1842 matches found
CVE-2024-6658 Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.0 inclusive From 7.2.49.0 to 7.2.54.11 inclusive 7.2.48.12 and all prior versions Multi-Tenant...
VulnCheck KEV: CVE-2024-6670
Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user's encrypted password if the application is configured with only a single user...
Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities
In this blog entry, we provide an analysis of the recent remote code execution attacks related to Progress Software’s WhatsUp Gold that possibly abused the vulnerabilities CVE-2024-6670 and CVE-2024-6671...
Emergency Fix Issued for 10/10 Severity Vulnerability in LoadMaster Products
Progress Software has released an emergency patch for a critical 10/10 severity vulnerability CVE-2024-7591 in its LoadMaster products,…...
Progress Software Issues Patch for Vulnerability in LoadMaster and MT Hypervisor
Progress Software has released security updates for a maximum-severity flaw in LoadMaster and Multi-Tenant MT hypervisor that could result in the execution of arbitrary operating system commands. Tracked as CVE-2024-7591 CVSS score: 10.0, the vulnerability has been described as an improper input...
CVE-2024-7591
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: LoadMaster: 7.2.40.0 and above ECS: All versions Multi-Tenancy: 7.1.35.4 and above...
CVE-2024-7591
The CVE-2024-7591 issue is an Improper Input Validation vulnerability in Kemp LoadMaster (and Progress LoadMaster) that enables OS command injection. Affected: LoadMaster 7.2.40.0+; ECS (all versions); Multi-Tenancy 7.1.35.4+. Impact: unauthenticated, remote command execution with high/critical i...
CVE-2024-7591 Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: LoadMaster: 7.2.40.0 and above ECS: All versions Multi-Tenancy: 7.1.35.4 and above...
CVE-2024-7591 Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: LoadMaster: 7.2.40.0 and above ECS: All versions Multi-Tenancy: 7.1.35.4 and above...
Progress / Ipswitch WhatsUp Gold Detection Consolidation
Consolidation of Progress / Ipswitch WhatsUp Gold detections. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; if...
Progress Software OpenEdge 安全漏洞
Progress Software OpenEdge is a suite of integrated development environments IDEs from Progress Software, USA. A security vulnerability exists in Progress Software OpenEdge versions 11.7.18 and 12.2.13. An attacker can exploit the vulnerability to inject unauthorized code into a multi-session age...
Vulnerabilities fixed in Progress WhatsUp Gold
Progress has fixed vulnerabilities in WhatsUp Gold. A malicious party can exploit the vulnerabilities to retrieve or change the password of the application user in a Single User installation, or in a Multi User installation to change the password of a user with elevated privileges through an...
Progress MOVEit SFTP Authentication Bypass for Arbitrary File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/ssh/transport/session' require 'net/sftp' require 'openssl' class MetasploitModule 'Progress MOVEit SFTP Authentication Bypass for Arbitrary File Read',...
Exploit for SQL Injection in Progress Whatsup_Gold
CVE-2024-6670 PoC for Progress Software WhatsUp Gold HasErrors...
Vulnerabilities fixed in Progress WS_FTP server
Progress has fixed vulnerabilities in WSFTP server. A malicious party can exploit the vulnerabilities to bypass two-factor authentication, which allows it to log in with just username and password. Also, through directory traversal, the malicious party may be able to gain access to files that the...
Progress Software WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of HasErrors method. The issue results from the lack of...
WhatsUp Gold 安全漏洞
Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability previously existed in WhatsUp Gold version 2024.0.0, which...
Progress Software WhatsUp Gold getMonitorJoin SQL Injection Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the implementati...
Progress Software WhatsUp Gold GetStatisticalMonitorList SQL Injection Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of GetStatisticalMonitorList method. The issue results...
Progress Software WS_FTP Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WSFTP. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileHandler module. The issue results from the lack of proper validation...