Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metasploit vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2017-5244
Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an malicious user to stop currently-running M...
Rapid7 Metasploit
2 Github repositories
6.8
CVSSv2
CVE-2020-7385
By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework ty...
Rapid7 Metasploit
5.1
CVSSv2
CVE-2017-5228
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasplo...
Rapid7 Metasploit
5.1
CVSSv2
CVE-2017-5229
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the ...
Rapid7 Metasploit
5.1
CVSSv2
CVE-2017-5231
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directo...
Rapid7 Metasploit
6.8
CVSSv2
CVE-2017-5235
Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
Rapid7 Metasploit
5
CVSSv2
CVE-2020-7377
The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the modu...
Rapid7 Metasploit
9.3
CVSSv2
CVE-2020-7384
Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.
Rapid7 Metasploit
3 Github repositories
6.2
CVSSv2
CVE-2011-1056
The installer for Metasploit Framework 3.5.1, when running on Windows, uses weak inherited permissions for the Metasploit installation directory, which allows local users to gain privileges by replacing critical files with a Trojan horse.
Metasploit Metasploit Framework 3.5.1
9.3
CVSSv2
CVE-2007-5243
Multiple stack-based buffer overflows in Borland InterBase LI 8.0.0.53 up to and including 8.1.0.253, and WI 5.1.1.680 up to and including 8.1.0.257, allow remote malicious users to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the (a) SVC_attac...
Borland Software Interbase Wi-o6.0.2.0
Borland Software Interbase Wi-v5.1.1.680
Borland Software Interbase Wi-v7.5.1.80
Borland Software Interbase Wi-v8.0.0.123
Borland Software Interbase Li 8.0.0.253
Borland Software Interbase Li 8.0.0.53
Borland Software Interbase Wi-v6.0.1.0
Borland Software Interbase Wi-v6.0.1.6
Borland Software Interbase Li 8.0.0.54
Borland Software Interbase Wi-o6.0.1.6
Borland Software Interbase Wi-v6.5.0.28
Borland Software Interbase Wi-v7.0.1.1
Borland Software Interbase Wi-v7.5.0.129
Borland Software Interbase Wi-v5.5.0.742
Borland Software Interbase Wi-v6.0.0.627
Borland Software Interbase Wi 5.1.1.680
Borland Software Interbase Wi 8.1.0.257
12 EDB exploits
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002
CVE-2006-4304
CVE-2024-4336
CVE-2024-33437
CVE-2024-4340
CVE-2024-27956
privilege
insecure direct object reference
XSS
item search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »