Rapid7
Back to Blog

Posts tagged Vulnerability Disclosure

R7-2016-06: Remote Code Execution via Swagger Parameter Injection (CVE-2016-5641)

Vulnerabilities and Exploits

R7-2016-06: Remote Code Execution via Swagger Parameter Injection (CVE-2016-5641)

Scott Davis's avatar

Scott Davis

R7-2016-02: Multiple Vulnerabilities in ManageEngine OpUtils

Vulnerabilities and Exploits

R7-2016-02: Multiple Vulnerabilities in ManageEngine OpUtils

Tod Beardsley's avatar

Tod Beardsley

R7-2016-01: Null Credential on Moxa NPort (CVE-2016-1529)

Vulnerabilities and Exploits

R7-2016-01: Null Credential on Moxa NPort (CVE-2016-1529)

Tod Beardsley's avatar

Tod Beardsley

CVE-2015-7547: Revenge of Glibc Resolvers

Vulnerabilities and Exploits

CVE-2015-7547: Revenge of Glibc Resolvers

Tod Beardsley's avatar

Tod Beardsley

R7-2015-26: Advantech EKI Dropbear Authentication Bypass (CVE-2015-7938)

Vulnerabilities and Exploits

R7-2015-26: Advantech EKI Dropbear Authentication Bypass (CVE-2015-7938)

Tod Beardsley's avatar

Tod Beardsley

CVE-2015-7755: Juniper ScreenOS Authentication Backdoor

Vulnerabilities and Exploits

CVE-2015-7755: Juniper ScreenOS Authentication Backdoor

HD Moore's avatar

HD Moore

Multiple Disclosures for Multiple Network Management Systems

Vulnerabilities and Exploits

Multiple Disclosures for Multiple Network Management Systems

Tod Beardsley's avatar

Tod Beardsley

R7-2015-22: ManageEngine Desktop Central 9 FileUploadServlet connectionId Vulnerability (CVE-2015-8249)

Vulnerabilities and Exploits

R7-2015-22: ManageEngine Desktop Central 9 FileUploadServlet connectionId Vulnerability (CVE-2015-8249)

Tod Beardsley's avatar

Tod Beardsley

R7-2015-17: HP SiteScope DNS Tool Command Injection

Vulnerabilities and Exploits

R7-2015-17: HP SiteScope DNS Tool Command Injection

Tod Beardsley's avatar

Tod Beardsley

Multiple Insecure Installation and Update Procedures for RStudio (R7-2015-10) (FIXED)

Vulnerabilities and Exploits

Multiple Insecure Installation and Update Procedures for RStudio (R7-2015-10) (FIXED)

Tod Beardsley's avatar

Tod Beardsley

Using Reflective DLL Injection to exploit IE Elevation Policies

Vulnerabilities and Exploits

Using Reflective DLL Injection to exploit IE Elevation Policies

Juan Vazquez's avatar

Juan Vazquez

Exploiting a 64-bit browser with Flash CVE-2015-5119 (Part 2)

Vulnerabilities and Exploits

Exploiting a 64-bit browser with Flash CVE-2015-5119 (Part 2)

Juan Vazquez's avatar

Juan Vazquez

Exploiting a 64-bit browser with Flash CVE-2015-5119

Vulnerabilities and Exploits

Exploiting a 64-bit browser with Flash CVE-2015-5119

Juan Vazquez's avatar

Juan Vazquez

R7-2015-08: Accellion File Transfer Appliance Vulnerabilities (CVE-2015-2856, CVE-2015-2857)

Vulnerabilities and Exploits

R7-2015-08: Accellion File Transfer Appliance Vulnerabilities (CVE-2015-2856, CVE-2015-2857)

Tod Beardsley's avatar

Tod Beardsley

Remote Coverage for MS15-034 HTTP.sys Vulnerability (CVE-2015-1635)

Vulnerabilities and Exploits

Remote Coverage for MS15-034 HTTP.sys Vulnerability (CVE-2015-1635)

csong's avatar

csong

Breaking down the Logjam (vulnerability)

Vulnerabilities and Exploits

Breaking down the Logjam (vulnerability)

Maria Varmazis's avatar

Maria Varmazis

How Poisonous is VENOM (CVE-2015-3456) to your Virtual Environments?

Vulnerabilities and Exploits

How Poisonous is VENOM (CVE-2015-3456) to your Virtual Environments?

Tod Beardsley's avatar

Tod Beardsley

A Closer Look at February 2015's Patch Tuesday

Vulnerabilities and Exploits

A Closer Look at February 2015's Patch Tuesday

Justin Pagano's avatar

Justin Pagano

R7-2015-02: Google Play Store X-Frame-Options (XFO) Gaps Enable Android Remote Code Execution (RCE)

Vulnerabilities and Exploits

R7-2015-02: Google Play Store X-Frame-Options (XFO) Gaps Enable Android Remote Code Execution (RCE)

Tod Beardsley's avatar

Tod Beardsley

GHOSTbuster: How to scan just for CVE-2015-0235 and keep your historical site data

Vulnerabilities and Exploits

GHOSTbuster: How to scan just for CVE-2015-0235 and keep your historical site data

Snow Tempest's avatar

Snow Tempest

GHOST in the Machine - Is CVE-2015-0235 another Heartbleed?

Vulnerabilities and Exploits

GHOST in the Machine - Is CVE-2015-0235 another Heartbleed?

Jen Ellis's avatar

Jen Ellis