Vulnerabilities > Rapid7
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-06-06 | CVE-2017-5243 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Rapid7 Nexpose The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. | 6.8 |
2017-05-03 | CVE-2017-5240 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rapid7 Appspider PRO Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. | 5.0 |
2017-05-03 | CVE-2017-5236 | Untrusted Search Path vulnerability in Rapid7 Appspider PRO Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | 6.8 |
2017-03-02 | CVE-2017-5235 | Untrusted Search Path vulnerability in Rapid7 Metasploit 4.13.0 Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | 6.8 |
2017-03-02 | CVE-2017-5234 | Untrusted Search Path vulnerability in Rapid7 Insight Collector Rapid7 Insight Collector installers prior to version 1.0.16 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | 6.8 |
2017-03-02 | CVE-2017-5233 | Untrusted Search Path vulnerability in Rapid7 Appspider PRO Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | 6.8 |
2017-03-02 | CVE-2017-5232 | Untrusted Search Path vulnerability in Rapid7 Nexpose All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | 6.8 |
2017-03-02 | CVE-2017-5231 | Path Traversal vulnerability in Rapid7 Metasploit 4.13.0/4.13.1/4.13.19 All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. | 5.1 |
2017-03-02 | CVE-2017-5230 | Use of Hard-coded Credentials vulnerability in Rapid7 Nexpose The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. | 6.5 |
2017-03-02 | CVE-2017-5229 | Path Traversal vulnerability in Rapid7 Metasploit 4.13.0/4.13.1/4.13.19 All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. | 5.1 |