124 matches found
Microsoft SharePoint - Remote Code Execution
Microsoft SharePoint is vulnerable to a remote code execution when the software fails to check the source markup of an application package. id: CVE-2020-16952 info: name: Microsoft SharePoint - Remote Code Execution author: dwisiswant0 severity: high description: Microsoft SharePoint is vulnerabl...
EyesOfNetwork 5.1-5.3 - SQL Injection/Remote Code Execution
EyesOfNetwork 5.1 to 5.3 contains SQL injection and remote code execution vulnerabilities. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. See also CVE-2020-8655,...
EUVD-2009-3102
Malware in sbrugna...
Sliver Allows Authenticated Operator-to-Server Remote Code Execution
Description Sliver version 1.6.0 prerelease is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as the system root user. Impact As described in a past issue, "there is a clear security boundary between the operator and server, an operator should not inherently b...
PT-2024-29267 · Sliver · Sliver
Name of the Vulnerable Software and Affected Versions: Sliver version 1.6.0 prerelease Sliver versions prior to 1.6.0 Description: Sliver is an open source cross-platform adversary emulation/red team framework that can be used by organizations of all sizes to perform security testing. It is...
Metasploit Weekly Wrap-Up 01/19/24
Unicode your way to a php payload and three modules to add to your playbook for Ansible Our own jheysel-r7 added an exploit leveraging the fascinating tool of php filter chaining to prepend a payload using encoding conversion characters and h00die et. al. have come through and added 3 new Ansible...
msf-olching.de Cross Site Scripting vulnerability OBB-3460487
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
TFTP Fetch, Linux Meterpreter Service, Reverse TCP Inline
Fetch and execute a x86 payload from a TFTP server. Stub payload for interacting with a Meterpreter Service Module Options msf use payload/cmd/linux/tftp/x86/metsvcreversetcp msf payloadmetsvcreversetcp show actions ...actions... msf payloadmetsvcreversetcp set ACTION msf payloadmetsvcreversetcp...
TFTP Fetch, Windows x64 Command Shell, Windows x64 Bind TCP Stager
Fetch and execute an x64 payload from a TFTP server. Spawn a piped command shell Windows x64 staged. Listen for a connection Windows x64 Module Options msf use payload/cmd/windows/tftp/x64/shell/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp...
TFTP Fetch, Windows x64 Bind TCP Stager
Fetch and execute an x64 payload from a TFTP server. Listen for a connection Windows x64 Module Options msf use payload/cmd/windows/tftp/x64/meterpreter/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options... m...
Windows shellcode stage, Windows x64 Reverse Named Pipe (SMB) Stager
Custom shellcode stage. Connect back to the attacker via a named pipe pivot Module Options msf use payload/windows/x64/custom/reversenamedpipe msf payloadreversenamedpipe show actions ...actions... msf payloadreversenamedpipe set ACTION msf payloadreversenamedpipe show options ...show and set...
Powershell Exec, Windows shellcode stage, Windows x86 Reverse Named Pipe (SMB) Stager
Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker via a named pipe pivot Module Options msf use payload/cmd/windows/powershell/custom/reversenamedpipe msf payloadreversenamedpipe show actions ...actions... msf payloadreversenamedpipe set...
msf-olching.de Cross Site Scripting vulnerability OBB-2815742
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Powershell Exec, Windows Command Shell, Bind TCP Stager with UUID Support (Windows x86)
Execute an x86 payload from a command via PowerShell. Spawn a piped command shell staged. Listen for a connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/powershell/shell/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTI...
Powershell Exec, Windows Command Shell, Bind IPv6 TCP Stager with UUID Support (Windows x86)
Execute an x86 payload from a command via PowerShell. Spawn a piped command shell staged. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/powershell/shell/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf...
Powershell Exec, Windows x64 Bind TCP Stager
Execute an x64 payload from a command via PowerShell. Listen for a connection Windows x64 Module Options msf use payload/cmd/windows/powershell/x64/peinject/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options...
Powershell Exec, Windows Upload/Execute, Bind TCP Stager (Windows x86)
Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it staged. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/powershell/upexec/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp...
Powershell Exec, Bind IPv6 TCP Stager with UUID Support (Windows x86)
Execute an x86 payload from a command via PowerShell. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/powershell/peinject/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set ACTION msf...
Rockstar Service Insecure File Permissions
Exploit Title: Rockstar Service - Insecure File Permissions Date: 2020-04-02 Exploit Author: George Tsimpidas Software Link : https://socialclub.rockstargames.com/rockstar-games-launcher Version Patch: 1.0.37.349 Tested on: Microsoft Windows 10 Home 10.0.18362 N/A Build 18362 Vulnerability...
Exploit for CVE-2020-1938
CVE-2020-1938-MSF-MODULE Modified version of auxil...