Lucene search
+L

49 matches found

metasploit
metasploit
added 2026/06/25 7:5 p.m.159 views

SMB to Meterpreter Upgrade via PsExec

Upgrades an authenticated SMB session to a Meterpreter session using PsExec techniques. This module uploads a service-wrapped executable payload to the ADMIN$ share via the existing authenticated SMB connection, then creates and starts a Windows service that executes the payload. This mirrors the...

6AI score
Exploits0
metasploit
metasploit
added 2026/04/02 7:2 p.m.174 views

HTTP Fetch, Windows Upload/Execute, Hidden Bind TCP Stager

Fetch and execute an x86 payload from an HTTP server. Uploads an executable and runs it staged. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/http/x86/upexec/bindhiddentcp msf payloadbindhiddentcp show actions...

6AI score
Exploits0
packetstorm
packetstorm
added 2026/02/09 12:0 a.m.171 views

📄 Novell GroupWise 2012 Traversal / Shell Upload

This code exploits the directory traversal vulnerability in Novell GroupWise 2012 before Support Pack 1 to steal files, and attempts to upload a web shell payload if possible, making it an effective penetration testing tool...

5CVSS5.6AI score0.42466EPSS
Exploits4
packetstorm
packetstorm
added 2026/01/26 12:0 a.m.250 views

📄 Magento 2 / Adobe Commerce 2.4.x SessionReaper

This PHP script is a proof of concept exploit targeting Magento for CVE‑2025‑54236, commonly referred to as SessionReaper. It is a PHP port of an original Metasploit module and is designed for security testing...

9.1CVSS5.9AI score0.96742EPSS
Exploits9
cvelist
cvelist
added 2026/01/13 10:51 p.m.103 views

CVE-2020-36911 Covenant 0.5 - Remote Code Execution (RCE)

Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitrary commands on the target system...

9.8CVSS0.10447EPSS
Exploits1References7
nvd
nvd
added 2026/01/13 8:16 a.m.9 views

CVE-2025-41717

An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to improper control of code generation 'Code...

8.8CVSS0.00496EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2025/12/18 7:53 p.m.3 views

CVE-2023-53942 File Thingie 2.5.7 Authenticated Arbitrary File Upload Remote Code Execution

File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom PHP payload, upload and unzip it, and then execute arbitrary system commands through a crafted PHP script with ...

9.4CVSS7.4AI score0.00497EPSS
Exploits1References3
githubexploit
githubexploit
added 2025/12/14 8:29 p.m.222 views

Exploit for Improper Neutralization of Line Delimiters in Cacti

Cacti CVE-2025-24367 Authenticated RCE PoC This repository co...

8.8CVSS8.9AI score0.54024EPSS
Exploits10
githubexploit
githubexploit
added 2025/12/02 9:55 a.m.353 views

Exploit for Code Injection in Samba

CVE-2017-7494 Remote root exploit for the SAMBA CVE-2017-7494...

10CVSS9AI score0.99448EPSS
Exploits24
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2012-6608

Malware in sbrugna...

8.7CVSS6.3AI score0.01209EPSS
Exploits2References5
metasploit
metasploit
added 2025/09/29 6:52 p.m.814 views

Windows Silent Process Exit Persistence

Windows allows you to set up a debug process when a process exits. This module uploads a payload and declares that it is the debug process to launch when a specified process exits. Module Options msf use exploit/windows/persistence/imageexecoptions msf exploitimageexecoptions show targets...

5.8AI score
Exploits0
packetstorm
packetstorm
added 2025/09/29 12:0 a.m.277 views

📄 Windows Silent Process Exit Persistence

Windows allows you to set up a debug process when a process exits. This Metasploit module uploads a payload and declares that it is the debug process to launch when a specified process exits. This module requires Metasploit: https://metasploit.com/download Current source:...

6.9AI score
Exploits0
githubexploit
githubexploit
added 2025/06/15 1:48 p.m.396 views

Exploit for CVE-2025-49113

VIETNAMESE - ✅ Tính năng: Hỗ trợ upload payload.p...

9.9CVSS9.8AI score0.94741EPSS
Exploits29
githubexploit
githubexploit
added 2025/05/10 9:21 p.m.372 views

Exploit for CVE-2025-32583

🚨 CVE-2025-32583 — WordPress PDF 2 Post RCE Exploit CRITI...

9.9CVSS7.1AI score0.13265EPSS
Exploits2
githubexploit
githubexploit
added 2025/03/14 7:36 a.m.595 views

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2025-24813 Apache Tomcat RCE PoC Proof of Concept PoC ex...

9.8CVSS9.4AI score0.99945EPSS
Exploits47
packetstorm
packetstorm
added 2025/03/13 12:0 a.m.233 views

WordPress Really Simple SSL 9.0.0 Authentication Bypass

WordPress Really Simple SSL plugin version 9.0.0 proof of concept 2FA bypass that allows the uploading of a malicious plugin. ============================================================================================================================================= | Title : WordPress Really...

9.8CVSS7.1AI score0.81722EPSS
Exploits21
githubexploit
githubexploit
added 2024/05/13 11:58 a.m.86 views

Exploit for CVE-2024-4701

CVE-2024-4701-POC POC for CVE-2024-4701 Download the genie do...

9.9CVSS7.3AI score0.24629EPSS
Exploits1
packetstorm
packetstorm
added 2024/04/17 12:0 a.m.718 views

pgAdmin 8.3 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'pgAdmin Session Deserialization RCE', 'Description' = %q pgAdmin versions = 8.3 have a path traversal vulnerability within their session manageme...

9.9CVSS7.4AI score0.79326EPSS
Exploits4
cnnvd
cnnvd
added 2024/02/02 12:0 a.m.4 views

mailcow 资源管理错误漏洞

mailcow is a mail server suite. A resource management error vulnerability exists in mailcow that stems from the application slowing down and becoming unresponsive in the administration page once the payload is successfully uploaded in the logo. No details of the vulnerability are provided at this...

4.7CVSS6.8AI score0.00597EPSS
Exploits1References4
packetstorm
packetstorm
added 2023/06/23 12:0 a.m.764 views

MOVEit SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MOVEit SQL Injection vulnerability', 'Description' = %q This module exploits an SQL injection vulnerability in the MOVEit Transfer web applicatio...

9.8CVSS7.1AI score0.99934EPSS
Exploits15
Rows per page
Query Builder