Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metasploit vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2020-7350
Rapid7 Metasploit Framework versions prior to 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's hostname or service name. An attacker can create a specially-crafted hostn...
Rapid7 Metasploit
10
CVSSv2
CVE-2020-7376
The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a...
Rapid7 Metasploit
5
CVSSv2
CVE-2020-7377
The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the modu...
Rapid7 Metasploit
6.5
CVSSv2
CVE-2019-5624
Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this vulnerability can allow an malicious user to execute arbitrary code i...
Rapid7 Metasploit
1 Github repository
5
CVSSv2
CVE-2019-5645
By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource...
Rapid7 Metasploit
NA
CVE-2023-0599
Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser a...
Rapid7 Metasploit
9.3
CVSSv2
CVE-2020-7384
Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.
Rapid7 Metasploit
3 Github repositories
6.8
CVSSv2
CVE-2020-7385
By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework ty...
Rapid7 Metasploit
6.2
CVSSv2
CVE-2011-1056
The installer for Metasploit Framework 3.5.1, when running on Windows, uses weak inherited permissions for the Metasploit installation directory, which allows local users to gain privileges by replacing critical files with a Trojan horse.
Metasploit Metasploit Framework 3.5.1
9.3
CVSSv2
CVE-2007-5243
Multiple stack-based buffer overflows in Borland InterBase LI 8.0.0.53 up to and including 8.1.0.253, and WI 5.1.1.680 up to and including 8.1.0.257, allow remote malicious users to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the (a) SVC_attac...
Borland Software Interbase Wi-o6.0.2.0
Borland Software Interbase Wi-v5.1.1.680
Borland Software Interbase Wi-v7.5.1.80
Borland Software Interbase Wi-v8.0.0.123
Borland Software Interbase Li 8.0.0.253
Borland Software Interbase Li 8.0.0.53
Borland Software Interbase Wi-v6.0.1.0
Borland Software Interbase Wi-v6.0.1.6
Borland Software Interbase Li 8.0.0.54
Borland Software Interbase Wi-o6.0.1.6
Borland Software Interbase Wi-v6.5.0.28
Borland Software Interbase Wi-v7.0.1.1
Borland Software Interbase Wi-v7.5.0.129
Borland Software Interbase Wi-v5.5.0.742
Borland Software Interbase Wi-v6.0.0.627
Borland Software Interbase Wi 5.1.1.680
Borland Software Interbase Wi 8.1.0.257
12 EDB exploits
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »