CVE-2024-55956

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory...

CVE-2024-55956

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory. Recent assessments: sfewer-r7 at December 16...

PT-2024-9584

Name of the Vulnerable Software and Affected Versions Cleo Harmony versions prior to 5.8.0.24 Cleo VLTrader versions prior to 5.8.0.24 Cleo LexiCom versions prior to 5.8.0.24 Description The issue allows an unauthenticated user to import and execute arbitrary Bash or PowerShell commands on the ho...

Widespread Exploitation of Cleo File Transfer Software (CVE-2024-55956)

On Monday, December 9, multiple security firms began privately circulating reports of in-the-wild exploitation targeting Cleo file transfer software. Late the evening of December 9, security firm Huntress published a blog on active exploitation of three different Cleo products docs: Cleo VLTrader...

CVE-2020-8810

An issue was discovered in Gurux GXDLMS Director through 8.5.1905.1301. When downloading OBIS codes, it does not verify that the downloaded files are actual OBIS codes and doesn't check for path traversal. This allows the attacker exploiting CVE-2020-8809 to send executable files and place them i...