CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7358 – Code Injection in Rapid7 AppSpider Pro Installer
https://notcve.org/view.php?id=CVE-2020-7358
18 Sep 2020 — In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during an installation and any arbitrary code executable using the same file name. En el instalador AppSpider versiones anteriores a 7.2.126, el instalador AppSpider llama a un ejecutable que puede ser colocado en el directorio aprop... • https://help.rapid7.com/appspider/release-notes/index.html?pid=7.2.126 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5647 – Rapid7 AppSpider Chrome Plugin Insufficient Session Expiration
https://notcve.org/view.php?id=CVE-2019-5647
22 Jan 2020 — The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser sessions active after recording a macro, even after a restart of the Chrome browser. This behavior could make future session hijacking attempts easier, since the user could believe a session was closed when it was not. This issue affects Rapid7 AppSpider version 3.8.213 and prior versions, and is fixed in version 3.8.215. El Plugin de Chrome para Rapid7 AppSpider puede mantener activas las sesiones del navegador incorrectamente después de g... • https://help.rapid7.com/appspiderenterprise/release-notes/?rid=3.8.215 • CWE-613: Insufficient Session Expiration •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5236
https://notcve.org/view.php?id=CVE-2017-5236
03 May 2017 — Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. Las ediciones de los instaladores de Rapid7 AppSpider Pro anteriores a la versión 6.14.060 contienen una vulnerabilidad de precarga de DLL, en la que es posible que el instalador cargue una DLL malintencionada ubicada en el directorio de trabajo actual del instalador. • https://community.rapid7.com/docs/DOC-3631 • CWE-426: Untrusted Search Path •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5240
https://notcve.org/view.php?id=CVE-2017-5240
03 May 2017 — Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of service condition when parsed by this component, causing the application to crash. Las ediciones de Rapid7 AppSpider Pro anteriores a la versión 6.14.060 contienen un desbordamiento de buffer basado en memoria dinámica en el componente FLAnalyzer.exe. Un archivo de código fuente Flash malicioso o mal formado puede ca... • https://community.rapid7.com/docs/DOC-3631 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5233
https://notcve.org/view.php?id=CVE-2017-5233
02 Mar 2017 — Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. Instaladores de Rapid7 AppSpider Pro anteriores a la versión 6.14.053 contienen una vulnerabilidad de precarga de DLL, donde es posible que el instalador cargue una DLL maliciosa ubicada en el directorio de trabajo actual del instalador. • http://www.securityfocus.com/bid/96957 • CWE-426: Untrusted Search Path •