Kemp LoadMaster Unauthenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kemp LoadMaster Unauthenticated Command Injection', 'Description' = %q This module exploits an unauthenticated command injection vulnerability in...

Kemp LoadMaster Unauthenticated Command Injection

This module exploits an unauthenticated command injection vulnerability in Progress Kemp LoadMaster in the authorization header after vversion 7.2.48.1. The following versions are patched: 7.2.59.2 GA, 7.2.54.8 LTSF and 7.2.48.10 LTS. Module Options msf use...

CVE-2024-2448: Authenticated Command Injection In Progress Kemp LoadMaster

The post CVE-2024-2448: Authenticated Command Injection In Progress Kemp LoadMaster appeared first on Rhino Security Labs...

VulnCheck KEV: CVE-2024-1212

Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution...

Progress Kemp LoadMaster Command Injection (CVE-2024-1212)

Binary data progresskemploadmasterCVE-2024-1212.nbin...

Progress LoadMaster Detection

Binary data progresskemploadmasterdetect.nbin...

CVE-2024-2449

A cross-site request forgery vulnerability has been identified in LoadMaster. It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario, the CSRF...

CVE-2024-2449

A cross-site request forgery vulnerability has been identified in LoadMaster. It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario, the CSRF...

CVE-2024-2448

An OS command injection vulnerability has been identified in LoadMaster. An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection...

CVE-2024-2448

An OS command injection vulnerability has been identified in LoadMaster. An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection...

CVE-2024-2449 LoadMaster Cross-Site Request Forgery (CSRF)

A cross-site request forgery vulnerability has been identified in LoadMaster. It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario, the CSRF...

CVE-2024-2449 LoadMaster Cross-Site Request Forgery (CSRF)

A cross-site request forgery vulnerability has been identified in LoadMaster. It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario, the CSRF...

CVE-2024-2449

CVE-2024-2449 describes a cross-site request forgery in Kemp LoadMaster. An authenticated LoadMaster administrator, who knows the IP/hostname, can be lured to a malicious site where a CSRF payload issues HTTP transactions on behalf of the admin. The core impact is unauthorized actions performed i...

CVE-2024-2448 LoadMaster Command Injection Vulnerability

An OS command injection vulnerability has been identified in LoadMaster. An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection...

CVE-2024-2448 LoadMaster Command Injection Vulnerability

An OS command injection vulnerability has been identified in LoadMaster. An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection...

CVE-2024-2448

CVE-2024-2448 describes an OS command injection in Kemp/LoadMaster. An authenticated UI user with any permission level can inject commands into a UI component via a shell command, leading to possible OS command execution with high impact (confidentiality, integrity, availability all high). Affect...

Kemp LoadMaster 跨站请求伪造漏洞

Kemp LoadMaster is a highly secure application from Kemp. Kemp LoadMaster suffers from a cross-site request forgery vulnerability that originates from allowing an attacker to direct an authenticated LoadMaster administrator to a third-party site to perform HTTP transactions on behalf of the...

LoadMaster 安全漏洞

Kemp LoadMaster is a highly secure application from Kemp. A security vulnerability exists in LoadMaster that originates from an operating system command injection that allows an attacker to inject commands into a UI component using shell commands...

PT-2024-3306 · Kemp Technologies · Loadmaster

Name of the Vulnerable Software and Affected Versions: LoadMaster affected versions not specified Description: A cross-site request forgery vulnerability has been identified in LoadMaster. It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster...

PT-2024-3305 · Kemp · Loadmaster

Name of the Vulnerable Software and Affected Versions: LoadMaster affected versions not specified Description: An OS command injection vulnerability has been identified in LoadMaster. An authenticated UI user with any permission settings may be able to inject commands into a UI component using a...