49 matches found
CVE-2026-7373
Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control of a Windows host. When started the metasploitPostgreSQL service would start the postgres.exe child process which would in turn load an OpenSSL configuration file from a stat...
EUVD-2026-30498
Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the metasploitPostgreSQL service the subsequent postgres.exe service attempts to load an OpenSSL configuration file from a non-existent directo...
EUVD-2017-14333
Malware in sbrugna...
EUVD-2020-28481
Malware in sbrugna...
EUVD-2020-28482
Malware in sbrugna...
EUVD-2017-6553
Malware in sbrugna...
EUVD-2017-14336
Malware in sbrugna...
EUVD-2017-14340
Malware in sbrugna...
EUVD-2019-15199
Malware in sbrugna...
EUVD-2017-14334
Malware in sbrugna...
EUVD-2023-12637
Malicious code in bioql PyPI...
CVE-2017-15084
The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22...
CVE-2023-0599
Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another...
CVE-2023-0599 Rapid7 Metasploit Pro Stored XSS
Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another...
Rapid7 Metasploit Pro 跨站脚本漏洞
Rapid7 Metasploit Pro is a suite of penetration testing software from the US-based Rapid7. A security vulnerability exists in Rapid7 Metasploit Pro 4.21.2 and prior versions, which stems from insufficient JavaScript request string cleanup, and can be exploited by an attacker to execute HTML and...
Rapid7 Metasploit 安全漏洞
Rapid7 Metasploit is a suite of penetration testing software from the US-based company Rapid7. Rapid7 Metasploit suffers from a security vulnerability that stems from its use of the Remote Mouse Server protocol to deploy a payload and run it from a server, a module that only deploys a payload if...
Sharing the Gifts of Cybersecurity – Or, a Lesson From My First Year Without Santa
Editor’s note: We had planned to publish our Hacky Holidays blog series throughout December 2021 – but then Log4Shell happened, and we dropped everything to focus on this major vulnerability that impacted the entire cybersecurity community worldwide. Now that it’s 2022, we’re feeling in need of...
Exploit for Command Injection in Rapid7 Metasploit
CVE-2020-7384 This is a small exploit in bash which I had mad...
CVE-2019-5645
By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on th...
Rapid7 Metasploit Pro Cross-Site Scripting Vulnerability (CNVD-2021-39049)
Rapid7 Metasploit Pro is a suite of penetration testing software from the US company Rapid7. A cross-site scripting vulnerability exists in Rapid7 Metasploit Pro. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this...