17 matches found
CVE-2017-5231
CVE-2017-5231 affects Rapid7 Metasploit (Meterpreter stdapi CommandDispatcher.cmd_download) where a directory traversal flaw in pre-4.13.0-2017020701 builds allows writing to an arbitrary directory on the Metasploit console with the running process permissions. Connected documents corroborate the...
CVE-2020-7384
Summary of CVE-2020-7384 (Metasploit msfvenom APK Template Command Injection) : The vulnerability affects Rapid7’s Metasploit Framework, specifically the msfvenom APK template feature. The issue arises from unsanitized input in template handling (Owner field) that flows into a process invocation ...
CVE-2020-7350
CVE-2020-7350 affects Rapid7 Metasploit Framework libnotify plugin. Versions before 5.0.85 allow OS command injection via untrusted data in a remote hostname/service name; an attacker must supply a crafted file processed by db_import to trigger code execution on the operator’s terminal. A fix was...
CVE-2020-7385
The CVE-2020-7385 issue affects Metasploit Framework via a deserialization flaw triggered when the drb_remote_codeexec module is used. The vulnerability stems from reliance on vulnerable Distributed Ruby class functions, and Metasploit is typically run with elevated privileges, enabling potential...
CVE-2019-5624
CVE-2019-5624 affects Rapid7 Metasploit Framework up to version 4.14.0, due to an instance of CWE-22 (Path Traversal) in the Zip import routine. The underlying issue allows an attacker to execute arbitrary code at the privilege level of the user running Metasploit by importing crafted zip data. C...
CVE-2019-5642
CVE-2019-5642 affects Rapid7 Metasploit Pro (versions 4.16.0-2019081901 and earlier). The issue is CWE-732: during installation, the web server SSL server.key is written to the filesystem with world-readable permissions, enabling other local users to intercept private communications to the Metasp...
CVE-2017-15084
The CVE-2017-15084 issue affects Rapid7 Metasploit’s web UI prior to version 4.14.1-20170828, where logout requests are vulnerable to cross-site request forgery (CSRF). An attacker could induce a logged-in user to logout by crafted requests (attack vector shown in public PoCs). The vulnerability ...
CVE-2017-5244
CVE-2017-5244 is a Cross-Site Request Forgery (CSRF) flaw in Metasploit Pro, Express, and Community editions prior to 4.14.0 that allowed an authenticated user to stop running tasks by triggering non-idempotent GET requests to stop routes. Root cause: stopping routes accepted GET instead of POST,...
CVE-2023-0599
CVE-2023-0599 affects Rapid7 Metasploit Pro; stored XSS due to insufficient sanitization of JavaScript request strings. An authenticated attacker can inject HTML/script in another user’s browser via a crafted request. Affected: Metasploit Pro 4.21.2 and lower. Impact details are described in sour...
CVE-2019-5645
CVE-2019-5645 is a denial-of-service issue affecting the Rapid7 Metasploit HTTP(S) handler. The provided DoS payloads register a malicious regular expression via a specially crafted HTTP GET/request to the handler, causing the server to evaluate the expression and potentially either block new HTT...
CVE-2017-5229
Metasploit Meterpreter extapi Clipboard.parse_dump() has a directory traversal vulnerability (CVE-2017-5229) in all Metasploit editions prior to 4.13.0-2017020701. The underlying issue allows writing arbitrary files on the Metasploit console with the permissions of the running Metasploit instance...
CVE-2020-7355
CVE-2020-7355 is a stored XSS vulnerability in Rapid7 Metasploit Pro’s discovered scan asset notes field. The issue allows an attacker to inject a script via a specially crafted network service, triggering when a user views the scanned host record in the Metasploit Pro interface. Affected: Metasp...
CVE-2020-7376
The CVE-2020-7376 entry concerns the Metasploit Framework module post/osx/gather/enum_osx, which contains a relative path traversal vulnerability in the get_keychains method. The underlying issue enables writing arbitrary files to arbitrary locations on the host filesystem when the module is exec...
CVE-2017-5228
The CVE-2017-5228 entry details a directory-traversal in Meterpreter stdapi Dir.download() affecting Rapid7 Metasploit prior to version 4.13.0-2017020701. An attacker could craft Meterpreter payloads to write to arbitrary directories on the Metasploit console with the permissions of the running i...
CVE-2017-5235
Rapid7 Metasploit Pro installers prior to 4.13.0-2017022101 are affected by a DLL preloading vulnerability: the installer can load a malicious DLL from the current working directory. The issue is tied to how the installer searches for system DLLs, allowing an attacker with a malicious DLL in the ...
CVE-2020-7377
The CVE-2020-7377 vulnerability affects the Metasploit Framework module auxiliary/admin/http/telpho10_credential_dump , where the untar method implements a relative path traversal . This can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is ru...
CVE-2020-7354
Rapid7 Metasploit Pro contains a stored-XSS vulnerability in the host field of a discovered scan asset. An attacker who can reach a target’s network service can craft input that stores an XSS sequence, which executes when an operator views the scanned host record in the Metasploit Pro console. A ...