Rapid7 Metasploit
7 CVEs affecting Rapid7 Metasploit. Latest disclosed: 2020-10-29. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-5235 | High | 7.8 | 2017-03-02 | Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a… |
CVE-2017-5231 | High | 7.1 | 2017-03-02 | All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cm… |
CVE-2017-5229 | High | 7.1 | 2017-03-02 | All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump… |
CVE-2017-5228 | High | 7.1 | 2017-03-02 | All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() funct… |
CVE-2020-7384 | High | 7.0 | 2020-10-29 | Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary com… |
CVE-2017-15084 | Medium | 6.5 | 2017-10-06 | The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22. |
CVE-2017-5244 | Low | 3.5 | 2017-06-15 | Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the st… |