Lucene search
+L
Rapid7blogMost viewed

1731 matches found

Rapid7 Blog
Rapid7 Blog
added 2023/03/03 8:51 p.m.103 views

Metasploit Weekly Wrap-Up

2022 Vulnerability Intelligence Report Released Rapid7’s broader vulnerability research team released our 2022 Vulnerability Intelligence Report this week. The report includes Metasploit and research team data on exploitation, exploitability, and vulnerability profiles that are intended to help...

0.3AI score0.98342EPSS
Exploits7
Rapid7 Blog
Rapid7 Blog
added 2020/11/13 6:13 p.m.103 views

What’s New in InsightVM: Q3 2020 in Review

Here at Rapid7, we’re pretty proud of the work that goes into keeping InsightVM a leader in the vulnerability risk management space. We’re constantly investing in and improving InsightVM capabilities so our customers have no trouble seeing and proving value. That said, here’s our roundup of the n...

0.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/08/13 11:36 p.m.102 views

Patch Tuesday - August 2024

Microsoft is addressing 88 vulnerabilities this August 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for ten of the vulnerabilities published today, which is significantly more than usual. At time of writing, all six of the known-exploited...

9.8CVSS9.9AI score0.70564EPSS
Exploits32
Rapid7 Blog
Rapid7 Blog
added 2023/06/13 8:49 p.m.101 views

Patch Tuesday - June 2023

It’s June, and it’s Patch Tuesday. The volume of fixes this month is typical compared with recent history: 94 in total including Edge-on-Chromium. For the first time in a while, Microsoft isn’t offering patches for any zero-day vulnerabilities, but we do get fixes for four critical Remote Code...

7.5CVSS9.2AI score0.99649EPSS
Exploits28
Rapid7 Blog
Rapid7 Blog
added 2021/06/08 10:0 a.m.101 views

Patch Tuesday - June 2021

It is another low volume Patch Tuesday this month as Microsoft releases fixes for 50 vulnerabilities. This should not diminish the importance of speedily applying the updates. 6 of the vulnerabilities being patched this month are 0-days under active exploitation CVE-2021-31955, CVE-2021-31956,...

9.3CVSS1.3AI score0.86132EPSS
Exploits77
Rapid7 Blog
Rapid7 Blog
added 2020/11/10 2:22 p.m.100 views

SaltStack Pre-Authenticated Remote Root (CVE-2020-16846 and CVE-2020-25592): What You Need to Know

What’s up? We start the November critical vulnerability season with a pair of CVEs—CVE-2020-16846 and CVE-2020-25592—that, when combined, can result in unauthenticated remote root access on a target system. SaltStack developers disclosed these weaknesses on Nov. 3, 2020 and have released patches...

7.5CVSS1AI score0.99585EPSS
Exploits29
Rapid7 Blog
Rapid7 Blog
added 2023/10/17 7:50 p.m.99 views

CVE-2023-20198: Active Exploitation of Cisco IOS XE Zero-Day Vulnerability

On Monday, October 16, Cisco’s Talos group published a blog on an active threat campaign exploiting CVE-2023-20198, a “previously unknown” zero-day vulnerability in the web UI component of Cisco IOS XE software. IOS XE is an operating system that runs on a wide range of Cisco networking devices,...

9CVSS8AI score0.99571EPSS
Exploits29
Rapid7 Blog
Rapid7 Blog
added 2022/08/19 8:28 p.m.99 views

Metasploit Wrap-Up

Advantech iView NetworkServlet Command Injection This week Shelby Pace has developed a new exploit module for CVE-2022-2143. This module uses an unauthenticated command injection vulnerability to gain remote code execution against vulnerable versions of Advantech iView software below 5.7.04.6469...

1.5AI score0.59184EPSS
Exploits4
Rapid7 Blog
Rapid7 Blog
added 2021/03/29 1:17 p.m.99 views

SolarWinds Patches Four New Vulnerabilities in Their Orion Platform

On Thursday, March 25, 2021, SolarWinds released fixes for four new vulnerabilities in their Orion platform, the most severe of which is an authenticated remote code execution flaw due to a JSON deserialization weakness. Fixes for these weaknesses are in Orion Platform 2020.2.5. ‌‌Given the...

4.9CVSS6.7AI score0.0076EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2020/11/27 4:22 p.m.99 views

Metasploit Wrap-Up

Exploiting weak configurations Community contributor Graeme Robinson added two modules targeting insecurely configured API's, both of which lead to remote code execution. The first module exploits a lack of access control in Apache NiFi, which allows for the creation of an ExecuteProcess processo...

9CVSS1.2AI score0.67168EPSS
Exploits9
Rapid7 Blog
Rapid7 Blog
added 2022/03/15 3:56 p.m.97 views

InsightVM Scanning: Demystifying SSH Credential Elevation

Written in collaboration with Jimmy Cancilla The credentials to log into the assets on the network are one of the most critical inputs that can be provided to a vulnerability assessment. In order to capture and report on the full risk of an asset, the scan engine must be able to access the asset ...

1.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/03/19 5:42 p.m.97 views

Metasploit Wrap-Up

Windows Server 2012 Fun Community contributor Erik Wynter added a local exploit module for a DLL hijacking vulnerability he discovered in Windows Server 2012. The TiWorker.exe process that runs as NT AUTHORITY\SYSTEM attempts to load SrClient.dll, which does not exist on the system. Because of...

10CVSS9.4AI score0.91303EPSS
Exploits10
Rapid7 Blog
Rapid7 Blog
added 2023/02/10 7:39 p.m.96 views

Metasploit Weekly Wrap-Up

Taking a stroll down memory lane Tomcat Init Script Privilege Escalation Do you remember the issue with Tomcat init script that was originally discovered by Dawid Golunski back in 2016 that led to privilege escalation? This week's Metasploit release includes an exploit module for CVE-2016-1240 by...

9CVSS0.3AI score0.99999EPSS
Exploits48
Rapid7 Blog
Rapid7 Blog
added 2021/02/04 9:4 p.m.96 views

Cisco Patches Recently Disclosed "sudo" Vulnerability (CVE-2021-3156) in Multiple Products

While Punxsutawney Phil may have said we only have six more weeks of winter, the need to patch software and hardware weaknesses will, unfortunately, never end. Cisco has released security updates to address vulnerabilities in most of their product portfolio, some of which may be exploited to gain...

7.2CVSS1.4AI score0.99295EPSS
Exploits81
Rapid7 Blog
Rapid7 Blog
added 2022/09/23 6:50 p.m.95 views

Metasploit Weekly Wrap-Up

Have you built out that awesome media room? If your guilty pleasures include using a mobile device to make your home entertainment system WOW your guests, you might be using Unified Remote. I hope you are extra cautious about what devices you let on that WiFi network. A prolific community member...

9CVSS8.1AI score0.99077EPSS
Exploits30
Rapid7 Blog
Rapid7 Blog
added 2022/04/14 3:48 p.m.95 views

CVE-2022-28810: ManageEngine ADSelfService Plus Authenticated Command Execution (Fixed)

On April 9, 2022, ManageEngine fixed CVE-2022-28810 with the release of ADSelfService Plus Build 6122. The vulnerability allowed the admin user to execute arbitrary operating system commands and potentially allowed partially authenticated Active Directory users to execute arbitrary operating syst...

7.1CVSS1.2AI score0.80004EPSS
Exploits13
Rapid7 Blog
Rapid7 Blog
added 2023/09/29 6:8 p.m.94 views

Metasploit Weekly Wrap-Up

TeamCity authentication bypass and remote code execution This week’s Metasploit release includes a new module for a critical authentication bypass in JetBrains TeamCity CI/CD Server. All versions of TeamCity prior to version 2023.05.4 are vulnerable to this issue. The vulnerability was originally...

7.5CVSS8.7AI score0.99979EPSS
Exploits22
Rapid7 Blog
Rapid7 Blog
added 2022/04/12 6:48 p.m.94 views

Patch Tuesday - April 2022

From Defender to Windows, Office to Azure, this month’s Patch Tuesday has a large swath of Microsoft’s portfolio getting vulnerabilities fixed. 119 CVEs were addressed today, not including the 26 Chromium vulnerabilities that were fixed in the Edge browser. One of these has been observed being...

10CVSS0.9AI score0.91316EPSS
Exploits40
Rapid7 Blog
Rapid7 Blog
added 2021/10/27 7:30 p.m.94 views

[Security Nation] Jack Cable on Ransomwhere

!\Security Nation\ Jack Cable on Ransomwherehttps://blog.rapid7.com/content/images/2021/10/securitynationlogo--1-.jpg In this episode of Security Nation, Jen and Tod chat with Jack Cable, security architect at the Krebs Stamos Group, about Ransomwhere, a crowdsourced ransomware payment tracker...

8.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/06/04 7:11 p.m.94 views

Metasploit Wrap-Up

SuiteCRM Log File RCE First time Metasploit Framework contributor mcorybillington has added a new module for SuiteCRM versions 7.11.18 and below. This module takes advantage of the input validation being case sensitive, allowing for an authenticated user to rename the SuiteCRM log file to have an...

9CVSS1AI score0.8633EPSS
Exploits19
Rapid7 Blog
Rapid7 Blog
added 2023/06/29 1:0 p.m.93 views

What’s New in InsightVM and Nexpose: Q2 2023 in Review

The past few weeks have been extraordinary for the global threat landscape with zero-day vulnerabilities like MOVEit CVE-2023-34362 and Barracuda’s Email Security Gateway ESG CVE-2023-2868. Rapid7’s security research team was one of the first to detect exploitation of Progress Software’s MOVEit...

7.5CVSS9.5AI score0.99999EPSS
Exploits60
Rapid7 Blog
Rapid7 Blog
added 2025/02/13 3:7 p.m.92 views

CVE-2025-1094: PostgreSQL psql SQL injection (FIXED)

Rapid7 discovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting the PostgreSQL interactive tool psql. This discovery was made while Rapid7 was performing research into the recent exploitation of CVE-2024-12356 — an unauthenticated remote code execution RCE vulnerability th...

9.8CVSS9.2AI score0.89914EPSS
Exploits14
Rapid7 Blog
Rapid7 Blog
added 2023/06/12 6:16 p.m.92 views

CVE-2023-27997: Critical Fortinet Fortigate Remote Code Execution Vulnerability

On June 9, 2023, Fortinet silently patched a purported critical remote code execution RCE vulnerability in Fortigate SSL VPN firewalls. According to Lexfo Security’s Charles Fol, who discovered the vulnerability, the flaw is heap-based and reachable pre-authentication. According to reports,...

7.5CVSS10.1AI score0.85689EPSS
Exploits10
Rapid7 Blog
Rapid7 Blog
added 2021/11/10 3:44 p.m.92 views

CVE-2021-43287 Allows Pre-Authenticated Build Takeover of GoCD Pipelines

On October 26, 2021, open-source CI/CD solution GoCD released version 21.3.0, which included a fix for CVE-2021-43287, a critical information disclosure vulnerability whose exploitation allows unauthenticated attackers to leak configuration information, including build secrets and encryption keys...

7.3AI score0.28039EPSS
Exploits2
Rapid7 Blog
Rapid7 Blog
added 2021/06/11 7:51 p.m.92 views

Metasploit Wrap-Up

NSClient++ Community contributor Yann Castel has contributed an exploit module for NSClient++ which targets an authenticated command execution vulnerability. Users that are able to authenticate to the service as admin can leverage the external scripts feature to execute commands with SYSTEM level...

10CVSS0.6AI score0.99999EPSS
Exploits6
Rapid7 Blog
Rapid7 Blog
added 2024/03/08 5:0 p.m.91 views

Metasploit Wrap-Up 03/08/2024

New module content 2 GitLab Tags RSS feed email disclosure Authors: erruquill and n00bhaxor Type: Auxiliary Pull request: 18821 contributed by n00bhaxor Path: gather/gitlabtagsrssfeedemaildisclosure AttackerKB reference: CVE-2023-5612 Description: This adds an auxiliary module that leverages an...

7.5CVSS6AI score0.99753EPSS
Exploits27
Rapid7 Blog
Rapid7 Blog
added 2023/11/10 6:59 p.m.90 views

Metasploit Weekly Wrap-Up

Apache MQ and Three Cisco Modules in a Trenchcoat This week’s release has a lot of new content and features modules targeting two major recent vulnerabilities that got a great deal of attention: CVE-2023-46604 targeting Apache MQ resulting in ransomware deployment and CVE-2023-20198 targeting Cis...

7.5CVSS9.3AI score0.99654EPSS
Exploits74
Rapid7 Blog
Rapid7 Blog
added 2022/03/21 2:32 p.m.89 views

Cloud Pentesting, Pt. 1: Breaking Down the Basics

The concept of cloud computing has been around for awhile, but it seems like as of late — at least in the penetration testing field — more and more customers are looking to get a pentest done in their cloud deployment. What does that mean? How does that look? What can be tested, and what’s out of...

6CVSS8.4AI score0.06615EPSS
Exploits3
Rapid7 Blog
Rapid7 Blog
added 2022/01/14 7:0 p.m.88 views

Metasploit Weekly Wrap-Up

Log4Shell goodness Log4Shell made an unfortunate end to 2021 for many organizations, but it also makes for some great additions to Metasploit Framework. Contributors sempervictus, schierlm, righel, timwr and our very own Spencer McIntyre have collaborated to bring us a Log4Shell module that uses...

9.3CVSS1AI score0.99999EPSS
Exploits386
Rapid7 Blog
Rapid7 Blog
added 2022/01/03 3:0 p.m.88 views

Sharing the Gifts of Cybersecurity – Or, a Lesson From My First Year Without Santa

Editor’s note: We had planned to publish our Hacky Holidays blog series throughout December 2021 – but then Log4Shell happened, and we dropped everything to focus on this major vulnerability that impacted the entire cybersecurity community worldwide. Now that it’s 2022, we’re feeling in need of...

9.3CVSS10AI score0.99999EPSS
Exploits355
Rapid7 Blog
Rapid7 Blog
added 2021/02/25 3:14 p.m.88 views

Multiple Unauthenticated Remote Code Control and Execution Vulnerabilities in Multiple Cisco Products

What’s up? On Feb. 24, 2021, Cisco released many patches for multiple products, three of which require immediate attention by organizations if they are running affected systems and operating system/software configurations. They are detailed below: Cisco ACI Multi-Site Orchestrator Application...

10CVSS1.2AI score0.14359EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/01/26 3:1 p.m.88 views

State-Sponsored Threat Actors Target Security Researchers

This blog was co-authored by Caitlin Condon, VRM Security Research Manager, and Bob Rudis, Senior Director and Chief Security Data Scientist. On Monday, Jan. 25, 2021, Google’s Threat Analysis Group TAG published a blog on a widespread social engineering campaign that targeted security researcher...

7.2CVSS0.2AI score0.39653EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/02/06 3:0 p.m.87 views

Ransomware Campaign Compromising VMware ESXi Servers

On February 3, 2023, French web hosting provider OVH and French CERT issued warnings about a ransomware campaign that was targeting VMware ESXi servers worldwide with a new ransomware strain dubbed “ESXiArgs.” The campaign appears to be leveraging CVE-2021-21974, a nearly two-year-old heap overfl...

5.8CVSS9AI score0.45063EPSS
Exploits7
Rapid7 Blog
Rapid7 Blog
added 2022/05/24 6:0 p.m.87 views

CVE-2022-22977: VMware Guest Authentication Service LPE (FIXED)

A low-privileged local attacker can prevent the VMware Guest Authentication service VGAuthService.exe from running in a guest Windows environment and can crash this service, thus rendering the guest unstable. In some very contrived circumstances, the attacker can leak file content to which they d...

10CVSS0.4AI score0.99938EPSS
Exploits31
Rapid7 Blog
Rapid7 Blog
added 2021/02/19 5:55 p.m.87 views

Metasploit Wrap-Up

GSoC Rocks! In a rare double whammy, one of our 2020 Google Summer of Code GSoC participants has authored a PR containing both enhancements & a new module! Improvements to our SQL injection library now allow PostgreSQL injection, and this new functionality has been verified with both a test modul...

10CVSS9.6AI score0.95657EPSS
Exploits21
Rapid7 Blog
Rapid7 Blog
added 2024/01/23 6:42 p.m.86 views

CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT

On January 22, 2024, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1. The vulnerability is remotely exploitable and allows an unauthorized user to create an admin user...

7.5CVSS7.6AI score0.99999EPSS
Exploits20
Rapid7 Blog
Rapid7 Blog
added 2023/10/04 3:28 p.m.86 views

CVE-2023-22515: Zero-Day Privilege Escalation in Confluence Server and Data Center

On October 4, 2023, Atlassian published a security advisory on CVE-2023-22515, a critical vulnerability affecting on-premises instances of Confluence Server and Confluence Data Center. CVE-2023-22515 was originally announced as a privilege escalation vulnerability, but was later changed to a brok...

7.5CVSS7.8AI score0.99156EPSS
Exploits39
Rapid7 Blog
Rapid7 Blog
added 2024/03/29 6:14 p.m.85 views

Metasploit Weekly Wrap-Up 03/29/2024

PHP code execution and Oversharepoint Here in the Northern Hemisphere, Spring is in the air: flowers, bees, pollen… a new Metasploit 6.4 release, and now, fresh on the heels of this new release is a bountiful crop of exploits, features, and bug-fixes. Leading the pack is a pair of 2024 PHP code...

7.5CVSS8.4AI score0.99649EPSS
Exploits39
Rapid7 Blog
Rapid7 Blog
added 2023/06/08 4:52 p.m.85 views

CVE-2023-2868: Total Compromise of Physical Barracuda ESG Appliances

Rapid7 incident response teams are investigating exploitation of physical Barracuda Networks Email Security Gateway ESG appliances dating back to at least November 2022. As of June 6, 2023, as part of an ongoing product incident response, Barracuda is urging ESG customers to immediately...

7.5CVSS9.2AI score0.86956EPSS
Exploits3
Rapid7 Blog
Rapid7 Blog
added 2023/02/01 3:57 p.m.85 views

CVE-2023-22374: F5 BIG-IP Format String Vulnerability

While following up our previous work on F5's BIG-IP devices, Rapid7 found an additional vulnerability in the appliance-mode REST interface; the vulnerability was assigned CVE-2023-22374. We reported it to F5 on December 6, 2022, and are now disclosing it in accordance with our vulnerability...

0.3AI score0.87987EPSS
Exploits9
Rapid7 Blog
Rapid7 Blog
added 2023/01/20 7:46 p.m.85 views

Metasploit Weekly Wrap-Up

See something say something Have an idea on how to expand on Metasploit Documentation on ? Did you see a typo or some other error on the docs site? Thanks to adfoster-r7, submitting an update to the documentation is as easy as clicking the 'Edit this page on GitHub' link on the page you want to...

7.5CVSS0.6AI score0.99105EPSS
Exploits21
Rapid7 Blog
Rapid7 Blog
added 2020/11/02 1:51 p.m.85 views

Overview of Content Security Policies (CSPs) on the Web

A Content Security Policy is a protocol that allows a site owner to control what resources are loaded on a web page by the browser, and how those resources may be loaded. This protocol was developed primarily to mitigate the impact of cross-site scripting XSS vulnerabilities. To understand exactl...

6.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/01/19 3:40 p.m.84 views

Critical CVEs in Outdated Versions of Atlassian Confluence and VMware vCenter Server

Rapid7 is highlighting two critical vulnerabilities in outdated versions of widely deployed software this week. Atlassian disclosed CVE-2023-22527, a template injection vulnerability in Confluence Server with a maxed-out CVSS score of 10, while VMware pushed a fresh update to its October 2023...

10CVSS10AI score0.99999EPSS
Exploits123
Rapid7 Blog
Rapid7 Blog
added 2024/01/11 1:0 p.m.84 views

Zero-Day Exploitation of Ivanti Connect Secure and Policy Secure Gateways

Information on these vulnerabilities has evolved considerably since this blog was originally published on January 11, 2024. Customers should refer to Ivanti's two advisories, KB article, and recovery guidance for the latest updates. On Wednesday, January 10, 2024, Ivanti disclosed two zero-day...

6.5CVSS10AI score0.99999EPSS
Exploits26
Rapid7 Blog
Rapid7 Blog
added 2023/02/09 6:36 p.m.84 views

Nearly 19,000 ESXi Servers Still Vulnerable to CVE-2021-21974

Last week, multiple organizations issued warnings that a ransomware campaign dubbed “ESXiArgs” was targeting VMware ESXi servers, allegedly by leveraging CVE-2021-21974—a nearly two-year-old heap overflow vulnerability. Two years. And yet, Rapid7 research has found that a significant number of ES...

5.8CVSS0.7AI score0.45063EPSS
Exploits7
Rapid7 Blog
Rapid7 Blog
added 2022/11/18 9:49 p.m.84 views

Metasploit Weekly Wrap-Up

Pre-authenticated Remote Code Execution in VMware NSX Manager using XStream CVE-2021-39144 There’s nothing quite like a pre-authenticated remote code execution vulnerability in a piece of enterprise software. This week, community contributor h00die-gr3y added a module that targets VMware NSX...

6CVSS1.1AI score0.98124EPSS
Exploits14
Rapid7 Blog
Rapid7 Blog
added 2022/10/18 1:30 p.m.84 views

FLEXlm and Citrix ADM Denial of Service Vulnerability

Note: Updated October 20, 2022 to clarify that this bypasses CVE-2022-27512 and not CVE-2022-27511, which has a different root cause. On June 27, 2022, Citrix released an advisory for CVE-2022-27511 and CVE-2022-27512, which affect Citrix ADM Application Delivery Management. Rapid7 investigated...

7.8CVSS0.12325EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/10/08 4:57 p.m.84 views

Metasploit Wrap-Up

Telemetry is for gathering data, not executing commands as root, right?... This week's highlight is a new exploit module by our own wvu for VMware vCenter Server CVE-2021-22005, a file upload vuln that arises from a flaw in vCenter’s analytics/telemetry service, which is enabled by default...

7.5CVSS0.3AI score0.99999EPSS
Exploits32
Rapid7 Blog
Rapid7 Blog
added 2023/09/29 1:33 p.m.83 views

Critical Vulnerabilities in WS_FTP Server

On September 27, 2023, Progress Software published a security advisory on multiple vulnerabilities affecting WSFTP Server, a secure file transfer solution. There are a number of vulnerabilities in the advisory, two of which are critical CVE-2023-40044 and CVE-2023-42657. Our research team has...

6.5CVSS7.7AI score0.9015EPSS
Exploits6
Rapid7 Blog
Rapid7 Blog
added 2022/12/02 9:0 p.m.83 views

Metasploit Weekly Wrap-Up

ProxyNotShell This week's Metasploit release includes an exploit module for CVE-2022-41082, AKA ProxyNotShell by DA-0x43-Dx4-DA-Hx2-Tx2-TP-S-Q, Orange Tsai, Piotr Bazydło, Rich Warren, Soroush Dalili, and our very own Spencer McIntyre. The vulnerability CVE-2022-41082, AKA ProxyNotShell is a...

0.6AI score0.9997EPSS
Exploits11
Total number of security vulnerabilities1731