Cleo Harmony < 5.8.0.21 - Arbitary File Read

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution. id: CVE-2024-50623 info: name: Cleo Harmony 5.8.0.21 - Arbitary File Read author: DhiyaneshDK severity: high...

CVE-2021-33576

An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk...

CVE-2021-33577

An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves via encryption and signing of the message can be bypassed by changing the Content-Type of the message to text/plain...

📄 Cleo LexiCom VLTrader Harmony 5.8.0.23 Unauthenticated Arbitrary File Write

Cleo LexiCom, VLTrader, and Harmony file transfer solutions versions 5.8.0.23 and below contain an unauthenticated remote code execution vulnerability that allows attackers to write arbitrary files to the system and execute commands through the software's autorun functionality. The vulnerability...

EUVD-2021-20263

Malware in sbrugna...

EUVD-2021-20262

Malware in sbrugna...

CVE-2024-55956

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory...

CVE-2024-50623

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution...

Cleo LexiCom Harmony 5.8.0.23 CSRF / Command Execution

Cleo LexiCom Harmony version 5.8.0.23 suffers from a remote command execution vulnerability that can be leveraged via a cross site request forgery attack. ============================================================================================================================================= ...

Cleo LexiCom, VLTrader, and Harmony Unauthenticated Remote Code Execution

This module exploits an unauthenticated file write vulnerability in Cleo LexiCom, VLTrader, and Harmony versions 5.8.0.23 and below. Module Options msf use exploit/multi/http/cleorcecve202455956 msf exploitcleorcecve202455956 show targets ...targets... msf exploitcleorcecve202455956 set TARGET ms...

Cleo LexiCom / VLTrader / Harmony 5.8.0.23 Remote Code Execution

This Metasploit module exploits an unauthenticated file write vulnerability in Cleo LexiCom, VLTrader, and Harmony versions 5.8.0.23 and below. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

Cleo LexiCom / VLTrader / Harmony 5.8.0.23 Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated file write vulnerability in Cleo LexiCom, VLTrader, and Harmony versions 5.8.0.23 and below. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

Cleo LexiCom < 5.8.0.21 Unrestricted File Upload/Download (CVE-2024-50623)

The version of Cleo LexiCom running on the remote host is prior to 5.8.0.21. It is, therefore, affected by an unrestricted file upload and download vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

Cleo LexiCom < 5.8.0.24 Unauthenticated Arbitrary Command Execution (CVE-2024-55956)

The version of Cleo LexiCom running on the remote host is prior to 5.8.0.24. It is, therefore, affected by an unauthenticated arbitrary command execution vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

PT-2024-13360 · Cleo · Lexicom +2

Name of the Vulnerable Software and Affected Versions: Cleo Harmony, VLTrader, and LexiCom affected versions not specified Description: A Remote Code Execution RCE issue has been identified. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

CVE-2024-55956

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory...

CVE-2024-55956

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory...

CVE-2024-55956

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory. Recent assessments: sfewer-r7 at December 16...

Cleo多款产品 安全漏洞

Cleo LexiCom and others are products of Cleo Corporation.Cleo LexiCom is an integration platform.Cleo Harmony is a file integration solution.Cleo VLTrader is a secure hosted file transfer software. A security vulnerability exists in various Cleo products that originates from the ability of an...

CVE-2024-55956

CVE-2024-55956 affects Cleo Harmony, VLTrader, and LexiCom prior to version 5.8.0.24. The vulnerability allows unauthenticated attackers to import and execute arbitrary Bash or PowerShell commands on the host by abusing the default Autorun directory, effectively a remote code execution via an una...