Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rapid7 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-7377
The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the modu...
Rapid7 Metasploit
7.8
CVSSv3
CVE-2020-7381
In Rapid7 Nexpose installer versions before 6.6.40, the Nexpose installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called d...
Rapid7 Nexpose
6.5
CVSSv3
CVE-2020-7382
Rapid7 Nexpose installer version before 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. This issue affects: Rapid7 Nexpose versions before 6.6.40.
Rapid7 Nexpose
8.1
CVSSv3
CVE-2020-7383
A SQL Injection issue in Rapid7 Nexpose version before 6.6.49 that may have allowed an authenticated user with a low permission level to access resources & make changes they should not have been able to access.
Rapid7 Nexpose
7.8
CVSSv3
CVE-2020-7384
Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.
Rapid7 Metasploit
3 Github repositories
5.3
CVSSv3
CVE-2022-3913
Rapid7 Nexpose and InsightVM versions 6.6.82 up to and including 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept ...
Rapid7 Nexpose
5.4
CVSSv3
CVE-2021-31868
Rapid7 Nexpose version 6.6.95 and previous versions allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regardless of the assignment of the ticket. This issue was resolved in version 6.6.96, released on August 4, 2021.
Rapid7 Nexpose
8.8
CVSSv3
CVE-2022-0757
Rapid7 Nexpose versions 6.6.93 and previous versions are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated malicious user to manipulate the "ANY" and "OR"...
Rapid7 Nexpose
6.1
CVSSv3
CVE-2022-0758
Rapid7 Nexpose versions 6.6.129 and previous versions suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. With this vulnerability an attacker could pass literal values as the test credentials, providing the oppor...
Rapid7 Nexpose
4.9
CVSSv3
CVE-2018-5559
In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over an encrypted channel. This issue do...
Rapid7 Komand
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »