39 matches found
CVE-2025-13774 SQL injection leading to privilege escalation in Progress Flowmon ADS
A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and 13.0.1 where an SQL injection vulnerability allows authenticated users to execute unintended SQL queries and commands...
Progress Flowmon ADS SQL注入漏洞
Progress Flowmon ADS is a network traffic analysis and anomaly detection system from Progress, Inc. A SQL injection vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and prior to 13.0.1, which stems from an SQL injection that could lead to the execution of unexpected SQL queri...
EUVD-2025-36972
A vulnerability exists in Progress Flowmon versions prior 12.5.6 where certain system configuration files have incorrect file permissions, allowing a user with access to the default flowmon system user account used for SSH access to potentially escalate privileges to root during service...
CVE-2025-11906 Privilege escalation via writable configuration files in Progress Flowmon
A vulnerability exists in Progress Flowmon versions prior 12.5.6 where certain system configuration files have incorrect file permissions, allowing a user with access to the default flowmon system user account used for SSH access to potentially escalate privileges to root during service...
CVE-2025-10240
A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a user who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated session...
CVE-2025-10240 Possibility of unintended actions when a user clicks a malicious link in the Progress Flowmon web application
A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a user who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated session...
EUVD-2025-33341
A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a user who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated session...
Progress Flowmon 跨站脚本漏洞
Progress Flowmon is a real-time network traffic monitoring tool from Progress. A cross-site scripting vulnerability exists in versions of Progress Flowmon prior to 12.5.5, which originates from a user clicking on a malicious link that could trigger an unexpected action, potentially leading to a...
Progress Flowmon 操作系统命令注入漏洞
Progress Flowmon is a real-time network traffic monitoring tool from Progress. An operating system command injection vulnerability exists in versions of Progress Flowmon prior to 12.5.5, which originates from an administrator user being able to execute additional, unintended commands in the...
Flowmon Unauthenticated Command Injection Exploit
This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before v12.03.02. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Flowmon...
Progress Flowmon 12.3.5 Local sudo Privilege Escalation Exploit
This Metasploit module abuses a feature of the sudo command on Progress Flowmon. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. This includes executing a PHP command with a specific file name. If the file is overwritten with PH...
Metasploit Weekly Wrap-Up 05/31/2024
Quis dīrumpet ipsos dīrumpēs In this release, we feature a double-double: two exploits each targeting two pieces of software. The first pair is from h00die targeting the Jasmine Ransomeware Web Server. The first uses CVE-2024-30851 to retrieve the login for the ransomware server, and the second i...
Progress Flowmon 12.3.5 Local sudo Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Progress Flowmon Local sudo privilege escalation', 'Description' = %q This module abuses a feature of the sudo command on Progress Flowmon. Certa...
Progress Flowmon Local sudo privilege escalation
This module abuses a feature of the sudo command on Progress Flowmon. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. This includes executing a PHP command with a specific file name. If the file is overwritten with PHP code it c...
Flowmon Unauthenticated Command Injection
This module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before v12.03.02. Module Options msf use exploit/linux/http/progressflowmonunauthcmdinjection msf exploitprogressflowmonunauthcmdinjection show targets ...targets... msf...
Flowmon Unauthenticated Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Flowmon Unauthenticated Command Injection', 'Description' = %q This module exploits an unauthenticated command injection vulnerability in Progres...
Flowmon Unauthenticated Command Injection Exploit
This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before v12.03.02. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Flowmon...
Progress Flowmon 跨站脚本漏洞
Progress Flowmon is a real-time network traffic monitoring tool from Progress. A security vulnerability exists in versions of Progress Flowmon prior to 12.2.0, which stems from an application endpoint's inability to clean up user-supplied input, and which can be exploited by an attacker to execut...
Progress Flowmon 路径遍历漏洞
Progress Flowmon is a real-time network traffic monitoring tool from Progress. A security vulnerability exists in Progress Flowmon versions prior to 12.2.0, which stems from a path traversal vulnerability that can be exploited by an attacker to retrieve files on the device's local file system...