Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rapid7 vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2017-5235
Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
Rapid7 Metasploit
3.5
CVSSv2
CVE-2016-9757
In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag name field. Once this tag is viewed in the Tag Detail page of the Rapid7 Nexpose 6.4...
Rapid7 Nexpose 6.4.12
9.3
CVSSv2
CVE-2016-5686
Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote malicious users to bypass authentication via a custom communication protocol.
Animas Onetouch Ping Firmware -
5
CVSSv2
CVE-2016-5084
Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote malicious users to obtain sensitive information by sniffing the network.
Animas Onetouch Ping Firmware -
7.8
CVSSv2
CVE-2016-5085
Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote malicious users to spoof meters by sniffing the network and then engaging in an authentication handshake.
Animas Onetouch Ping Firmware -
9.3
CVSSv2
CVE-2016-5086
Johnson & Johnson Animas OneTouch Ping devices allow remote malicious users to bypass authentication via replay attacks.
Animas Onetouch Ping Firmware -
6.5
CVSSv2
CVE-2015-8269
The API on Fisher-Price Smart Toy Bear devices allows remote malicious users to obtain sensitive information or modify data by leveraging presence in an 802.11 network's coverage area and entering an account number.
Fisher-price Smart Toy Bear
7 Github repositories
6.5
CVSSv2
CVE-2015-6004
Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold prior to 16.4 allow remote malicious users to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter.
Ipswitch Whatsup Gold
3.5
CVSSv2
CVE-2015-6005
Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold prior to 16.4 allow remote malicious users to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow M...
Ipswitch Whatsup Gold
10
CVSSv2
CVE-2014-9222
AllegroSoft RomPager 4.34 and previous versions, as used in Huawei Home Gateway products and other vendors and products, allows remote malicious users to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability.
Allegrosoft Rompager
4 Metasploit modules
1 Nmap script
3 Github repositories
2 Articles
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »