3分钟
Rapid7披露
CVE-2024-0394: Rapid7 Minerva Armor Privilege Escalation (FIXED)
Rapid7 is disclosing CVE-2024-0394, a privilege escalation vulnerability in Rapid7 Minerva’s Armor product family. The root cause of this vulnerability is Minerva’s implementation of OpenSSL’s OPENSSLDIR parameter, which was set to a path accessible to low-privileged users.
3分钟
脆弱性 Disclosure
cve - 2022 - 35629..35632 伶盗龙 Multiple Vulnerabilities (FIXED)
This advisory covers a number of issues identified in 伶盗龙 和 fixed as of Version 0.6.5-2, released July 26, 2022.
8分钟
脆弱性 Disclosure
Shoring Up the Defenses Together: 2018Q2 和 Q3 Wrap-Up
今日(十月二十九日), 2018) we are sharing several vulnerabilities that have been fixed in Rapid7 products 和 supporting services.
7分钟
脆弱性 Disclosure
Shoring up the defenses together: 2018Q1 wrap-up
Today (April 10, 2018) we are sharing six vulnerabilities that have been fixed
in Rapid7 products 和 supporting services. You won’t need to take any actions:
all of the issues have been addressed. We are disclosing these vulnerabilities
in order to be transparent, to thank those that take the time to report security
issues responsibly, 和 to provide a few reminders of security concerns that you
should audit for in your own organization.
Dynamically-generated web server access policies
背包
6分钟
脆弱性 Disclosure
Vulnerabilities Affecting Four Rapid7 产品 (FIXED)
Today we are announcing four fixed vulnerabilities in four Rapid7 products,
summarized in the table below. These issues are low to medium severity (mostly
due to the high exploitation requirements), but we want to make sure that our
customers have all the information they need to make informed security
决定. This article includes detailed descriptions of the vulnerabilities,
as well as how to ensure they are mitigated in your environment. 一些
updates are automatic, but some may requ
2分钟
脆弱性 Disclosure
R7-2017-16 | CVE-2017-5244: Lack of CSRF protection for stopping tasks in Metasploit Pro, 表达, 和 Community editions (FIXED)
Summary
A vulnerability in Metasploit Pro, 表达, 和 Community was patched in
Metasploit v4.14.0 (Update 2017061301)
[http://help.basilinfracon.com/metasploit/release-notes/archive/2017/06/#20170613].
Routes used to stop running tasks (either particular ones or all tasks) allowed
GET请求. Only POST requests should have been allowed, as the stop/stop_all
routes change the state of the service. This could have allowed an attacker to
stop currently-running Metasploit tasks by getting an authenti