Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metasploit vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-2482
The StateToOptions function in msfweb in Metasploit Framework 2.4 and previous versions, when running with the -D option (defanged mode), allows malicious users to modify temporary environment variables before the "_Defanged" environment option is checked when processin...
Metasploit Metasploit Framework 2.0
Metasploit Metasploit Framework 2.1
Metasploit Metasploit Framework 2.2
Metasploit Metasploit Framework 2.3
Metasploit Metasploit Framework 2.4
5.4
CVSSv3
CVE-2020-7354
Cross-site Scripting (XSS) vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when ...
Rapid7 Metasploit
Rapid7 Metasploit 4.17.1
2 Github repositories
6.1
CVSSv3
CVE-2020-7355
Cross-site Scripting (XSS) vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when th...
Rapid7 Metasploit
Rapid7 Metasploit 4.17.1
2 Github repositories
3.3
CVSSv3
CVE-2019-5642
Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is in...
Rapid7 Metasploit
Rapid7 Metasploit 4.16.0
4.8
CVSSv3
CVE-2023-0599
Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser a...
Rapid7 Metasploit
7.8
CVSSv3
CVE-2020-7350
Rapid7 Metasploit Framework versions prior to 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's hostname or service name. An attacker can create a specially-crafted hostn...
Rapid7 Metasploit
9.8
CVSSv3
CVE-2020-7376
The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a...
Rapid7 Metasploit
7.5
CVSSv3
CVE-2020-7377
The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the modu...
Rapid7 Metasploit
7.8
CVSSv3
CVE-2020-7384
Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.
Rapid7 Metasploit
3 Github repositories
8.8
CVSSv3
CVE-2020-7385
By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework ty...
Rapid7 Metasploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »