Cleo Harmony < 5.8.0.24 - File Upload Vulnerability

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory. id: CVE-2024-55956 info: name: Cleo Harmony...

Cleo Harmony < 5.8.0.21 - Arbitary File Read

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution. id: CVE-2024-50623 info: name: Cleo Harmony 5.8.0.21 - Arbitary File Read author: DhiyaneshDK severity: high...

CVE-2024-55956

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory...

CVE-2024-50623

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution...

Exploit for Unrestricted Upload of File with Dangerous Type in Cleo Harmony

CVE-2024-50...

Exploit for Unrestricted Upload of File with Dangerous Type in Cleo Harmony

更多PoC见 https://pc.fenchuan8.com//index?for...

Exploit for Unrestricted Upload of File with Dangerous Type in Cleo Harmony

POC - CVE-2024-50623- Cleo Unrestricted file upload and downlo...

Cleo Harmony < 5.8.0.21 Unrestricted File Upload/Download (CVE-2024-50623)

The version of Cleo Harmony running on the remote host is prior to 5.8.0.21. It is, therefore, affected by an unrestricted file upload and download vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

PT-2024-13360 · Cleo · Lexicom +2

Name of the Vulnerable Software and Affected Versions: Cleo Harmony, VLTrader, and LexiCom affected versions not specified Description: A Remote Code Execution RCE issue has been identified. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

Cleo Harmony < 5.8.0.24 Unauthenticated Arbitrary Command Execution (CVE-2024-55956)

The version of Cleo Harmony running on the remote host is prior to 5.8.0.24. It is, therefore, affected by an unauthenticated arbitrary command execution vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

CVE-2024-55956

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory...

CVE-2024-55956

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory...

CVE-2024-55956

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory. Recent assessments: sfewer-r7 at December 16...

Cleo多款产品 安全漏洞

Cleo LexiCom and others are products of Cleo Corporation.Cleo LexiCom is an integration platform.Cleo Harmony is a file integration solution.Cleo VLTrader is a secure hosted file transfer software. A security vulnerability exists in various Cleo products that originates from the ability of an...

CVE-2024-55956

CVE-2024-55956 affects Cleo Harmony, VLTrader, and LexiCom prior to version 5.8.0.24. The vulnerability allows unauthenticated attackers to import and execute arbitrary Bash or PowerShell commands on the host by abusing the default Autorun directory, effectively a remote code execution via an una...

Cleo Multiple Products Unrestricted File Upload Vulnerability

Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload and download vulnerability that can lead to remote code execution with elevated privileges...

CVE-2024-55956

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory...

CVE-2024-55956

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory...

Cleo Harmony Web Service Detection

Binary data cleoharmonydetect.nbin...

Widespread Exploitation of Cleo File Transfer Software (CVE-2024-55956)

On Monday, December 9, multiple security firms began privately circulating reports of in-the-wild exploitation targeting Cleo file transfer software. Late the evening of December 9, security firm Huntress published a blog on active exploitation of three different Cleo products docs: Cleo VLTrader...