357 matches found
CVE-2026-39338
ChurchCRM is an open-source church management system. Prior to 7.1.0, a Blind Reflected Cross-Site Scripting vulnerability exists in the search parameter accepted by the ChurchCRM dashboard. The application fails to sanitize or encode user-supplied input prior to rendering it within the browser's...
Malicious code in request-js-validator (npm)
Copy of 'request' library with injected payload. Spawns detached child process that fetches stage-2 and executes via new Function.constructor'require', payload. Same pattern as express-session-js. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
Supply-Chain Poisoning Attacks against LLM Coding Agent Skill Ecosystems
LLM-based coding agents extend their capabilities via third-party agent skills distributed through open marketplaces without mandatory security review. Unlike traditional packages, these skills are executed as operational directives with system-level privileges, so a single malicious skill can...
HTTPS Fetch, Windows Upload/Execute, Reverse UDP Stager with UUID Support
Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/https/x86/upexec/reverseudp msf payloadreverseudp show actions ...actions... msf payloadreverseudp set ACTION...
HTTPS Fetch
Fetch and execute an x86 payload from an HTTPS server. Module Options msf use payload/cmd/windows/https/x86/powershellreversetcp msf payloadpowershellreversetcp show actions ...actions... msf payloadpowershellreversetcp set ACTION msf payloadpowershellreversetcp show options ...show and set...
HTTPS Fetch, Windows Command Shell, Bind TCP Stager with UUID Support (Windows x86)
Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Listen for a connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/https/x86/shell/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTI...
HTTPS Fetch, Windows Command Shell, Windows x86 Bind Named Pipe Stager
Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Listen for a pipe connection Windows x86 Module Options msf use payload/cmd/windows/https/x86/shell/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf...
HTTPS Fetch, Windows x86 Pingback, Bind TCP Inline
Fetch and execute an x86 payload from an HTTPS server. Open a socket and report UUID when a connection is received Windows x86 Module Options msf use payload/cmd/windows/https/x86/pingbackbindtcp msf payloadpingbackbindtcp show actions ...actions... msf payloadpingbackbindtcp set ACTION msf...
HTTPS Fetch, Reverse TCP Stager with UUID Support
Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/https/x86/vncinject/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf payloadreversetcpuuid...
HTTPS Fetch, Bind TCP Stager with UUID Support (Windows x86)
Fetch and execute an x86 payload from an HTTPS server. Listen for a connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/https/x86/vncinject/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf payloadbindtcpuuid show...
HTTPS Fetch, Find Tag Ordinal Stager
Fetch and execute an x86 payload from an HTTPS server. Use an established connection Module Options msf use payload/cmd/windows/https/x86/vncinject/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show options ...show and set options... msf...
HTTPS Fetch, Windows Command Shell, Bind TCP Inline
Fetch and execute an x86 payload from an HTTPS server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/windows/https/x86/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options...
HTTPS Fetch
Fetch and execute an x86 payload from an HTTPS server. Module Options msf use payload/cmd/windows/https/x86/powershellbindtcp msf payloadpowershellbindtcp show actions ...actions... msf payloadpowershellbindtcp set ACTION msf payloadpowershellbindtcp show options ...show and set options... msf...
HTTPS Fetch, Windows Upload/Execute, Bind TCP Stager with UUID Support (Windows x86)
Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Listen for a connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/https/x86/upexec/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid s...
HTTPS Fetch, Hidden Bind TCP Stager
Fetch and execute an x86 payload from an HTTPS server. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/https/x86/vncinject/bindhiddentcp msf payloadbindhiddentcp show actions ...actions... msf payloadbindhiddentc...
HTTP Fetch, Windows Command Shell, Reverse TCP Stager (DNS)
Fetch and execute an x86 payload from an HTTP server. Spawn a piped command shell staged. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/shell/reversetcpdns msf payloadreversetcpdns show actions ...actions... msf payloadreversetcpdns set ACTION msf...
HTTPS Fetch, Windows Reverse HTTP Stager (wininet)
Fetch and execute an x86 payload from an HTTPS server. Tunnel communication over HTTP Windows wininet Module Options msf use payload/cmd/windows/https/x86/dllinject/reversehttp msf payloadreversehttp show actions ...actions... msf payloadreversehttp set ACTION msf payloadreversehttp show options...
HTTP Fetch, Reverse TCP Stager (No NX or Win7)
Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker No NX Module Options msf use payload/cmd/windows/http/x86/peinject/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION msf payloadreversenonxtcp show options...
HTTP Fetch, Bind IPv6 TCP Stager with UUID Support (Windows x86)
Fetch and execute an x86 payload from an HTTP server. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/http/x86/patchupmeterpreter/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set ACTION msf...
HTTPS Fetch, Reverse TCP Stager (DNS)
Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/patchupdllinject/reversetcpdns msf payloadreversetcpdns show actions ...actions... msf payloadreversetcpdns set ACTION msf payloadreversetcpdns show options...