Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rapid7 metasploit vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2020-7384
Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.
Rapid7 Metasploit
3 Github repositories
10
CVSSv2
CVE-2020-7376
The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a...
Rapid7 Metasploit
6.8
CVSSv2
CVE-2020-7385
By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework ty...
Rapid7 Metasploit
5.1
CVSSv2
CVE-2017-5228
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasplo...
Rapid7 Metasploit
5.1
CVSSv2
CVE-2017-5231
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directo...
Rapid7 Metasploit
6.8
CVSSv2
CVE-2017-5235
Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
Rapid7 Metasploit
6.8
CVSSv2
CVE-2020-7350
Rapid7 Metasploit Framework versions prior to 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's hostname or service name. An attacker can create a specially-crafted hostn...
Rapid7 Metasploit
10
CVSSv2
CVE-2010-0219
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote malicious users to execute arbitrary code by uploading a crafted web s...
Apache Axis2 1.3
Apache Axis2 1.4
Apache Axis2 1.4.1
Apache Axis2 1.5
Apache Axis2 1.5.1
Apache Axis2 1.5.2
Apache Axis2 1.6
Sap Businessobjects 3.2
3 EDB exploits
1 Github repository
NA
CVE-2024-27199
In JetBrains TeamCity prior to 2023.11.4 path traversal allowing to perform limited admin actions was possible
12 Github repositories
2 Articles
10
CVSSv2
CVE-2002-1359
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote malicious users to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite.
Cisco Ios 12.0s
Cisco Ios 12.0st
Cisco Ios 12.1e
Cisco Ios 12.1ea
Cisco Ios 12.1t
Cisco Ios 12.2
Cisco Ios 12.2s
Cisco Ios 12.2t
Fissh Ssh Client 1.0a For Windows
Intersoft Securenetterm 5.4.1
Netcomposite Shellguard Ssh 3.4.6
Pragma Systems Secureshell 2.0
Putty Putty 0.48
Putty Putty 0.49
Putty Putty 0.53
Winscp Winscp 2.0.0
2 EDB exploits
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »