Appspider Pro
Monthly
Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, whereby an attacker can change the project name directly in the configuration file to a name that. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the "ScanName" field. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.
Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, whereby an attacker can change the project name directly in the configuration file to a name that. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the "ScanName" field. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.
Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.