Lucene search
K

49 matches found

CNVD
CNVD
added 2020/06/28 12:0 a.m.8 views

Rapid7 Metasploit Pro Cross-Site Scripting Vulnerability

Rapid7 Metasploit Pro is a suite of penetration testing software from the US company Rapid7. A cross-site scripting vulnerability exists in Rapid7 Metasploit Pro. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this...

6.1CVSS6AI score0.00881EPSS
Exploits1References1
NVD
NVD
added 2020/06/25 6:15 p.m.28 views

CVE-2020-7354

Cross-site Scripting XSS vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record...

6.1CVSS0.00881EPSS
Exploits1References2
Prion
Prion
added 2020/06/25 6:15 p.m.18 views

Cross site scripting

Cross-site Scripting XSS vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record...

4.3CVSS5.4AI score0.00881EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2020/06/25 6:15 p.m.18 views

Cross site scripting

Cross-site Scripting XSS vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record o...

4.3CVSS5.2AI score0.00881EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2020/06/25 5:15 p.m.48 views

CVE-2020-7355

CVE-2020-7355 is a stored XSS vulnerability in Rapid7 Metasploit Pro’s discovered scan asset notes field. The issue allows an attacker to inject a script via a specially crafted network service, triggering when a user views the scanned host record in the Metasploit Pro interface. Affected: Metasp...

6.1CVSS5.5AI score0.00881EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2020/04/20 12:0 a.m.4 views

Rapid7 Metasploit Framework libnotify plugin OS command injection vulnerability

Rapid7 Metasploit Framework is a penetration testing framework from Rapid7, Inc. libnotify is one of the libraries used to send desktop notifications to the notification daemon. An operating system command injection vulnerability exists in the libnotify plugin in Rapid7 Metasploit Framework versi...

7.8CVSS7.8AI score0.04879EPSS
Exploits4References1
ATTACKERKB
ATTACKERKB
added 2020/02/13 12:0 a.m.23 views

Rapid7 Metasploit Framework Zip Import Directory Traversal

Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ‘Path Traversal’ in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level...

7.4CVSS7.5AI score0.02758EPSS
Exploits1References4
NVD
NVD
added 2019/11/06 7:15 p.m.13 views

CVE-2019-5642

Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to...

3.3CVSS4AI score0.0031EPSS
Exploits0References1
Prion
Prion
added 2019/11/06 7:15 p.m.21 views

Design/Logic Flaw

Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to...

2.1CVSS4.2AI score0.0031EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/04/30 5:29 p.m.24 views

CVE-2019-5624

Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level...

7.4CVSS7.5AI score0.02758EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/04/30 4:53 p.m.22 views

CVE-2019-5624 Rapid7 Metasploit Framework Zip Import Directory Traversal

Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level...

7.4CVSS7.5AI score0.02758EPSS
Exploits1References3
Circl
Circl
added 2019/03/06 4:0 a.m.6 views

CVE-2018-16660

creationtimestamp| type| source ---|---|--- 2019-03-06 04:00:36+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/impervasecuresphereexec.rb 2025-10-23 21:12:58+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

9CVSS8.8AI score0.18567EPSS
Exploits1References1
Circl
Circl
added 2018/05/29 3:50 p.m.5 views

CVE-2025-34121

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/uptimefileupload1.rb 2025-10-23 21:13:04+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

9.3CVSS9.1AI score0.01682EPSS
Exploits0References1
CNVD
CNVD
added 2017/10/09 12:0 a.m.2 views

Rapid7 Cross-Site Request Forgery Vulnerability

Rapid7 Metasploit Pro is a suite of penetration testing software from the US company Rapid7. A cross-site request forgery vulnerability exists in the Web UI in versions prior to Rapid7 Metasploit 4.14.1-20170828. A remote attacker could exploit this vulnerability to cause a denial of service forc...

6.5CVSS6.3AI score0.0149EPSS
Exploits4References1
OSV
OSV
added 2017/10/06 9:29 p.m.3 views

CVE-2017-15084

The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22...

6.5CVSS5.8AI score0.0149EPSS
Exploits4References1
Prion
Prion
added 2017/10/06 9:29 p.m.17 views

Cross site request forgery (csrf)

The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22...

4.3CVSS6.4AI score0.0149EPSS
Exploits4References1Affected Software1
NVD
NVD
added 2017/10/06 9:29 p.m.29 views

CVE-2017-15084

The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22...

6.5CVSS6.5AI score0.0149EPSS
Exploits4References1
Cvelist
Cvelist
added 2017/10/06 9:0 p.m.29 views

CVE-2017-15084

The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22...

6.4AI score0.0149EPSS
Exploits4References1
GithubExploit
GithubExploit
added 2017/03/10 9:33 p.m.6 views

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

apache-struts2-CVE-2017-5638 Demo Application and...

10CVSS9.7AI score0.99999EPSS
Exploits44
Prion
Prion
added 2017/03/02 8:59 p.m.17 views

Directory traversal

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the...

5.1CVSS6.9AI score0.01217EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder