Cleo多款产品 安全漏洞

Cleo LexiCom and others are products of Cleo Corporation.Cleo LexiCom is an integration platform.Cleo Harmony is a file integration solution.Cleo VLTrader is a secure hosted file transfer software. A security vulnerability exists in various Cleo products that originates from the ability of an...

CVE-2024-55956

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory...

VulnCheck KEV: CVE-2024-55956

Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload vulnerability that could allow an unauthenticated user to import and execute arbitrary bash or PowerShell commands on the host system by leveraging the default settings of the...

Exploit for Special Element Injection in Google Android

CVE-2024-0044- CVE-2024-0044: a "run-as any app" high-severity...

Cisco NX-OS Improper Encoding or Escaping of Output (CVE-2017-12340)

A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash...

Exploit for CVE-2024-21534

POC - CVE-2024-21534 Jsonpath-plus vulnerable to Remote Code E...

Fedora 37 : bash (2022-bf387ff344)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-bf387ff344 advisory. Add a null check in parameterbracetransform function Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

CVE-2024-52010

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH...

CVE-2024-50042

Technical details for CVE-2024-50042 are not publicly available in the provided documents. The connected advisories list kernel issues but do not disclose the affected product/version, root cause, impact, or a concrete fix for this CVE. Monitor for updates.

Qnap QTS Bash OS Command Injection (CVE-2014-6271)

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...

Qnap QTS Bash OS Command Injection (CVE-2014-7169)

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the...

CVE-2024-8531

CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root...

CVE-2024-8531

CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root...

CVE-2024-8531

Summary: CVE-2024-8531 affects Schneider Electric EcoStruxure Data Center Expert. The flaw is improper verification of cryptographic signatures in upgrade bundles, allowing manipulation with arbitrary bash scripts that can be executed with root privileges (remote code execution). Affected product...

CVE-2024-8531

CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

TPAS Log4Shell PoC This repository contains a Proof of Concep...

Exploit for Code Injection in Cacti

CVE-2024-43363 CVE-2024-43363 Exploit Script This Python scr...

Exploit for OS Command Injection in Php

CVE-2024-4577 Vulnerability Checker The CVE-2024-4577 Vulnera...

Exploit for Incorrect Implementation of Authentication Algorithm in Ivanti Virtual_Traffic_Management

CVE-2024-7593 Exploit Script This Bash script serves as a pro...

PT-2024-41084 · Iptables · Iptables

Name of the Vulnerable Software and Affected Versions: iptables affected versions not specified Description: The issue is related to insecure privilege management in the iptables utility for configuring and managing packet filtering rules in the Linux operating system. Exploitation of this issue...