Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rapid7 metasploit vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv3
CVE-2017-5244
Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an malicious user to stop currently-running M...
Rapid7 Metasploit
2 Github repositories
7.1
CVSSv3
CVE-2017-5229
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the ...
Rapid7 Metasploit
7.1
CVSSv3
CVE-2017-5231
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directo...
Rapid7 Metasploit
4.8
CVSSv3
CVE-2023-0599
Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser a...
Rapid7 Metasploit
7.3
CVSSv3
CVE-2019-5624
Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this vulnerability can allow an malicious user to execute arbitrary code i...
Rapid7 Metasploit
1 Github repository
7.5
CVSSv3
CVE-2019-5645
By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource...
Rapid7 Metasploit
6.5
CVSSv3
CVE-2017-15084
The web UI in Rapid7 Metasploit prior to 4.14.1-20170828 allows logout CSRF, aka R7-2017-22.
Rapid7 Metasploit
1 EDB exploit
NA
CVE-2010-0219
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote malicious users to execute arbitrary code by uploading a crafted web s...
Apache Axis2 1.3
Apache Axis2 1.4
Apache Axis2 1.5.2
Apache Axis2 1.6
Apache Axis2 1.5
Apache Axis2 1.4.1
Apache Axis2 1.5.1
Sap Businessobjects 3.2
3 EDB exploits
1 Github repository
NA
CVE-2024-27199
In JetBrains TeamCity prior to 2023.11.4 path traversal allowing to perform limited admin actions was possible
12 Github repositories
2 Articles
NA
CVE-2002-1359
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote malicious users to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite.
Cisco Ios 12.2s
Cisco Ios 12.2t
Cisco Ios 12.1e
Cisco Ios 12.1ea
Cisco Ios 12.0s
Cisco Ios 12.0st
Cisco Ios 12.1t
Cisco Ios 12.2
Putty Putty 0.53
Winscp Winscp 2.0.0
Netcomposite Shellguard Ssh 3.4.6
Pragma Systems Secureshell 2.0
Fissh Ssh Client 1.0a For Windows
Intersoft Securenetterm 5.4.1
Putty Putty 0.48
Putty Putty 0.49
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »