Lucene search
K

9 matches found

Metasploit
Metasploit
added 2026/04/02 7:2 p.m.220 views

HTTPS Fetch, Windows Upload/Execute, Hidden Bind Ipknock TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you coul...

6AI score
Exploits0
Metasploit
Metasploit
added 2026/04/02 7:2 p.m.198 views

HTTPS Fetch, Windows Upload/Execute, Bind IPv6 TCP Stager with UUID Support (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/https/x86/upexec/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 2:8 a.m.14 views

CVE-2013-4094

The Key Management feature in the SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the 1 privatekey or 2 publickey parameter in a T/keyManagement request to plain/settings.html, as demonstrated b...

6.5CVSS6.7AI score0.05629EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/11 3:39 a.m.21 views

CVE-2025-32035

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 9.13.2, when uploading files e.g. when uploading assets, the file extension is checked to see if it's an allowed file type but the actual contents of the file aren't checked. This...

7.5CVSS6.7AI score0.0017EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/03/10 5:47 p.m.3 views

CVE-2022-26521

Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the CatalogMedia ManagerImages settings can be changed by an administrator e.g., by configuring .php to be a valid image file type...

7.2CVSS7.4AI score0.09615EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2022/02/26 9:15 p.m.2 views

CVE-2022-26149

MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator...

7.2CVSS6.2AI score0.09314EPSS
Exploits4References3
NVD
NVD
added 2020/08/07 8:15 p.m.31 views

CVE-2020-13376

SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable files and achieve OS command execution via a crafted SecurEnvoyReply cookie...

9.3CVSS9.1AI score0.03507EPSS
Exploits1References2
Prion
Prion
added 2019/06/25 11:15 a.m.19 views

Command injection

In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a phishing page, an attacker can leverage XSS to upload arbitrary executable code, via diagcommand.php and rrdfetchjson.php timePeriod parameter, to a server. Then, the remote...

4.3CVSS6.1AI score0.03031EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2012/08/27 12:0 a.m.7 views

PT-2012-5161 · Pbboard · Pbboard

Name of the Vulnerable Software and Affected Versions: PBBoard version 2.1.4 Description: The issue allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension to the addons directory via admin.php, and then accessing it directly. This can be...

6.8CVSS7.4AI score0.02573EPSS
Exploits3References9
Rows per page
Query Builder