60 matches found
Command injection
Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's hostname or service name. An attacker can create a specially-crafted hostname or service name to b...
CVE-2019-5642
Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to...
CVE-2019-5642
Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to...
Design/Logic Flaw
Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to...
CVE-2019-5642 MAGICK
Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to...
CVE-2019-5642
CVE-2019-5642 affects Rapid7 Metasploit Pro (versions 4.16.0-2019081901 and earlier). The issue is CWE-732: during installation, the web server SSL server.key is written to the filesystem with world-readable permissions, enabling other local users to intercept private communications to the Metasp...
Metasploit Pro 4.16 and earlier install the web server SSL server.key as local-user readable by default
Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to...
Rapid7 Cross-Site Request Forgery Vulnerability
Rapid7 Metasploit Pro is a suite of penetration testing software from the US company Rapid7. A cross-site request forgery vulnerability exists in the Web UI in versions prior to Rapid7 Metasploit 4.14.1-20170828. A remote attacker could exploit this vulnerability to cause a denial of service forc...
Rapid7 Metasploit Editions Cross-Site Scripting Vulnerability
Rapid7 Metasploit is an open source security vulnerability detection tool from Rapid7, Inc. Metasploit Express, Community and Pro are different versions. A cross-site request forgery vulnerability exists in Rapid7 Metasploit Express, Community, and Pro, which stems from the program failing to...
CVE-2017-5235
Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer...
CVE-2017-5235
Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer...
Design/Logic Flaw
Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer...
CVE-2017-5235
Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer...
CVE-2017-5235
Rapid7 Metasploit Pro installers prior to 4.13.0-2017022101 are affected by a DLL preloading vulnerability: the installer can load a malicious DLL from the current working directory. The issue is tied to how the installer searches for system DLLs, allowing an attacker with a malicious DLL in the ...
Rapid7 Metasploit Pro DLL Loading Remote Code Execution Vulnerability
Metasploit Pro is a powerful guided penetration testing platform. A DLL loading remote code execution vulnerability exists in Rapid7 Metasploit Pro prior version 4.13.0-2017022101, which can be exploited by a remote attacker to execute arbitrary code in the context of an affected application...
Metasploit Web UI - Diagnostic Console Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Metasploit Web UI Diagnostic Console Command Execution', 'Description' = %q This module exploits the "diagnostic console" featu...
Metasploit Web UI Diagnostic Console Command Execution
This module exploits the "diagnostic console" feature in the Metasploit Web UI to obtain a reverse shell. The diagnostic console is able to be enabled or disabled by an administrator on Metasploit Pro and by an authenticated user on Metasploit Express and Metasploit Community. When enabled, the...
Kvasir - Penetration Testing Data Management Tool
Penetration Testing Data Management can be a nightmware, because well you generate a LOT of data and some information when conducing a penetration test, especially using tools – they return lots of actual and potential vulnerabilitites to review. Port scanners can return thousands of ports for ju...
Hacker's Dome - Gamification the Information Security
When it comes to Information Security, there's a great way to learn, train and keep sharp your skills. This can be done using gamification mechanics to speed up the learning curve and improve retention rate. Capture The Flag competitions use gamification mechanics and represent one of the best wa...
Metasploit Pro 4.0 released - Enterprise Integration, Cloud Deployment & Automation
Metasploit Pro 4.0 released - Enterprise Integration, Cloud Deployment & Automation Rapid7 launched Metasploit Pro 4.0, a penetration testing solution that provides security professionals with a better view of their threat landscape by integrating with more than a dozen vulnerability management...