Page 3 of 17 results (0.002 seconds)

CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 3

Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level of the user running Metasploit. This issue affects: Rapid7 Metasploit Framework version 4.14.0 and prior versions. Rapid7 Metasploit Framework padece de una situación de CWE-22, limitación inapropiada de un Pathname a un directorio restringido ('Path Traversal') en la función Zip import de Metasploit. La operación de esta vulnerabilidad puede permitir a un atacante ejecutar código arbitrario en Metasploit desde el nivel de privilegio del usuario que ejecuta Metasploit. • https://github.com/VoidSec/CVE-2019-5624 https://blog.doyensec.com/2019/04/24/rubyzip-bug.html https://github.com/rapid7/metasploit-framework/pull/11716 https://help.rapid7.com/metasploit/release-notes/archive/2019/04/#20190416 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22. La interfaz web de usuario en Rapid7 Metasploit en versiones anteriores a la 4.14.1-20170828 permite el CSRF al cerrar sesión. Esto también se conoce como R7-2017-22. • https://www.exploit-db.com/exploits/42961 https://blog.rapid7.com/2017/10/06/vulnerabilities-affecting-four-rapid7-products-fixed • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 1

Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenticated user to execute JavaScript. As of Metasploit 4.14.0 (Update 2017061301), the routes for stopping tasks only allow POST requests, which validate the presence of a secret token to prevent CSRF attacks. Las rutas empleadas para dejar de ejecutar tareas de Metasploit (específicas o todas) permitían peticiones GET. • http://www.securityfocus.com/bid/99082 https://community.rapid7.com/community/metasploit/blog/2017/06/15/r7-2017-16-cve-2017-5244-lack-of-csrf-protection-for-stopping-tasks-in-metasploit-pro-express-and-community-editions-fixed https://www.seekurity.com/blog/general/metasploit-web-project-kill-all-running-tasks-csrf-CVE-2017-5244 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance. Todas las ediciones de Rapid7 Metasploit anteriores a la versión 4.13.0-2017020701 contienen una vulnerabilidad de salto de directorio en la función Meterpreter extapi Clipboard.parse_dump(). Utilizando una construcción de Meterpreter especialmente manipulada, es posible escribir a un directorio arbitrario en la consola Metasploit con los permisos de la instancia Metasploit en ejecución. • http://www.securityfocus.com/bid/96954 https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance. Todas las ediciones de Rapid7 Metasploit anteriores a la versión 4.13.0-2017020701 contienen una vulnerabilidad de salto de directorio en la función Meterpreter stdapi Dir.download(). Utilizando una construcción de Meterpreter especialmente manipulada, es posible escribir a un directorio arbitrario en la consola Metasploit con los permisos de la instancia Metasploit en ejecución. • http://www.securityfocus.com/bid/96954 https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •