Cleo Harmony < 5.8.0.21 - Arbitary File Read

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution. id: CVE-2024-50623 info: name: Cleo Harmony 5.8.0.21 - Arbitary File Read author: DhiyaneshDK severity: high...

CVE-2021-33576

An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk...

CVE-2021-33577

An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves via encryption and signing of the message can be bypassed by changing the Content-Type of the message to text/plain...

📄 Cleo LexiCom VLTrader Harmony 5.8.0.23 Unauthenticated Arbitrary File Write

Cleo LexiCom, VLTrader, and Harmony file transfer solutions versions 5.8.0.23 and below contain an unauthenticated remote code execution vulnerability that allows attackers to write arbitrary files to the system and execute commands through the software's autorun functionality. The vulnerability...

EUVD-2021-20263

Malware in sbrugna...

EUVD-2021-20262

Malware in sbrugna...

CVE-2024-55956

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory...

CVE-2024-50623

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution...

Cleo LexiCom Harmony 5.8.0.23 CSRF / Command Execution

Cleo LexiCom Harmony version 5.8.0.23 suffers from a remote command execution vulnerability that can be leveraged via a cross site request forgery attack. ============================================================================================================================================= ...

The vulnerability of the Cleo Harmony, VLTrader, and LexiCom software platforms lies in their ability to allow unlimited loading of dangerous files, enabling attackers to execute arbitrary code.

The vulnerability of the software platforms Cleo Harmony, VLTrader, and LexiCom is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Cleo LexiCom, VLTrader, and Harmony Unauthenticated Remote Code Execution

This module exploits an unauthenticated file write vulnerability in Cleo LexiCom, VLTrader, and Harmony versions 5.8.0.23 and below. Module Options msf use exploit/multi/http/cleorcecve202455956 msf exploitcleorcecve202455956 show targets ...targets... msf exploitcleorcecve202455956 set TARGET ms...

Cleo LexiCom / VLTrader / Harmony 5.8.0.23 Remote Code Execution

This Metasploit module exploits an unauthenticated file write vulnerability in Cleo LexiCom, VLTrader, and Harmony versions 5.8.0.23 and below. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

Cleo LexiCom / VLTrader / Harmony 5.8.0.23 Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated file write vulnerability in Cleo LexiCom, VLTrader, and Harmony versions 5.8.0.23 and below. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

Cleo LexiCom < 5.8.0.21 Unrestricted File Upload/Download (CVE-2024-50623)

The version of Cleo LexiCom running on the remote host is prior to 5.8.0.21. It is, therefore, affected by an unrestricted file upload and download vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

The vulnerabilities of the software platforms Cleo Harmony, VLTrader, and LexiCom are related to errors in the use of standard permissions, allowing a perpetrator to execute arbitrary commands.

The vulnerabilities of the software platforms Cleo Harmony, VLTrader, and LexiCom are related to errors in the use of standard permissions. Exploiting these vulnerabilities can allow a remote attacker to execute arbitrary commands...

PT-2024-13360 · Cleo · Lexicom +2

Name of the Vulnerable Software and Affected Versions: Cleo Harmony, VLTrader, and LexiCom affected versions not specified Description: A Remote Code Execution RCE issue has been identified. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

Cleo LexiCom < 5.8.0.24 Unauthenticated Arbitrary Command Execution (CVE-2024-55956)

The version of Cleo LexiCom running on the remote host is prior to 5.8.0.24. It is, therefore, affected by an unauthenticated arbitrary command execution vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

CVE-2024-55956

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory...

CVE-2024-55956

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory...

CVE-2024-55956

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory. Recent assessments: sfewer-r7 at December 16...