17 results (0.019 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization.  Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metasploit Pro user using a specially crafted request. Note that in most deployments, all Metasploit Pro users tend to enjoy privileges equivalent to local administrator. • https://docs.rapid7.com/release-notes/metasploit/20230130 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework typically runs with elevated privileges, this can lead to a system compromise on the Metasploit workstation. Note that an attacker would have to lie in wait and entice the Metasploit user to run the affected module against a malicious endpoint in a "hack-back" type of attack. Metasploit is only vulnerable when the drb_remote_codeexec module is running. In most cases, this cannot happen automatically. • https://github.com/rapid7/metasploit-framework/pull/14300 https://github.com/rapid7/metasploit-framework/pull/14335 https://help.rapid7.com/metasploit/release-notes/archive/2020/10 • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 6

Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine. La trama msfvenom en Metasploit de Rapid7 maneja archivos APK de una manera que permite a un usuario malicioso crear y publicar un archivo que ejecutaría comandos arbitrarios en la máquina de la víctima • https://www.exploit-db.com/exploits/49491 https://github.com/nikhil1232/CVE-2020-7384 https://github.com/0xCarsonS/CVE-2020-7384 http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.html http://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-Injection.html https://github.com/rapid7/metasploit-framework/pull/14288 https://github.com/justinsteven/advisories/blob/master/2020_metasploit_msfvenom_apk_template_cmdi.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.5EPSS: 96%CPEs: 1EXPL: 0

By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on the Metasploit server. Mediante el envío de una petición GET HTTP especialmente diseñada hacia un manejador HTTP de Rapid7 Metasploit que esté escuchando, un atacante puede registrar una expresión regular arbitraria. Cuando se evalúa, este manejador malicioso puede impedir que sean establecidas nuevas sesiones del manejador HTTP o causar un agotamiento de recursos en el servidor de Metasploit • https://github.com/rapid7/metasploit-framework/pull/12433 - • CWE-400: Uncontrolled Resource Consumption •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1

The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP server. El módulo "auxiliar/admin/http/telpho10_credential_dump" del módulo Metasploit Framework está afectado por una vulnerabilidad de salto de ruta relativa en el método untar que puede ser explotado para escribir archivos arbitrarios en ubicaciones arbitrarias en el sistema de archivos host cuando el módulo se ejecuta en un Servidor HTTP. • https://github.com/rapid7/metasploit-framework/issues/14015 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •