7059 matches found
OS Command Exec, Unix Command Shell, Reverse TCP (stub)
Execute an OS command from PHP. Creates an interactive shell through an inbound connection stub only, no payload Module Options msf use payload/php/unix/cmd/reversestub msf payloadreversestub show actions ...actions... msf payloadreversestub set ACTION msf payloadreversestub show options ...show...
OS Command Exec, Unix Command Shell, Reverse TCP (via Zsh)
Execute an OS command from PHP. Connect back and create a command shell via Zsh. Note: Although Zsh is often available, please be aware it isn't usually installed by default. Module Options msf use payload/php/unix/cmd/reversezsh msf payloadreversezsh show actions ...actions... msf...
OS Command Exec, Unix Command Shell, Reverse TCP SSL (via perl)
Execute an OS command from PHP. Creates an interactive shell via perl, uses SSL Module Options msf use payload/php/unix/cmd/reverseperlssl msf payloadreverseperlssl show actions ...actions... msf payloadreverseperlssl set ACTION msf payloadreverseperlssl show options ...show and set options... ms...
OS Command Exec, Unix Command Shell, Reverse TCP (via Python)
Execute an OS command from PHP. Connect back and create a command shell via Python Module Options msf use payload/php/unix/cmd/reversepython msf payloadreversepython show actions ...actions... msf payloadreversepython set ACTION msf payloadreversepython show options ...show and set options... msf...
OS Command Exec, Unix Command Shell, Reverse UDP (via socat)
Execute an OS command from PHP. Creates an interactive shell via socat Module Options msf use payload/php/unix/cmd/reversesocatudp msf payloadreversesocatudp show actions ...actions... msf payloadreversesocatudp set ACTION msf payloadreversesocatudp show options ...show and set options... msf...
OS Command Exec, Unix Command Shell, Reverse TCP SSL (telnet)
Execute an OS command from PHP. Creates an interactive shell via mkfifo and telnet. This method works on Debian and other systems compiled without /dev/tcp support. This module uses the '-z' option included on some systems to encrypt using SSL. Module Options msf use...
OS Command Exec, Unix Command Shell, Reverse TCP (via socat)
Execute an OS command from PHP. Creates an interactive shell via socat Module Options msf use payload/php/unix/cmd/reversesocattcp msf payloadreversesocattcp show actions ...actions... msf payloadreversesocattcp set ACTION msf payloadreversesocattcp show options ...show and set options... msf...
OS Command Exec, Unix Command Shell, Reverse TCP (via jjs)
Execute an OS command from PHP. Connect back and create a command shell via jjs Module Options msf use payload/php/unix/cmd/reversejjs msf payloadreversejjs show actions ...actions... msf payloadreversejjs set ACTION msf payloadreversejjs show options ...show and set options... msf...
OS Command Exec, Unix Command Shell, Reverse TCP SSL (via php)
Execute an OS command from PHP. Creates an interactive shell via php, uses SSL Module Options msf use payload/php/unix/cmd/reversephpssl msf payloadreversephpssl show actions ...actions... msf payloadreversephpssl set ACTION msf payloadreversephpssl show options ...show and set options... msf...
OS Command Exec, Unix Command Shell, Reverse TCP (via ncat)
Execute an OS command from PHP. Creates an interactive shell via ncat, utilizing ssl mode Module Options msf use payload/php/unix/cmd/reversencatssl msf payloadreversencatssl show actions ...actions... msf payloadreversencatssl set ACTION msf payloadreversencatssl show options ...show and set...
OS Command Exec, Unix Command Shell, Double Reverse TCP SSL (telnet)
Execute an OS command from PHP. Creates an interactive shell through two inbound connections, encrypts using SSL via "-z" option Module Options msf use payload/php/unix/cmd/reversessldoubletelnet msf payloadreversessldoubletelnet show actions ...actions... msf payloadreversessldoubletelnet set...
OS Command Exec, Unix Command Shell, Reverse TCP (via Ksh)
Execute an OS command from PHP. Connect back and create a command shell via Ksh. Note: Although Ksh is often available, please be aware it isn't usually installed by default. Module Options msf use payload/php/unix/cmd/reverseksh msf payloadreverseksh show actions ...actions... msf...
USN-7562-1 tomcat vulnerabilities
It was discovered that Tomcat did not include the secure attribute for session cookies when using the RemoteIpFilter with requests from a reverse proxy. An attacker could possibly use this issue to leak sensitive information. This issue was fixed for tomcat8 on Ubuntu 18.04 LTS and for tomcat9 on...
USN-7562-1: Tomcat vulnerabilities
It was discovered that Tomcat did not include the secure attribute for session cookies when using the RemoteIpFilter with requests from a reverse proxy. An attacker could possibly use this issue to leak sensitive information. This issue was fixed for tomcat8 on Ubuntu 18.04 LTS and for tomcat9 on...
Exploit for CVE-2025-49619
CVE-2025-49619 PoC --- This script exploits CVE-2025-49619...
Exploit for Code Injection in Squirrelly
CVE-2024-40453 - Squirrelly v9.0.0 RCE Disclaimer: This sc...
OESA-2025-1612 cpp-httplib security update
A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size...
OESA-2025-1610 cpp-httplib security update
A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size...
Deconstructing Obfuscation: a Four-Dimensional Framework for Evaluating Large Language Models Assembly Code Deobfuscation Capabilities
Large language models LLMs have shown promise in software engineering, yet their effectiveness for binary analysis remains unexplored. We present the first comprehensive evaluation of commercial LLMs for assembly code deobfuscation. Testing seven state-of-the-art models against four obfuscation...
CVE-2025-46341
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, when the server is using HTTP auth via reverse proxy, it's possible to impersonate any user either via the Remote-User header or the X-WebAuth-User header by making specially crafted requests via the add feed functionality an...