metasploit vulnerabilities and exploits

(subscribe to this query)

Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser a...

Rapid7 Metasploit

Rapid7 Metasploit Framework versions prior to 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's hostname or service name. An attacker can create a specially-crafted hostn...

Rapid7 Metasploit

The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a...

Rapid7 Metasploit

The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the modu...

Rapid7 Metasploit

By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework ty...

Rapid7 Metasploit

Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an malicious user to stop currently-running M...

Rapid7 Metasploit

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasplo...

Rapid7 Metasploit

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the ...

Rapid7 Metasploit

Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.

Rapid7 Metasploit

Multiple stack-based buffer overflows in Borland InterBase LI 8.0.0.53 up to and including 8.1.0.253, and WI 5.1.1.680 up to and including 8.1.0.257, allow remote malicious users to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the (a) SVC_attac...

Borland Software Interbase Li 8.0.0.53 Borland Software Interbase Li 8.0.0.54 Borland Software Interbase Li 8.0.0.253 Borland Software Interbase Wi-o6.0.1.6 Borland Software Interbase Wi-o6.0.2.0 Borland Software Interbase Wi-v5.1.1.680 Borland Software Interbase Wi-v5.5.0.742 Borland Software Interbase Wi-v6.0.0.627 Borland Software Interbase Wi-v6.0.1.0 Borland Software Interbase Wi-v6.0.1.6 Borland Software Interbase Wi-v6.5.0.28 Borland Software Interbase Wi-v7.0.1.1

12 EDB exploits

« PREV 1 2 3 4 5 6 7 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook