6 matches found
CVE-2024-55956
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory...
Exploit for Unrestricted Upload of File with Dangerous Type in Cleo Harmony
POC - CVE-2024-50623- Cleo Unrestricted file upload and downlo...
CVE-2024-55956
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory...
CVE-2024-55956
CVE-2024-55956 affects Cleo Harmony, VLTrader, and LexiCom prior to version 5.8.0.24. The vulnerability allows unauthenticated attackers to import and execute arbitrary Bash or PowerShell commands on the host by abusing the default Autorun directory, effectively a remote code execution via an una...
CVE-2024-50623
In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution. Recent assessments: sfewer-r7 at July 11, 2025 9:37am UTC reported: CVE-2024-50623 allows a remote unauthenticated...
PT-2024-10294
Name of the Vulnerable Software and Affected Versions Cleo Harmony versions prior to 5.8.0.21 Cleo VLTrader versions prior to 5.8.0.21 Cleo LexiCom versions prior to 5.8.0.21 Description A critical vulnerability in Cleo's file transfer software is being actively exploited, allowing unauthenticate...