EUVD-2024-36620

Malicious code in bioql PyPI...

Ivanti Avalanche < 6.4.4 Multiple Vulnerabilities

The version of Ivanti Avalanche running on the remote host is prior to 6.4.4. It is, therefore, is affected by multiple vulnerabilities : - An off-by-one error in WLInfoRailService allows a remote unauthenticated attacker to crash the service. CVE-2024-36136 - Improper input validation in the...

CVE-2024-37373

Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE...

CVE-2024-37373

Ivanti Avalanche 6.3.1 is affected by CVE-2024-37373: improper input validation in the Central Filestore allows a remote authenticated attacker with admin rights to achieve remote code execution. The vulnerability originates from input validation weaknesses in Central Filestore. Affected software...

CVE-2024-37373

Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE...

CVE-2024-37373

Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE...

PT-2024-26915 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche version 6.3.1 Description: The issue is caused by an off-by-one error in the WLInfoRailService, allowing a remote unauthenticated attacker to crash the service, resulting in a denial of service. Additionally, improper input...

PT-2024-27504 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche version 6.3.1 Description: The issue is related to improper input validation in the Central Filestore, allowing a remote authenticated attacker with admin rights to achieve remote code execution RCE. This is due to an...

Ivanti Avalanche FileStoreConfig File Upload

Ivanti Avalanche prior to v6.4.0.186 permits MS-DOS style short names in the configuration path for the Central FileStore. Because of this, an administrator can change the default path to the web root of the applications, upload a JSP file, and achieve RCE as NT AUTHORITY\SYSTEM. Module Options m...

Ivanti Avalanche FileStoreConfig Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti Avalanche FileStoreConfig File Upload', 'Description' = %q Ivanti Avalanche prior to v6.4.0.186 permits MS-DOS style short names in the...

Ivanti Avalanche Enterprise Service Command Injection (CVE-2021-42129)

A command injection vulnerability exists in Ivanti Avalanche Enterprise Service. This vulnerability is due to insufficient validation of the Central FileStore configuration fields...