Vulnerabilities > Rapid7 > Metasploit > 5.0.80

DATE CVE VULNERABILITY TITLE RISK
2020-08-24 CVE-2020-7377 Path Traversal vulnerability in Rapid7 Metasploit
The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP server.
network
low complexity
rapid7 CWE-22
5.0
5.0
2020-08-24 CVE-2020-7376 Path Traversal vulnerability in Rapid7 Metasploit
The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host.
network
low complexity
rapid7 CWE-22
critical
 10.0
10
2020-04-22 CVE-2020-7350 OS Command Injection vulnerability in Rapid7 Metasploit
Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's hostname or service name.
network
rapid7 CWE-78
6.8
6.8