Metasploit Security Vulnerabilities and Issues — Metasploit CVE List

Lucene search

Rapid7Metasploit

7 matches found

CVE•added 2020/10/29 3:15 p.m.•118 views

CVE-2020-7384

Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.

9.3CVSS7.4AI score0.65465EPSS

CVE•added 2020/04/22 10:15 p.m.•95 views

CVE-2020-7350

Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's hostname or service name. An attacker can create a specially-crafted hostname or service name to be ...

7.8CVSS7AI score0.58671EPSS

CVE•added 2020/08/24 7:15 p.m.•37 views

CVE-2020-7376

The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host.

10CVSS8.4AI score0.00326EPSS

CVE•added 2020/09/01 3:15 p.m.•33 views

CVE-2019-5645

By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on the ...

7.5CVSS7.6AI score0.87878EPSS

CVE•added 2020/06/25 6:15 p.m.•32 views

CVE-2020-7355

Cross-site Scripting (XSS) vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record o...

6.1CVSS5.5AI score0.00426EPSS

CVE•added 2020/08/24 7:15 p.m.•30 views

CVE-2020-7377

The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP...

8.1CVSS7.7AI score0.0041EPSS

CVE•added 2020/06/25 6:15 p.m.•22 views

CVE-2020-7354

Cross-site Scripting (XSS) vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record...

6.1CVSS5.5AI score0.00426EPSS