Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rapid7 vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2017-5233
Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
Rapid7 Appspider Pro
6.8
CVSSv2
CVE-2017-5235
Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
Rapid7 Metasploit
3.5
CVSSv2
CVE-2016-9757
In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag name field. Once this tag is viewed in the Tag Detail page of the Rapid7 Nexpose 6.4...
Rapid7 Nexpose 6.4.12
9.3
CVSSv2
CVE-2016-5686
Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote malicious users to bypass authentication via a custom communication protocol.
Animas Onetouch Ping Firmware -
5
CVSSv2
CVE-2016-5084
Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote malicious users to obtain sensitive information by sniffing the network.
Animas Onetouch Ping Firmware -
7.8
CVSSv2
CVE-2016-5085
Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote malicious users to spoof meters by sniffing the network and then engaging in an authentication handshake.
Animas Onetouch Ping Firmware -
9.3
CVSSv2
CVE-2016-5086
Johnson & Johnson Animas OneTouch Ping devices allow remote malicious users to bypass authentication via replay attacks.
Animas Onetouch Ping Firmware -
6.5
CVSSv2
CVE-2015-8269
The API on Fisher-Price Smart Toy Bear devices allows remote malicious users to obtain sensitive information or modify data by leveraging presence in an 802.11 network's coverage area and entering an account number.
Fisher-price Smart Toy Bear
7 Github repositories
6.5
CVSSv2
CVE-2015-6004
Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold prior to 16.4 allow remote malicious users to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter.
Ipswitch Whatsup Gold
3.5
CVSSv2
CVE-2015-6005
Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold prior to 16.4 allow remote malicious users to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow M...
Ipswitch Whatsup Gold
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »