTP Fetch
Fetch and execute an ARMLE payload from an FTP server. Module Options msf use payload/cmd/linux/ftp/armle/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf payloadmeterpreterreversehttps set ACTION msf payloadmeterpreterreversehttps show options ...show and...
FTP Fetch
Fetch and execute an MIPSLE payload from an FTP server. Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule include Msf::Payload::Adapter::Fetch::FTP include...
FTP Fetch, Reverse TCP Stager
Fetch and execute an MIPSLE payload from an FTP server. Connect back to the attacker Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule include Msf::Payload::Adapter::Fetch::FTP...
FTP Fetch, Linux Command Shell, Reverse TCP Inline
Fetch and execute an ARMLE payload from an FTP server. Connect to target and spawn a command shell Module Options msf use payload/cmd/linux/ftp/armle/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show and...
FTP Fetch
Fetch and execute an MIPSLE payload from an FTP server. Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule include Msf::Payload::Adapter::Fetch::FTP include...
FTP Fetch, Linux Execute Command
Fetch and execute an ARMLE payload from an FTP server. Execute an arbitrary command or just a /bin/sh shell Module Options msf use payload/cmd/linux/ftp/armle/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf...
FTP Fetch, Linux Add User
Fetch and execute an ARMLE payload from an FTP server. Create a new user with UID 0 Module Options msf use payload/cmd/linux/ftp/armle/adduser msf payloadadduser show actions ...actions... msf payloadadduser set ACTION msf payloadadduser show options ...show and set options... msf payloadadduser...
XOR Encoder
Dword XOR encoder for RISC-V 64-bit Little Endian. Encodes the payload with a 4-byte XOR key. Module Options msf use encoder/riscv64le/longxor msf encoderlongxor show actions ...actions... msf encoderlongxor set ACTION msf encoderlongxor show options ...show and set options... msf encoderlongxor...
Dword XOR Encoder (Tag-based)
Dword XOR encoder for RISC-V 32-bit Little Endian using a tag-based terminator rather than an encoded length. The decoder loop XORs each dword and stops when the result is zero the sentinel. This avoids encoding the payload length in the stub, eliminating a source of bad character conflicts. Note...
Byte XORi Encoder
Byte XOR encoder for RISC-V 64-bit Little Endian. Encodes the payload byte-by-byte with a 1-byte XOR key using the xori instruction. Useful when R-type XOR instruction bytes 0x33 are bad characters. Module Options msf use encoder/riscv64le/bytexori msf encoderbytexori show actions ...actions... m...
XOR Encoder with Cipher Feedback
Dword XOR encoder with cipher feedback for RISC-V 64-bit Little Endian. Each dword is XORed with the previous encoded dword rather than a static key, creating a chained dependency that makes the output more resistant to frequency analysis. The first dword is XORed with the key to bootstrap the...
XOR Encoder with Cipher Feedback
Dword XOR encoder with cipher feedback for RISC-V 32-bit Little Endian. Each dword is XORed with the previous encoded dword rather than a static key, creating a chained dependency that makes the output more resistant to frequency analysis. The first dword is XORed with the key to bootstrap the...