Page 7 of 70 results (0.005 seconds)

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting (XSS) issue, where an authenticated user could abuse MIME filetype sniffing to embed executable code on a malicious upload. This issue was fixed in version 0.6.0. Note that login rights to Velociraptor is nearly always reserved for trusted and verified users with IT security backgrounds. Rapid7 Velociraptor versiones 0.5.9 y anteriores, son vulnerables a un problema de tipo cross-site scripting (XSS) persistente después de la autenticación, en el que un usuario autenticado podría abusar del sniffing de tipo de archivo MIME para insertar código ejecutable en una carga maliciosa. Este problema fue corregido en versión 0.6.0. • https://github.com/Velocidex/velociraptor/pull/1118 https://github.com/Velocidex/velociraptor/releases/tag/v0.6.0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could have allowed a user to pass code through the provided search field. This issue affects version 6.6.80 and prior, and is fixed in 6.6.81. If your Security Console currently falls on or within this affected version range, ensure that you update your Security Console to the latest version. Rapid7 Nexpose es suceptible a una vulnerabilidad de tipo cross-site scripting no persistente que afecta a la funcionalidad Filtered Asset Search de Security Console. • https://docs.rapid7.com/release-notes/nexpose/20210505 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework typically runs with elevated privileges, this can lead to a system compromise on the Metasploit workstation. Note that an attacker would have to lie in wait and entice the Metasploit user to run the affected module against a malicious endpoint in a "hack-back" type of attack. Metasploit is only vulnerable when the drb_remote_codeexec module is running. In most cases, this cannot happen automatically. • https://github.com/rapid7/metasploit-framework/pull/14300 https://github.com/rapid7/metasploit-framework/pull/14335 https://help.rapid7.com/metasploit/release-notes/archive/2020/10 • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 6

Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine. La trama msfvenom en Metasploit de Rapid7 maneja archivos APK de una manera que permite a un usuario malicioso crear y publicar un archivo que ejecutaría comandos arbitrarios en la máquina de la víctima • https://www.exploit-db.com/exploits/49491 https://github.com/nikhil1232/CVE-2020-7384 https://github.com/0xCarsonS/CVE-2020-7384 http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.html http://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-Injection.html https://github.com/rapid7/metasploit-framework/pull/14288 https://github.com/justinsteven/advisories/blob/master/2020_metasploit_msfvenom_apk_template_cmdi.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that may have allowed an authenticated user with a low permission level to access resources & make changes they should not have been able to access. Un problema de inyección SQL en Rapid7 Nexpose versiones anteriores a 6.6.49, que puede haber permitido a un usuario autenticado con un nivel de permiso bajo acceder a recursos y realizar cambios a los que no debería haber sido capaz de acceder • https://help.rapid7.com/insightvm/en-us/release-notes/index.html?pid=6.6.49 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •