Vulnerabilities > Rapid7 > High

DATE CVE VULNERABILITY TITLE RISK
2019-04-30 CVE-2019-5624 Path Traversal vulnerability in Rapid7 Metasploit
Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit.
local
low complexity
rapid7 CWE-22
7.3
2017-12-14 CVE-2017-5264 Cross-Site Request Forgery (CSRF) vulnerability in Rapid7 Nexpose
Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.
network
low complexity
rapid7 CWE-352
8.8
2017-06-06 CVE-2017-5243 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Rapid7 Nexpose
The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions.
network
high complexity
rapid7 CWE-327
8.5
2017-05-03 CVE-2017-5240 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rapid7 Appspider PRO
Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component.
network
low complexity
rapid7 CWE-119
7.5
2017-05-03 CVE-2017-5236 Untrusted Search Path vulnerability in Rapid7 Appspider PRO
Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
local
low complexity
rapid7 CWE-426
7.8
2017-03-02 CVE-2017-5235 Untrusted Search Path vulnerability in Rapid7 Metasploit 4.11.7/4.12.40/4.13.0
Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
local
low complexity
rapid7 CWE-426
7.8
2017-03-02 CVE-2017-5234 Untrusted Search Path vulnerability in Rapid7 Insight Collector 1.0.15
Rapid7 Insight Collector installers prior to version 1.0.16 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
local
low complexity
rapid7 CWE-426
7.8
2017-03-02 CVE-2017-5233 Untrusted Search Path vulnerability in Rapid7 Appspider PRO
Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
local
low complexity
rapid7 CWE-426
7.8
2017-03-02 CVE-2017-5232 Untrusted Search Path vulnerability in Rapid7 Nexpose
All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
local
low complexity
rapid7 CWE-426
7.8
2017-03-02 CVE-2017-5231 Path Traversal vulnerability in Rapid7 Metasploit
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function.
network
high complexity
rapid7 CWE-22
7.1