Lucene search
K

118 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-29973

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00424EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 5:38 a.m.5 views

CVE-2023-26101

In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon user with access to Flowmon Packet Investigator could leverage a path-traversal vulnerability to retrieve files on the Flowmon appliance's local filesystem...

7.5CVSS6.5AI score0.00748EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:27 a.m.10 views

CVE-2023-26100

In Progress Flowmon before 12.2.0, an application endpoint failed to sanitize user-supplied input. A threat actor could leverage a reflected XSS vulnerability to execute arbitrary code within the context of a Flowmon user's web browser...

6.1CVSS6.7AI score0.00424EPSS
Exploits0References1
0day.today
0day.today
added 2024/06/02 12:0 a.m.195 views

Progress Flowmon 12.3.5 Local sudo Privilege Escalation Exploit

This Metasploit module abuses a feature of the sudo command on Progress Flowmon. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. This includes executing a PHP command with a specific file name. If the file is overwritten with PH...

10CVSS9.6AI score0.93901EPSS
Exploits7
0day.today
0day.today
added 2024/06/02 12:0 a.m.209 views

Flowmon Unauthenticated Command Injection Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before v12.03.02. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Flowmon...

10CVSS7AI score0.93901EPSS
Exploits7
Rapid7 Blog
Rapid7 Blog
added 2024/05/31 6:32 p.m.31 views

Metasploit Weekly Wrap-Up 05/31/2024

Quis dīrumpet ipsos dīrumpēs In this release, we feature a double-double: two exploits each targeting two pieces of software. The first pair is from h00die targeting the Jasmine Ransomeware Web Server. The first uses CVE-2024-30851 to retrieve the login for the ransomware server, and the second i...

10CVSS10AI score0.93901EPSS
Exploits14
Packet Storm
Packet Storm
added 2024/05/30 12:0 a.m.262 views

Progress Flowmon 12.3.5 Local sudo Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Progress Flowmon Local sudo privilege escalation', 'Description' = %q This module abuses a feature of the sudo command on Progress Flowmon. Certa...

7.5CVSS7AI score0.93901EPSS
Exploits7
Metasploit
Metasploit
added 2024/05/29 7:55 p.m.222 views

Progress Flowmon Local sudo privilege escalation

This module abuses a feature of the sudo command on Progress Flowmon. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. This includes executing a PHP command with a specific file name. If the file is overwritten with PHP code it c...

10CVSS8.4AI score0.93901EPSS
Exploits7
Metasploit
Metasploit
added 2024/05/29 7:55 p.m.253 views

Flowmon Unauthenticated Command Injection

This module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before v12.03.02. Module Options msf use exploit/linux/http/progressflowmonunauthcmdinjection msf exploitprogressflowmonunauthcmdinjection show targets ...targets... msf...

10CVSS9.3AI score0.93901EPSS
Exploits7
0day.today
0day.today
added 2024/05/29 12:0 a.m.279 views

Flowmon Unauthenticated Command Injection Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before v12.03.02. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Flowmon...

10CVSS8AI score0.93901EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/05/29 12:0 a.m.355 views

Flowmon Unauthenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Flowmon Unauthenticated Command Injection', 'Description' = %q This module exploits an unauthenticated command injection vulnerability in Progres...

7.5CVSS7AI score0.93901EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2024/04/26 12:0 a.m.11 views

Progress Kemp Flowmon Web Interface Detection

Binary data progresskempflowmondetect.nbin...

7.3AI score
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/04/26 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-2389

In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands...

10CVSS7.5AI score0.93901EPSS
Exploits7References1
Tenable Nessus
Tenable Nessus
added 2024/04/26 12:0 a.m.42 views

Progress Kemp Flowmon 11.x < 11.1.14, 12.x < 12.3.5 RCE (CVE-2024-2389)

The version of Progress Kemp Flowmon installed on the remote host is prior to 11.1.14 or 12.3.5. It is, therefore, affected by an unauthenticated command injection vulnerability as referenced in the CVE-2024-2389 advisory. - Unauthenticated, remote attackers can gain access to the web interface o...

10CVSS8.3AI score0.93901EPSS
Exploits7References2
Rhino Security Labs
Rhino Security Labs
added 2024/04/23 2:0 p.m.60 views

CVE-2024-2389: Command Injection Vulnerability In Progress Flowmon

The post CVE-2024-2389: Command Injection Vulnerability In Progress Flowmon appeared first on Rhino Security Labs...

10CVSS9.6AI score0.93901EPSS
Exploits7
BDU FSTEC
BDU FSTEC
added 2024/04/08 12:0 a.m.11 views

The vulnerability in the web interface for controlling the Flowmon operating system of network monitoring devices allows a perpetrator to execute arbitrary commands.

The vulnerability of the web interface for controlling the Flowmon operating system in devices for network monitoring exists due to the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a malicious actor to execute...

10CVSS8.1AI score0.93901EPSS
Exploits7References2Affected Software1
OSV
OSV
added 2024/04/02 1:15 p.m.0 views

CVE-2024-2389

In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands...

9.8CVSS5.9AI score0.93901EPSS
Exploits7References2
NVD
NVD
added 2024/04/02 1:15 p.m.22 views

CVE-2024-2389

In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands...

10CVSS10AI score0.93901EPSS
Exploits7References2
Vulnrichment
Vulnrichment
added 2024/04/02 12:22 p.m.26 views

CVE-2024-2389 Flowmon Unauthenticated Command Injection Vulnerability

In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands...

10CVSS7.7AI score0.93901EPSS
Exploits7References2
Cvelist
Cvelist
added 2024/04/02 12:22 p.m.55 views

CVE-2024-2389 Flowmon Unauthenticated Command Injection Vulnerability

In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands...

10CVSS10AI score0.93901EPSS
Exploits7References2
Rows per page
Query Builder