MidnightBSD

Advisories for metasploit

CVE-2005-2482 MEDIUM

The StateToOptions function in msfweb in Metasploit Framework 2.4 and earlier, when running with the -D option (defanged mode), allows attackers to modify temporary environment variables before the "_Defanged" environment option is checked when processing the Exploit command.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
metasploit metasploit_framework 2.0
metasploit metasploit_framework 2.3
metasploit metasploit_framework 2.2
metasploit metasploit_framework 2.1
metasploit metasploit_framework 2.4
CVE-2011-1056 MEDIUM

The installer for Metasploit Framework 3.5.1, when running on Windows, uses weak inherited permissions for the Metasploit installation directory, which allows local users to gain privileges by replacing critical files with a Trojan horse.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
metasploit metasploit_framework 3.5.1