Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Rapid7 Blog
Rapid7 Blogadded 2024/11/15 8:37 p.m.30 views

Metasploit Weekly Wrap-Up: 11/15/2024

Palo Alto Expedition RCE module This week's release includes an exploit module for the Palo Alto Expedition exploit chain that's been making headlines recently. The first vulnerability, CVE-2024-5910, allows attackers to reset the password of the admin user. The second vulnerability, CVE-2024-946...

9.3CVSS8.6AI score0.91029EPSS
Exploits14
Rapid7 Blog
Rapid7 Blogadded 2024/10/04 7:53 p.m.34 views

Metasploit Weekly Wrap-Up 10/04/2024

New module content 3 cups-browsed Information Disclosure Authors: bcoles and evilsocket Type: Auxiliary Pull request: 19510 contributed by bcoles Path: scanner/misc/cupsbrowsedinfodisclosure Description: Adds scanner module to retrieve CUPS version and kernel version information from cups-browsed...

9.8CVSS10AI score0.9348EPSS
Exploits10
Rapid7 Blog
Rapid7 Blogadded 2024/03/22 4:36 p.m.26 views

Metasploit Weekly Wrap-Up 03/22/2024

New module content 1 OpenNMS Horizon Authenticated RCE Author: Erik Wynter Type: Exploit Pull request: 18618 contributed by ErikWynter Path: linux/http/opennmshorizonauthenticatedrce AttackerKB reference: CVE-2023-0872 Description: This module exploits built-in functionality in OpenNMS Horizon in...

5.2CVSS8.3AI score0.03475EPSS
Exploits3
Rapid7 Blog
Rapid7 Blogadded 2023/11/03 7:10 p.m.61 views

Metasploit Weekly Wrap-Up

PTT for DCSync This week, community member smashery made an improvement to the windowssecretsdump module to enable it to dump domain hashes using the DCSync method after having authenticated with a Kerberos ticket. Now, if a user has a valid Kerberos ticket for a privileged account, they can run...

5CVSS8AI score0.94348EPSS
Exploits15
Rapid7 Blog
Rapid7 Blogadded 2023/04/07 4:10 p.m.14 views

Metasploit Weekly Wrap-Up

The tide rolls in and out. The flood of new modules last week crested leaving ample time for documentation updates this week. The team and the community seem to have focused on getting those sweet sprinkles of information that help everyone understand Metasploit out to the world. Enhancements and...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blogadded 2023/02/17 9:17 p.m.103 views

Metasploit Wrap-Up

Cisco RV Series Auth Bypass and Command Injection Thanks to community contributor neterum, Metasploit framework just gained an awesome new module which targets Cisco Small Business RV Series Routers. The module actually exploits two vulnerabilities, an authentication bypass CVE-2022-20705 and a...

7.5CVSS0.8AI score0.91193EPSS
Exploits8
Rapid7 Blog
Rapid7 Blogadded 2023/01/13 5:50 p.m.18 views

Metasploit Weekly Wrap-Up

New module content 2 Gather Dbeaver Passwords Author: Kali-Team Type: Post Pull request: 17337 contributed by cn-kali-team Description: This adds a post exploit module that retrieves Dbeaver session data from local configuration files. It is able to extract and decrypt credentials stored in these...

0.3AI score
Exploits0
Rows per page
Query Builder