Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rapid7 vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2017-5233
Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
Rapid7 Appspider Pro
7.8
CVSSv3
CVE-2017-5234
Rapid7 Insight Collector installers prior to version 1.0.16 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
Rapid7 Insight Collector
5.4
CVSSv3
CVE-2016-9757
In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag name field. Once this tag is viewed in the Tag Detail page of the Rapid7 Nexpose 6.4...
Rapid7 Nexpose 6.4.12
9.8
CVSSv3
CVE-2016-5686
Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote malicious users to bypass authentication via a custom communication protocol.
Animas Onetouch Ping Firmware -
7.5
CVSSv3
CVE-2016-5084
Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote malicious users to obtain sensitive information by sniffing the network.
Animas Onetouch Ping Firmware -
7.5
CVSSv3
CVE-2016-5085
Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote malicious users to spoof meters by sniffing the network and then engaging in an authentication handshake.
Animas Onetouch Ping Firmware -
9.8
CVSSv3
CVE-2016-5086
Johnson & Johnson Animas OneTouch Ping devices allow remote malicious users to bypass authentication via replay attacks.
Animas Onetouch Ping Firmware -
7.5
CVSSv3
CVE-2015-8269
The API on Fisher-Price Smart Toy Bear devices allows remote malicious users to obtain sensitive information or modify data by leveraging presence in an 802.11 network's coverage area and entering an account number.
Fisher-price Smart Toy Bear
7 Github repositories
6.5
CVSSv3
CVE-2015-6004
Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold prior to 16.4 allow remote malicious users to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter.
Ipswitch Whatsup Gold
6.9
CVSSv3
CVE-2015-6005
Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold prior to 16.4 allow remote malicious users to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow M...
Ipswitch Whatsup Gold
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »