Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-02 | CVE-2016-10062 | 7PK - Errors vulnerability in Imagemagick The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | 5.5 |
| 2017-03-02 | CVE-2016-10060 | Unchecked Return Value vulnerability in Imagemagick The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | 6.5 |
| 2017-03-02 | CVE-2017-5235 | Untrusted Search Path vulnerability in Rapid7 Metasploit 4.11.7/4.12.40/4.13.0 Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | 7.8 |
| 2017-03-02 | CVE-2017-5234 | Untrusted Search Path vulnerability in Rapid7 Insight Collector 1.0.15 Rapid7 Insight Collector installers prior to version 1.0.16 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | 7.8 |
| 2017-03-02 | CVE-2017-5233 | Untrusted Search Path vulnerability in Rapid7 Appspider PRO Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | 7.8 |
| 2017-03-02 | CVE-2017-5232 | Untrusted Search Path vulnerability in Rapid7 Nexpose All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | 7.8 |
| 2017-03-02 | CVE-2017-5231 | Path Traversal vulnerability in Rapid7 Metasploit All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. | 7.1 |
| 2017-03-02 | CVE-2017-5230 | Use of Hard-coded Credentials vulnerability in Rapid7 Nexpose The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. | 7.2 |
| 2017-03-02 | CVE-2017-5229 | Path Traversal vulnerability in Rapid7 Metasploit All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. | 7.1 |
| 2017-03-02 | CVE-2017-5228 | Path Traversal vulnerability in Rapid7 Metasploit All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. | 7.1 |