Lucene search
K

10 matches found

0day.today
0day.today
added 2024/06/02 12:0 a.m.196 views

Progress Flowmon 12.3.5 Local sudo Privilege Escalation Exploit

This Metasploit module abuses a feature of the sudo command on Progress Flowmon. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. This includes executing a PHP command with a specific file name. If the file is overwritten with PH...

10CVSS9.6AI score0.93901EPSS
Exploits7
0day.today
0day.today
added 2024/06/02 12:0 a.m.211 views

Flowmon Unauthenticated Command Injection Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before v12.03.02. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Flowmon...

10CVSS7AI score0.93901EPSS
Exploits7
Metasploit
Metasploit
added 2024/05/29 7:55 p.m.255 views

Flowmon Unauthenticated Command Injection

This module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before v12.03.02. Module Options msf use exploit/linux/http/progressflowmonunauthcmdinjection msf exploitprogressflowmonunauthcmdinjection show targets ...targets... msf...

10CVSS9.3AI score0.93901EPSS
Exploits7
Metasploit
Metasploit
added 2024/05/29 7:55 p.m.283 views

Progress Flowmon Local sudo privilege escalation

This module abuses a feature of the sudo command on Progress Flowmon. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. This includes executing a PHP command with a specific file name. If the file is overwritten with PHP code it c...

10CVSS8.4AI score0.93901EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/05/29 12:0 a.m.358 views

Flowmon Unauthenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Flowmon Unauthenticated Command Injection', 'Description' = %q This module exploits an unauthenticated command injection vulnerability in Progres...

7.5CVSS7AI score0.93901EPSS
Exploits7
0day.today
0day.today
added 2024/05/29 12:0 a.m.280 views

Flowmon Unauthenticated Command Injection Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before v12.03.02. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Flowmon...

10CVSS8AI score0.93901EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2024/04/26 12:0 a.m.43 views

Progress Kemp Flowmon 11.x < 11.1.14, 12.x < 12.3.5 RCE (CVE-2024-2389)

The version of Progress Kemp Flowmon installed on the remote host is prior to 11.1.14 or 12.3.5. It is, therefore, affected by an unauthenticated command injection vulnerability as referenced in the CVE-2024-2389 advisory. - Unauthenticated, remote attackers can gain access to the web interface o...

10CVSS8.3AI score0.93901EPSS
Exploits7References2
Rhino Security Labs
Rhino Security Labs
added 2024/04/23 2:0 p.m.60 views

CVE-2024-2389: Command Injection Vulnerability In Progress Flowmon

The post CVE-2024-2389: Command Injection Vulnerability In Progress Flowmon appeared first on Rhino Security Labs...

10CVSS9.6AI score0.93901EPSS
Exploits7
Circl
Circl
added 2024/04/05 12:0 p.m.57 views

CVE-2024-2389

creationtimestamp| type| source ---|---|--- 2024-04-05 12:00:07+00:00| seen| https://t.me/truesecator/5605 2024-04-09 20:45:42+00:00| seen| https://t.me/arpsyndicate/4419 2024-04-22 18:50:45+00:00| seen| https://t.me/arpsyndicate/4733 2024-04-25 04:35:58+00:00| published-proof-of-concept|...

10CVSS7AI score0.93901EPSS
In wildExploits7References14
NVD
NVD
added 2024/04/02 1:15 p.m.23 views

CVE-2024-2389

In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands...

10CVSS10AI score0.93901EPSS
Exploits7References2
Rows per page
Query Builder