Lucene search
K

39 matches found

Cvelist
Cvelist
added 2026/01/13 12:59 p.m.19 views

CVE-2025-13774 SQL injection leading to privilege escalation in Progress Flowmon ADS

A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and 13.0.1 where an SQL injection vulnerability allows authenticated users to execute unintended SQL queries and commands...

8.8CVSS0.00423EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.4 views

Progress Flowmon ADS SQL注入漏洞

Progress Flowmon ADS is a network traffic analysis and anomaly detection system from Progress, Inc. A SQL injection vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and prior to 13.0.1, which stems from an SQL injection that could lead to the execution of unexpected SQL queri...

8.8CVSS6AI score0.00423EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/30 7:39 a.m.5 views

EUVD-2025-36972

A vulnerability exists in Progress Flowmon versions prior 12.5.6 where certain system configuration files have incorrect file permissions, allowing a user with access to the default flowmon system user account used for SSH access to potentially escalate privileges to root during service...

6.7CVSS6.6AI score0.00126EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/30 7:39 a.m.8 views

CVE-2025-11906 Privilege escalation via writable configuration files in Progress Flowmon

A vulnerability exists in Progress Flowmon versions prior 12.5.6 where certain system configuration files have incorrect file permissions, allowing a user with access to the default flowmon system user account used for SSH access to potentially escalate privileges to root during service...

6.7CVSS0.00126EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/10 5:22 p.m.4 views

CVE-2025-10240

A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a user who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated session...

8.8CVSS6.7AI score0.00293EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/09 12:43 p.m.6 views

CVE-2025-10240 Possibility of unintended actions when a user clicks a malicious link in the Progress Flowmon web application

A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a user who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated session...

8.8CVSS0.00293EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/09 12:43 p.m.3 views

EUVD-2025-33341

A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a user who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated session...

8.8CVSS6.2AI score0.00293EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/09 12:0 a.m.2 views

Progress Flowmon 跨站脚本漏洞

Progress Flowmon is a real-time network traffic monitoring tool from Progress. A cross-site scripting vulnerability exists in versions of Progress Flowmon prior to 12.5.5, which originates from a user clicking on a malicious link that could trigger an unexpected action, potentially leading to a...

8.8CVSS6.1AI score0.00293EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/09 12:0 a.m.4 views

Progress Flowmon 操作系统命令注入漏洞

Progress Flowmon is a real-time network traffic monitoring tool from Progress. An operating system command injection vulnerability exists in versions of Progress Flowmon prior to 12.5.5, which originates from an administrator user being able to execute additional, unintended commands in the...

7.2CVSS7.5AI score0.00349EPSS
Exploits0References2
0day.today
0day.today
added 2024/06/02 12:0 a.m.209 views

Flowmon Unauthenticated Command Injection Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before v12.03.02. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Flowmon...

10CVSS7AI score0.93901EPSS
Exploits7
0day.today
0day.today
added 2024/06/02 12:0 a.m.195 views

Progress Flowmon 12.3.5 Local sudo Privilege Escalation Exploit

This Metasploit module abuses a feature of the sudo command on Progress Flowmon. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. This includes executing a PHP command with a specific file name. If the file is overwritten with PH...

10CVSS9.6AI score0.93901EPSS
Exploits7
Rapid7 Blog
Rapid7 Blog
added 2024/05/31 6:32 p.m.31 views

Metasploit Weekly Wrap-Up 05/31/2024

Quis dīrumpet ipsos dīrumpēs In this release, we feature a double-double: two exploits each targeting two pieces of software. The first pair is from h00die targeting the Jasmine Ransomeware Web Server. The first uses CVE-2024-30851 to retrieve the login for the ransomware server, and the second i...

10CVSS10AI score0.93901EPSS
Exploits14
Packet Storm
Packet Storm
added 2024/05/30 12:0 a.m.261 views

Progress Flowmon 12.3.5 Local sudo Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Progress Flowmon Local sudo privilege escalation', 'Description' = %q This module abuses a feature of the sudo command on Progress Flowmon. Certa...

7.5CVSS7AI score0.93901EPSS
Exploits7
Metasploit
Metasploit
added 2024/05/29 7:55 p.m.204 views

Progress Flowmon Local sudo privilege escalation

This module abuses a feature of the sudo command on Progress Flowmon. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. This includes executing a PHP command with a specific file name. If the file is overwritten with PHP code it c...

10CVSS8.4AI score0.93901EPSS
Exploits7
Metasploit
Metasploit
added 2024/05/29 7:55 p.m.246 views

Flowmon Unauthenticated Command Injection

This module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before v12.03.02. Module Options msf use exploit/linux/http/progressflowmonunauthcmdinjection msf exploitprogressflowmonunauthcmdinjection show targets ...targets... msf...

10CVSS9.3AI score0.93901EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/05/29 12:0 a.m.353 views

Flowmon Unauthenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Flowmon Unauthenticated Command Injection', 'Description' = %q This module exploits an unauthenticated command injection vulnerability in Progres...

7.5CVSS7AI score0.93901EPSS
Exploits7
0day.today
0day.today
added 2024/05/29 12:0 a.m.279 views

Flowmon Unauthenticated Command Injection Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before v12.03.02. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Flowmon...

10CVSS8AI score0.93901EPSS
Exploits7
CNNVD
CNNVD
added 2023/04/21 12:0 a.m.3 views

Progress Flowmon 跨站脚本漏洞

Progress Flowmon is a real-time network traffic monitoring tool from Progress. A security vulnerability exists in versions of Progress Flowmon prior to 12.2.0, which stems from an application endpoint's inability to clean up user-supplied input, and which can be exploited by an attacker to execut...

6.1CVSS6.7AI score0.00424EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/04/21 12:0 a.m.5 views

Progress Flowmon 路径遍历漏洞

Progress Flowmon is a real-time network traffic monitoring tool from Progress. A security vulnerability exists in Progress Flowmon versions prior to 12.2.0, which stems from a path traversal vulnerability that can be exploited by an attacker to retrieve files on the device's local file system...

7.5CVSS7.3AI score0.00748EPSS
Exploits0References3
Rows per page
Query Builder