Lucene search
K

1200 matches found

Nuclei
Nuclei
added 3 days ago49 views

Klog Server <=2.41 - Unauthenticated Command Injection

Klog Server 2.4.1 and prior is susceptible to an unauthenticated command injection vulnerability. The authenticate.php file uses the user HTTP POST parameter in a call to the shellexec PHP function without appropriate input validation, allowing arbitrary command execution as the apache user. The...

10CVSS7.7AI score0.87987EPSS
Exploits8References5
Metasploit
Metasploit
added 5 days ago64 views

Linux Execute Command

Execute an arbitrary command. Module Options msf use payload/linux/loongarch64/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec run frozenstringliteral: true This module requires Metasploit:...

6AI score
Exploits0
Information Security Automation
Information Security Automation
added 2026/06/26 5:0 p.m.4 views

June Linux Patch Wednesday

June Linux Patch Wednesday. A total of 1,888 vulnerabilities 324 in the Linux kernel, and a whopping 728 in Chromium ❗️. For comparison, there were 1,638 vulnerabilities in May. The increase isn't as dramatic as it was from April to May, but it's still a new record. One of the vulnerabilities has...

8.8CVSS7AI score0.01849EPSS
Exploits20
Metasploit
Metasploit
added 2026/06/18 7:1 p.m.126 views

OS Command Exec, Unix Command Shell, Bind TCP (via socat)

Execute an OS command from PHP. Creates an interactive shell via socat Module Options msf use payload/php/unix/cmd/bindsocattcp msf payloadbindsocattcp show actions ...actions... msf payloadbindsocattcp set ACTION msf payloadbindsocattcp show options ...show and set options... msf...

5.9AI score
Exploits0
Metasploit
Metasploit
added 2026/06/18 7:1 p.m.118 views

Unix Command Shell, Bind TCP (via socat)

Creates an interactive shell via socat Module Options msf use payload/cmd/unix/bindsocattcp msf payloadbindsocattcp show actions ...actions... msf payloadbindsocattcp set ACTION msf payloadbindsocattcp show options ...show and set options... msf payloadbindsocattcp run This module requires...

9.2CVSS5.9AI score0.26468EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/06/12 12:0 a.m.65 views

📄 Palo Alto GlobalProtect Authentication Bypass

This Metasploit module exploits an authentication bypass vulnerability in Palo Alto Networks PAN-OS GlobalProtect portal and gateway components. The vulnerability stems from CWE-565: Reliance on Cookies without Validation and Integrity Checking. An unauthenticated remote attacker can forge...

9.1CVSS5.5AI score0.86678EPSS
Exploits9
Packet Storm News
Packet Storm News
added 2026/06/05 12:0 a.m.10 views

ClickFix Server Creation

This Metasploit module creates a web server which hosts a ClickFix type exploit. When a user visits the site they are given instructions on pasting our payload into a run dialog. When using a custom html page, please use INSERTPAYLOADHERE as the spot to put the generated payload in...

5.4AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/23 11:37 p.m.79 views

programming-for-penetration-testing-buffer-overflow-exploit

Buffer Overflow Exploit in Ruby Overview This project was...

6.1AI score
Exploits0
Packet Storm
Packet Storm
added 2026/05/14 12:0 a.m.69 views

📄 GestioIP 3.5.7 Remote Command Execution

This Metasploit module exploits a command execution via file upload. If GestioIP is configured to use no authentication for admin account, no password is required to exploit the vulnerability. Otherwise, an authenticated user with admin right on the web site is required to exploit. This module...

9.8CVSS5.9AI score0.45109EPSS
Exploits5
Packet Storm News
Packet Storm News
added 2026/05/08 12:0 a.m.10 views

VIM Plugin Persistence

This Metasploit module creates a VIM Plugin which executes a payload on VIM startup...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/24 12:0 a.m.113 views

📄 Microsoft MMC (.MSC) File Execution Abuse Leading / Admin Creation

This Metasploit local Windows exploit module abuses the way Microsoft Management Console MMC processes specially crafted .msc files to achieve arbitrary PowerShell execution when a user opens the file. The payload is designed to create a new local administrator account or execute a custom command...

7CVSS8.2AI score0.31894EPSS
Exploits7
Packet Storm
Packet Storm
added 2026/04/24 12:0 a.m.83 views

📄 NocoBase 2.0.27 Sandbox Escape / Remote Code Execution

This code is a Metasploit Auxiliary module designed to exploit a remote code execution vulnerability in NocoBase versions 2.0.27 and below. It targets a flaw in the server-side script execution engine flownodes that allows breaking out of the JavaScript sandbox...

9.9CVSS6.7AI score0.36503EPSS
Exploits7
Packet Storm
Packet Storm
added 2026/04/24 12:0 a.m.76 views

📄 MISP 2.5.27 Workflow Engine Cross Site Scripting

This Metasploit auxiliary module targets a potential stored cross site scripting vulnerability in the MISP Workflow Engine. It is designed to interact with the MISP API, create workflows, and inject malicious payloads into workflow data fields...

5AI score
Exploits0
Packet Storm
Packet Storm
added 2026/04/22 12:0 a.m.89 views

📄 Dovecot doveadm Timing Attack / Credential Extraction

This Metasploit auxiliary module performs a timing-based side-channel attack against the Dovecot doveadm HTTP interface to extract credentials character by character. ==================================================================================================================================...

7.4CVSS5.8AI score0.00392EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/04/22 12:0 a.m.92 views

📄 Dovecot OTP Replay Attack

This Metasploit auxiliary module targets a vulnerability in Dovecot's OTP One-Time Password authentication system that allows potential replay attacks when authentication caching is enabled and username handling is improperly managed...

6.8CVSS5.7AI score0.00338EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/04/22 12:0 a.m.106 views

📄 Dovecot passwd-file Path Traversal

This Metasploit auxiliary module targets a path traversal vulnerability in Dovecot's passwd-file authentication backend when per-domain configuration is enabled. ================================================================================================================================== |...

5.3CVSS5.7AI score0.00427EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/04/21 12:0 a.m.167 views

📄 Below Log File Symlink Privilege Escalation

This Metasploit module exploits a local privilege escalation vulnerability in the below utility when executed with sudo. This affects versions prior to 0.9.0. ================================================================================================================================== | Title...

6.8CVSS7.1AI score0.0036EPSS
Exploits22
Packet Storm
Packet Storm
added 2026/04/21 12:0 a.m.136 views

📄 ASP.net 8.0.10 Core Kestrel HTTP Request Smuggling

This Metasploit auxiliary module targets a critical HTTP request smuggling vulnerability in ASP.NET Core Kestrel caused by improper parsing of malformed chunked transfer encoding notably LF-only line handling and case-variant headers like chUnKEd...

9.9CVSS5.8AI score0.66258EPSS
Exploits5
Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.93 views

📄 OpenEMR 8.0.0.2 Remote Code Execution

This Metasploit exploit module targets a potential remote code execution vulnerability in OpenEMR systems identified as CVE-2026-32238. The module combines authentication handling, HTTP request manipulation, and command injection capabilities to achieve remote command execution on vulnerable...

9.1CVSS6.5AI score0.01889EPSS
Exploits3
Metasploit
Metasploit
added 2026/04/02 7:2 p.m.250 views

HTTPS Fetch, Hidden Bind TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/https/x86/vncinject/bindhiddentcp msf payloadbindhiddentcp show actions ...actions... msf payloadbindhiddentc...

6AI score
Exploits0
Rows per page
Query Builder