81 matches found
SimpleHelp Detected
This is an informational notice that the scanner was able to detect a SimpleHelp instance on the target server. Note that this detection is included in the Remote Access Tools category. No source data...
SimpleHelp Path Traversal Vulnerability CVE-2024-57727
There exists a path traversal vulnerability in the /toolbox-resource endpoint that enables unauthenticated remote attackers to download arbitrary files from the SimpleHelp server via crafted HTTP requests Module Options msf use auxiliary/scanner/http/simplehelptoolboxpathtraversal msf...
PT-2025-7246 · Unknown · Simplehelp
Name of the Vulnerable Software and Affected Versions: SimpleHelp affected versions not specified Description: A vulnerability has been identified in SimpleHelp. CISA has added this issue to the KEV Catalog. Recommendations: At the moment, there is no information about a newer version that contai...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-57727link is external SimpleHelp Path Traversal Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...
SimpleHelp Path Traversal Vulnerability
SimpleHelp remote support software contains multiple path traversal vulnerabilities that allow unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files may include server configuration files and hashed user passwords...
Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware
Threat actors have been observed exploiting recently disclosed security flaws in SimpleHelp's Remote Monitoring and Management RMM software as a precursor for what appears to be a ransomware attack. The intrusion leveraged the now-patched vulnerabilities to gain initial access and maintain...
VulnCheck KEV: CVE-2024-57727
SimpleHelp remote support software contains multiple path traversal vulnerabilities that allow unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files may include server configuration files and hashed user passwords...
The vulnerability of SimpleHelp’s software for remote support lies in the improper handling of symbolic links before accessing the file. This allows a malicious actor to execute arbitrary code.
The vulnerability of SimpleHelp’s software for remote support is related to the incorrect definition of symbolic links before accessing the file. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...
The vulnerability of SimpleHelp’s software for remote support stems from an incorrect limitation on the path to the restricted-access directory, allowing a perpetrator to disclose protected information.
The vulnerability of SimpleHelp’s software for remote support is related to an incorrect limitation on the path to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...
The vulnerability of SimpleHelp’s software for remote support lies in the insecure management of privileges, allowing a perpetrator to escalate their privileges.
The vulnerability of SimpleHelp’s software for remote support is related to insecure management of privileges. Exploiting this vulnerability allows a malicious actor to elevate their privileges to the root level...
PT-2025-3138 · Undefined · Undefined
🚨🚨 『The vulnerabilities are trivial to reverse and exploit though, and we encourage users to to upgrade ASAP to the latest SimpleHelp release,』 CVE-2024-55726 CVE-2024-55727 CVE-2024-55728 Critical Vulnerabilities in SimpleHelp Remote Support Software https://t.co/F8dpl2me1D...
CVE-2024-57726
SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role...
CVE-2024-57728
SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file i.e. zip slip. This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user...
CVE-2024-57726
SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role...
CVE-2024-57727
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing...
CVE-2024-57728
SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file i.e. zip slip. This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user...
CVE-2024-57726
SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role...
CVE-2024-57728
SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file i.e. zip slip. This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user...
CVE-2024-57727
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing...
Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks
Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege escalation, and remote code execution. Horizon3.ai researcher Naveen Sunkavally, in a technical report detailing the findings, said the...