Vulnerabilities > Rapid7

DATE CVE VULNERABILITY TITLE RISK
2017-03-02 CVE-2017-5233 Untrusted Search Path vulnerability in Rapid7 Appspider PRO
Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
local
low complexity
rapid7 CWE-426
7.8
7.8
2017-03-02 CVE-2017-5232 Untrusted Search Path vulnerability in Rapid7 Nexpose
All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
local
low complexity
rapid7 CWE-426
7.8
7.8
2017-03-02 CVE-2017-5231 Path Traversal vulnerability in Rapid7 Metasploit
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function.
network
high complexity
rapid7 CWE-22
7.1
7.1
2017-03-02 CVE-2017-5230 Use of Hard-coded Credentials vulnerability in Rapid7 Nexpose
The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user.
network
low complexity
rapid7 CWE-798
7.2
7.2
2017-03-02 CVE-2017-5229 Path Traversal vulnerability in Rapid7 Metasploit
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function.
network
high complexity
rapid7 CWE-22
7.1
7.1
2017-03-02 CVE-2017-5228 Path Traversal vulnerability in Rapid7 Metasploit
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function.
network
high complexity
rapid7 CWE-22
7.1
7.1
2016-12-20 CVE-2016-9757 Cross-site Scripting vulnerability in Rapid7 Nexpose 6.4.12
In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag name field.
network
low complexity
rapid7 CWE-79
5.4
5.4