13 matches found
CVE-2024-50623
In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution...
Exploit for Unrestricted Upload of File with Dangerous Type in Cleo Harmony
CVE-2024-50...
Metasploit Wrap-Up 01/17/2025
Clarity in Cleo Exploitation Last Month, Huntress reported that several Cleo products were being attacked in the wild, including Harmony, VLTrader, and LexiCom. Cleo announced CVE-2024-50623 and that these issues were patched in 5.8.0.21, but Huntress reported the vulnerability was still in those...
Cleo VLTrader < 5.8.0.21 Unrestricted File Upload/Download (CVE-2024-50623)
The version of Cleo VLTrader running on the remote host is prior to 5.8.0.21. It is, therefore, affected by an unrestricted file upload and download vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
Cleo LexiCom < 5.8.0.21 Unrestricted File Upload/Download (CVE-2024-50623)
The version of Cleo LexiCom running on the remote host is prior to 5.8.0.21. It is, therefore, affected by an unrestricted file upload and download vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
Cleo Harmony < 5.8.0.21 Unrestricted File Upload/Download (CVE-2024-50623)
The version of Cleo Harmony running on the remote host is prior to 5.8.0.21. It is, therefore, affected by an unrestricted file upload and download vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
Modular Java Backdoor Dropped in Cleo Exploitation Campaign
Many thanks to Rapid7 MDR and incident response teams for their contributions to this analysis. While investigating incidents related to Cleo software exploitation, Rapid7 Labs and MDR observed a novel, multi-stage attack that deploys an encoded Java Archive JAR payload. Our investigation reveale...
Exploit for Unrestricted Upload of File with Dangerous Type in Cleo Harmony
CVE-2024-50623 Cleo Unrestricted file upload and download PoC...
Widespread Exploitation of Cleo File Transfer Software (CVE-2024-55956)
On Monday, December 9, multiple security firms began privately circulating reports of in-the-wild exploitation targeting Cleo file transfer software. Late the evening of December 9, security firm Huntress published a blog on active exploitation of three different Cleo products docs: Cleo VLTrader...
CVE-2024-50623
creationtimestamp| type| source ---|---|--- 2024-10-28 01:56:29+00:00| seen| https://t.me/cvedetector/9080 2024-12-10 03:52:21+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113626496423360521 2024-12-10 03:57:59+00:00| seen|...
CVE-2024-50623
In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution...
CVE-2024-50623
In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution...
CVE-2024-50623
CVE-2024-50623 affects Cleo Harmony, Cleo VLTrader, and Cleo LexiCom prior to 5.8.0.21. It is an unrestricted file upload/download flaw that could lead to remote code execution. PoCs exist (e.g., GitHub exploits), and the recommended remediation is to upgrade to 5.8.0.21 or newer. Some connected ...