Cleo Harmony < 5.8.0.24 - File Upload Vulnerability

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory. id: CVE-2024-55956 info: name: Cleo Harmony...

Cleo Harmony < 5.8.0.21 - Arbitary File Read

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution. id: CVE-2024-50623 info: name: Cleo Harmony 5.8.0.21 - Arbitary File Read author: DhiyaneshDK severity: high...

CVE-2024-55956

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory...

CVE-2024-50623

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution...

Exploit for Unrestricted Upload of File with Dangerous Type in Cleo Harmony

CVE-2024-50...

The vulnerability of the Cleo Harmony, VLTrader, and LexiCom software platforms lies in their ability to allow unlimited loading of dangerous files, enabling attackers to execute arbitrary code.

The vulnerability of the software platforms Cleo Harmony, VLTrader, and LexiCom is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Exploit for Unrestricted Upload of File with Dangerous Type in Cleo Harmony

更多PoC见 https://pc.fenchuan8.com//index?for...

Exploit for Unrestricted Upload of File with Dangerous Type in Cleo Harmony

POC - CVE-2024-50623- Cleo Unrestricted file upload and downlo...

Cleo Harmony < 5.8.0.21 Unrestricted File Upload/Download (CVE-2024-50623)

The version of Cleo Harmony running on the remote host is prior to 5.8.0.21. It is, therefore, affected by an unrestricted file upload and download vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

The vulnerabilities of the software platforms Cleo Harmony, VLTrader, and LexiCom are related to errors in the use of standard permissions, allowing a perpetrator to execute arbitrary commands.

The vulnerabilities of the software platforms Cleo Harmony, VLTrader, and LexiCom are related to errors in the use of standard permissions. Exploiting these vulnerabilities can allow a remote attacker to execute arbitrary commands...

PT-2024-13360 · Cleo · Lexicom +2

Name of the Vulnerable Software and Affected Versions: Cleo Harmony, VLTrader, and LexiCom affected versions not specified Description: A Remote Code Execution RCE issue has been identified. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

Cleo Harmony < 5.8.0.24 Unauthenticated Arbitrary Command Execution (CVE-2024-55956)

The version of Cleo Harmony running on the remote host is prior to 5.8.0.24. It is, therefore, affected by an unauthenticated arbitrary command execution vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

CVE-2024-55956

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory...

CVE-2024-55956

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory...

CVE-2024-55956

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory. Recent assessments: sfewer-r7 at December 16...

CVE-2024-55956

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory...

Cleo多款产品 安全漏洞

Cleo LexiCom and others are products of Cleo Corporation.Cleo LexiCom is an integration platform.Cleo Harmony is a file integration solution.Cleo VLTrader is a secure hosted file transfer software. A security vulnerability exists in various Cleo products that originates from the ability of an...

Cleo Multiple Products Unrestricted File Upload Vulnerability

Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload and download vulnerability that can lead to remote code execution with elevated privileges...

CVE-2024-55956

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory...

CVE-2024-55956

CVE-2024-55956 affects Cleo Harmony, VLTrader, and LexiCom prior to version 5.8.0.24. The vulnerability allows unauthenticated attackers to import and execute arbitrary Bash or PowerShell commands on the host by abusing the default Autorun directory, effectively a remote code execution via an una...