Lucene search
K

9 matches found

Rapid7 Blog
Rapid7 Blog
added 2024/11/15 8:37 p.m.34 views

Metasploit Weekly Wrap-Up: 11/15/2024

Palo Alto Expedition RCE module This week's release includes an exploit module for the Palo Alto Expedition exploit chain that's been making headlines recently. The first vulnerability, CVE-2024-5910, allows attackers to reset the password of the admin user. The second vulnerability, CVE-2024-946...

9.3CVSS8.6AI score0.91783EPSS
Exploits14
Rapid7 Blog
Rapid7 Blog
added 2024/10/25 7:34 p.m.46 views

Metasploit Weekly Wrap-Up 10/25/2024

Hackers and Vampires Agree: Every Byte Counts Headlining the release today is a new exploit module by jheysel-r7 that chains two vulnerabilities to target Magento/Adobe Commerce systems: the first, CVE-2024-34102 is an arbitrary file read used to determine the version and layout of the glibc...

9.8CVSS9.6AI score0.99994EPSS
Exploits38
Rapid7 Blog
Rapid7 Blog
added 2024/10/04 7:53 p.m.37 views

Metasploit Weekly Wrap-Up 10/04/2024

New module content 3 cups-browsed Information Disclosure Authors: bcoles and evilsocket Type: Auxiliary Pull request: 19510 contributed by bcoles Path: scanner/misc/cupsbrowsedinfodisclosure Description: Adds scanner module to retrieve CUPS version and kernel version information from cups-browsed...

9.8CVSS10AI score0.75384EPSS
Exploits10
Rapid7 Blog
Rapid7 Blog
added 2024/09/13 6:29 p.m.34 views

Metasploit Weekly Wrap-Up 09/13/2024

SPIP Modules This week brings more modules targeting the SPIP publishing platform. SPIP has gained some attention from Metasploit community contributors recently and has inspired some PHP payload and encoder improvements. New module content 2 SPIP BigUp Plugin Unauthenticated RCE Authors: Julien...

9.8CVSS10AI score0.94618EPSS
Exploits7
Rapid7 Blog
Rapid7 Blog
added 2023/02/17 9:17 p.m.108 views

Metasploit Wrap-Up

Cisco RV Series Auth Bypass and Command Injection Thanks to community contributor neterum, Metasploit framework just gained an awesome new module which targets Cisco Small Business RV Series Routers. The module actually exploits two vulnerabilities, an authentication bypass CVE-2022-20705 and a...

7.5CVSS0.8AI score0.86194EPSS
Exploits8
Rapid7 Blog
Rapid7 Blog
added 2023/01/13 5:50 p.m.21 views

Metasploit Weekly Wrap-Up

New module content 2 Gather Dbeaver Passwords Author: Kali-Team Type: Post Pull request: 17337 contributed by cn-kali-team Description: This adds a post exploit module that retrieves Dbeaver session data from local configuration files. It is able to extract and decrypt credentials stored in these...

0.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/04/29 8:9 p.m.61 views

Metasploit Wrap-Up

Redis Sandbox Escape Our very own Jake Baines wrote a module that performs a sandbox escape on Redis versions between 5.0.0 and 6.1.0 and achieves remote code execution as the redis user. Redis installations can be password protected, so this module supports exploiting the vulnerability with and...

10CVSS1.5AI score0.9967EPSS
Exploits9
Rapid7 Blog
Rapid7 Blog
added 2021/08/06 8:26 p.m.65 views

Metasploit Wrap-Up

Desert heat not the 1999 film This week was more quiet than normal with Black Hat USA and DEF CON, but that didn’t stop the team from delivering some small enhancements and bug fixes! We are also excited to see two new modules 15519 and 15520 from researcher Jacob Baines’ DEF CON talk ​​Bring You...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/07/02 6:44 p.m.194 views

Metasploit Wrap-Up

Containers that fail to Contain Our own Christophe De La Fuente added a module for CVE-2019-5736 based on the work of Adam Iwaniuk that breaks out of a Docker container by overwriting the runc binary of an image which is run in the user context whenever someone outside the container runs docker...

9.3CVSS0.6AI score0.9857EPSS
Exploits52
Rows per page
Query Builder