21 matches found
EUVD-2017-14345
Malware in sbrugna...
EUVD-2017-14338
Malware in sbrugna...
EUVD-2017-14341
Malware in sbrugna...
EUVD-2025-15823
Malicious code in bioql PyPI...
CVE-2025-11195
Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, whereby an attacker can change the project name directly in the configuration file to a name that already exists. This issue stems from a lack of effective verification of the uniqueness of project...
CVE-2025-36857
CVE-2025-36857 — Rapid7 Appspider Pro versions prior to 7.5.021 suffer a broken access control in the configuration file loading mechanism. The issue allows a standard user to place custom configuration files in other users’ or projects’ directories, and since files are loaded in alphabetical ord...
PT-2025-39395
Name of the Vulnerable Software and Affected Versions Rapid7 Appspider Pro versions prior to 7.5.021 Description The application has a broken access control issue in how it loads configuration files. Standard users can add custom configuration files, which are loaded alphabetically and can overri...
CVE-2025-4951
Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the "ScanName" field. Despite the application preventing the inclusion of special characters within the "ScanName" field, this could be bypassed by modifying the configuration...
CVE-2025-4951
Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the "ScanName" field. Despite the application preventing the inclusion of special characters within the "ScanName" field, this could be bypassed by modifying the configuration...
CVE-2025-4951
CVE-2025-4951 affects Rapid7 AppSpider Pro prior to version 7.5.018. A stored cross-site scripting vulnerability exists in the ScanName field; the app prevents special characters but this can be bypassed by directly modifying the configuration file. Impact described: stored XSS risk in ScanName w...
CVE-2025-4951
Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the "ScanName" field. Despite the application preventing the inclusion of special characters within the "ScanName" field, this could be bypassed by modifying the configuration...
CVE-2025-4951
Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the "ScanName" field. Despite the application preventing the inclusion of special characters within the "ScanName" field, this could be bypassed by modifying the configuration...
Rapid7 AppSpider Pro 安全漏洞
Rapid7 AppSpider Pro is a dynamic application security testing solution from Rapid7, Inc. that allows you to scan Web and mobile applications for vulnerabilities. A security vulnerability exists in Rapid7 AppSpider Pro versions prior to 7.5.018, which stems from a ScanName field stored cross-site...
Rapid7 AppSpider Pro 'FLAnalyzer.exe' Buffer Overflow Vulnerability
AppSpider is a DAST solution designed to help application security personnel test applications as part of DevOps and as part of a scheduled scanning program. A buffer overflow vulnerability in the FLAnalyzer.exe component of Rapid7 AppSpider Pro can be exploited by an attacker to cause a denial o...
Rapid7 AppSpider Pro DLL Preloading Vulnerability (CNVD-2017-10390)
AppSpider is a DAST solution designed to help application security personnel test applications as part of DevOps and as part of a scheduled scanning program. A DLL preloading vulnerability exists in the Rapid7 AppSpider Pro installer, which can be exploited by an attacker to load a malicious DLL...
CVE-2017-5240
Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of service condition when parsed by this component, causing the application to crash...
CVE-2017-5236
Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer...
CVE-2017-5240
Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of service condition when parsed by this component, causing the application to crash...
CVE-2017-5236
Rapid7 AppSpider Pro installers prior to version 6.14.060 are affected by a DLL preloading vulnerability. The installer can load a malicious DLL from its current working directory, enabling tampering during installation. CNVD-2017-10390 confirms this flaw; CVE-2017-5236 notes the affected pre-6.1...
Code injection
Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer...