Vulnerability fixed in Kemp LoadMaster

Kemp Technologies has fixed a vulnerability in Kemp LoadMaster and Progress LoadMaster. A malicious party could exploit the vulnerability to execute arbitrary commands on the vulnerable system without prior authentication via specially prepared HTTP calls. For successful abuse, the malicious part...

CVE-2024-7591

Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: LoadMaster: 7.2.40.0 and above ECS: All versions Multi-Tenancy: 7.1.35.4 and above...

CVE-2024-7591

Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: LoadMaster: 7.2.40.0 and above ECS: All versions Multi-Tenancy: 7.1.35.4 and above...

CVE-2024-7591

The CVE-2024-7591 issue is an Improper Input Validation vulnerability in Kemp LoadMaster (and Progress LoadMaster) that enables OS command injection. Affected: LoadMaster 7.2.40.0+; ECS (all versions); Multi-Tenancy 7.1.35.4+. Impact: unauthenticated, remote command execution with high/critical i...

CVE-2024-7591 Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection

Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: LoadMaster: 7.2.40.0 and above ECS: All versions Multi-Tenancy: 7.1.35.4 and above...

CVE-2024-7591 Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection

Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: LoadMaster: 7.2.40.0 and above ECS: All versions Multi-Tenancy: 7.1.35.4 and above...

Kemp LoadMaster 安全漏洞

Kemp LoadMaster is a highly secure application from Kemp. A security vulnerability exists in Kemp LoadMaster version 7.2.60.0 and prior versions, which stems from incorrect input validation and allows operating system command injection...

PT-2024-38438 · Progress · Multi-Tenancy +2

Name of the Vulnerable Software and Affected Versions: LoadMaster versions 7.2.40.0 and above ECS versions all versions Multi-Tenancy versions 7.1.35.4 and above Description: The issue is related to an improper input validation vulnerability in Progress LoadMaster, allowing OS Command Injection...

CVE-2023-29929

Buffer Overflow vulnerability found in Kemptechnologies Loadmaster before v.7.2.60.0 allows a remote attacker to casue a denial of service via the libkemplink.so, isreverse library...

Kemp Loadmaster 安全漏洞

Kemp Loadmaster is an optimized load balancing program from Kemp. A security vulnerability exists in versions prior to Kemp Loadmaster v.7.2.60.0. A remote attacker could exploit this vulnerability to cause a system denial of service via the libkemplink.so, isreverse library...

PT-2024-12220 · Kemp Technologies · Kemp Loadmaster +1

Name of the Vulnerable Software and Affected Versions: Kemptechnologies Loadmaster versions prior to 7.2.60.0 Description: A Buffer Overflow issue allows a remote attacker to cause a denial of service via the libkemplink.so, isreverse library. Recommendations: For versions prior to 7.2.60.0, upda...

CVE-2023-29929

Buffer Overflow vulnerability found in Kemptechnologies Loadmaster before v.7.2.60.0 allows a remote attacker to casue a denial of service via the libkemplink.so, isreverse library...

CVE-2023-29929

Buffer Overflow vulnerability found in Kemptechnologies Loadmaster before v.7.2.60.0 allows a remote attacker to casue a denial of service via the libkemplink.so, isreverse library...

CVE-2023-29929

CVE-2023-29929 affects Kemp Technologies LoadMaster prior to v7.2.60.0, where a buffer overflow in the libkemplink.so isreverse DNS handling can cause a remote DoS. Affected product: Kemp LoadMaster (firmware < 7.2.60.0). Root cause: undersized DNS-name buffer in isreverse/locate_fqdn paths le...

Progress Kemp LoadMaster Remote Command Execution

Progress Kemp LoadMaster versions 7.2.48.1 7.2.59.2 / 7.2.48.1 7.2.54.8 and 7.2.48.1 7.2.48.10 is affected by a vulnerability allowing an unauthenticated attacker to execute remote commands via a specially forged request. No source data...

Kemp LoadMaster Local sudo Privilege Escalation Exploit

This Metasploit module abuses a feature of the sudo command on Progress Kemp LoadMaster. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. Some files have this permission are not write-protected from the default bal user. As such,...

Kemp LoadMaster Local sudo privilege escalation

This module abuses a feature of the sudo command on Progress Kemp LoadMaster. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. Some files have this permission are not write-protected from the default 'bal' user. As such, if the...

The vulnerability of the user interface of the LoadMaster platform for deploying and managing applications allows a perpetrator to execute arbitrary commands.

The vulnerability of the user interface of the LoadMaster platform for application deployment and management exists due to the lack of measures taken to neutralize special elements used in the operating system command line. Exploiting this vulnerability allows a remote attacker to execute arbitra...

The vulnerability of the LoadMaster application deployment and management platform, related to the manipulation of cross-site requests, allows a hacker to perform a CSRF attack.

The vulnerability of the LoadMaster application deployment and management platform relates to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute a CSRF attack using specially crafted HTTP requests...

Metasploit Weekly Wrap-Up 05/03/24

Dump secrets inline This week, our very own cdelafuente-r7 added a significant improvement to the well-known Windows Secrets Dump module to reduce the footprint when dumping SAM hashes, LSA secrets and cached credentials. The module is now directly reading the Windows Registry remotely without...