Lucene search
+L

13 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 6:35 a.m.12 views

CVE-2024-50623

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution...

9.8CVSS9.8AI score0.98529EPSS
Exploits6References1
GithubExploit
GithubExploit
added 2025/04/01 10:55 p.m.266 views

Exploit for Unrestricted Upload of File with Dangerous Type in Cleo Harmony

CVE-2024-50...

9.8CVSS7.3AI score0.98529EPSS
Exploits6
Rapid7 Blog
Rapid7 Blog
added 2025/01/17 7:22 p.m.51 views

Metasploit Wrap-Up 01/17/2025

Clarity in Cleo Exploitation Last Month, Huntress reported that several Cleo products were being attacked in the wild, including Harmony, VLTrader, and LexiCom. Cleo announced CVE-2024-50623 and that these issues were patched in 5.8.0.21, but Huntress reported the vulnerability was still in those...

6.9CVSS10AI score0.98529EPSS
Exploits25
Tenable Nessus
Tenable Nessus
added 2024/12/20 12:0 a.m.11 views

Cleo VLTrader < 5.8.0.21 Unrestricted File Upload/Download (CVE-2024-50623)

The version of Cleo VLTrader running on the remote host is prior to 5.8.0.21. It is, therefore, affected by an unrestricted file upload and download vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

9.8CVSS8.7AI score0.98529EPSS
Exploits6References2
Tenable Nessus
Tenable Nessus
added 2024/12/20 12:0 a.m.13 views

Cleo LexiCom < 5.8.0.21 Unrestricted File Upload/Download (CVE-2024-50623)

The version of Cleo LexiCom running on the remote host is prior to 5.8.0.21. It is, therefore, affected by an unrestricted file upload and download vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

9.8CVSS8.7AI score0.98529EPSS
Exploits6References2
Tenable Nessus
Tenable Nessus
added 2024/12/20 12:0 a.m.18 views

Cleo Harmony < 5.8.0.21 Unrestricted File Upload/Download (CVE-2024-50623)

The version of Cleo Harmony running on the remote host is prior to 5.8.0.21. It is, therefore, affected by an unrestricted file upload and download vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

9.8CVSS8.7AI score0.98529EPSS
Exploits6References2
Rapid7 Blog
Rapid7 Blog
added 2024/12/11 6:44 p.m.7 views

Modular Java Backdoor Dropped in Cleo Exploitation Campaign

Many thanks to Rapid7 MDR and incident response teams for their contributions to this analysis. While investigating incidents related to Cleo software exploitation, Rapid7 Labs and MDR observed a novel, multi-stage attack that deploys an encoded Java Archive JAR payload. Our investigation reveale...

9.8CVSS9.4AI score0.98529EPSS
Exploits6
GithubExploit
GithubExploit
added 2024/12/11 2:19 p.m.706 views

Exploit for Unrestricted Upload of File with Dangerous Type in Cleo Harmony

CVE-2024-50623 Cleo Unrestricted file upload and download PoC...

9.8CVSS9.9AI score0.98529EPSS
Exploits6
Rapid7 Blog
Rapid7 Blog
added 2024/12/10 2:4 p.m.31 views

Widespread Exploitation of Cleo File Transfer Software (CVE-2024-55956)

On Monday, December 9, multiple security firms began privately circulating reports of in-the-wild exploitation targeting Cleo file transfer software. Late the evening of December 9, security firm Huntress published a blog on active exploitation of three different Cleo products docs: Cleo VLTrader...

9.8CVSS9.5AI score0.98529EPSS
Exploits8
Circl
Circl
added 2024/10/28 1:56 a.m.48 views

CVE-2024-50623

creationtimestamp| type| source ---|---|--- 2024-10-28 01:56:29+00:00| seen| https://t.me/cvedetector/9080 2024-12-10 03:52:21+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113626496423360521 2024-12-10 03:57:59+00:00| seen|...

9.8CVSS7.6AI score0.98529EPSS
In wildExploits6References52
Cvelist
Cvelist
added 2024/10/27 12:0 a.m.25 views

CVE-2024-50623

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution...

0.98529EPSS
Exploits6References1
Vulnrichment
Vulnrichment
added 2024/10/27 12:0 a.m.52 views

CVE-2024-50623

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution...

9.1AI score0.98529EPSS
Exploits6References1
CVE
CVE
added 2024/10/27 12:0 a.m.343 views

CVE-2024-50623

CVE-2024-50623 affects Cleo Harmony, Cleo VLTrader, and Cleo LexiCom prior to 5.8.0.21. It is an unrestricted file upload/download flaw that could lead to remote code execution. PoCs exist (e.g., GitHub exploits), and the recommended remediation is to upgrade to 5.8.0.21 or newer. Some connected ...

9.8CVSS9.1AI score0.98529EPSS
In wildExploits6References2Affected Software3
Rows per page
Query Builder