19028 matches found
HTTP Fetch, Windows shellcode stage, Bind IPv6 TCP Stager (Windows x86)
Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Listen for an IPv6 connection Windows x86 Module Options msf use payload/cmd/windows/http/x86/custom/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp...
HTTP Fetch, Reverse TCP Stager
Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/dllinject/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set options...
HTTP Fetch
Fetch and execute an x86 payload from an HTTP server. Module Options msf use payload/cmd/windows/http/x86/adduser msf payloadadduser show actions ...actions... msf payloadadduser set ACTION msf payloadadduser show options ...show and set options... msf payloadadduser run This module requires...
HTTP Fetch, Windows shellcode stage, Find Tag Ordinal Stager
Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Use an established connection Module Options msf use payload/cmd/windows/http/x86/custom/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show options ...show and se...
HTTP Fetch, Windows shellcode stage, Reverse TCP Stager (DNS)
Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/custom/reversetcpdns msf payloadreversetcpdns show actions ...actions... msf payloadreversetcpdns set ACTION msf payloadreversetcpdns show...
HTTP Fetch, Hidden Bind Ipknock TCP Stager
Fetch and execute an x86 payload from an HTTP server. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could get your shellcode from any IP. The socke...
HTTP Fetch, Windows shellcode stage, Reverse TCP Stager
Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/custom/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options...
CVE-2023-7342 Belden HiSecOS Web Server Privilege Escalation
HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this fla...
CVE-2023-7342
HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this fla...
CVE-2023-7342 Belden HiSecOS Web Server Privilege Escalation
HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this fla...
CVE-2023-7342
HiSecOS web server has a privilege-escalation flaw that allows authenticated users with operator or auditor roles to elevate to administrator by sending specially crafted packets to the web server, potentially granting full administrative control of the device. The available documents provide det...
CVE-2026-34715
ewe is a Gleam web server. Prior to version 3.0.6, the encodeheaders function in src/ewe/internal/encoder.gleam directly interpolates response header keys and values into raw HTTP bytes without validating or stripping CRLF \r\n sequences. An application that passes user-controlled data into...
CVE-2026-26962
Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename o...
UBUNTU-CVE-2026-26962
Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename o...
CVE-2026-32762
Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21 and 3.2.0 to before 3.2.6, Rack::Utils.forwardedvalues parses the RFC 7239 Forwarded header by splitting on semicolons before handling quoted-string values. Because quoted values may legally contain semicolons...
CVE-2026-34835
Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...
CVE-2026-34715
ewe is a Gleam web server. Prior to version 3.0.6, the encodeheaders function in src/ewe/internal/encoder.gleam directly interpolates response header keys and values into raw HTTP bytes without validating or stripping CRLF \r\n sequences. An application that passes user-controlled data into...
CVE-2026-34715
Vulnerability: ewe (Gleam web server) prior to 3.0.6 allows HTTP header injection via encode_headers in src/ewe/internal/encoder.gleam. The function directly interpolates response header keys and values into raw HTTP bytes without validating or stripping CRLF sequences, so user-controlled data (e...
CVE-2026-34230
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a respon...
CVE-2026-34829
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENTLENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfe...