1842 matches found
Kemp LoadMaster Unauthenticated Command Injection Exploit
This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Kemp LoadMaster in the authorization header after version 7.2.48.1. The following versions are patched: 7.2.59.2 GA, 7.2.54.8 LTSF, and 7.2.48.10 LTS. This module requires Metasploit:...
Kemp LoadMaster Unauthenticated Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kemp LoadMaster Unauthenticated Command Injection', 'Description' = %q This module exploits an unauthenticated command injection vulnerability in...
Kemp LoadMaster Unauthenticated Command Injection
This module exploits an unauthenticated command injection vulnerability in Progress Kemp LoadMaster in the authorization header after vversion 7.2.48.1. The following versions are patched: 7.2.59.2 GA, 7.2.54.8 LTSF and 7.2.48.10 LTS. Module Options msf use...
Progress Kemp Flowmon 11.x < 11.1.14, 12.x < 12.3.5 RCE (CVE-2024-2389)
The version of Progress Kemp Flowmon installed on the remote host is prior to 11.1.14 or 12.3.5. It is, therefore, affected by an unauthenticated command injection vulnerability as referenced in the CVE-2024-2389 advisory. - Unauthenticated, remote attackers can gain access to the web interface o...
Progress Kemp Flowmon Web Interface Detection
Binary data progresskempflowmondetect.nbin...
Progress Software Telerik Reporting ObjectReader Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Telerik Reporting. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...
Progress Software Telerik Report Server ObjectReader Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Telerik Report Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the ObjectReader class. The issue results from the lack of proper...
Progress Software Telerik Reporting ObjectReader Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Telerik Reporting. Authentication is required to exploit this vulnerability. The specific flaw exists within the ObjectReader class. The issue results from the lack of proper...
Missing character encoding in progress display allows for spoofing of scp client output (CVE-2019-6109)
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...
SUSE CVE-2024-26755
In the Linux kernel, the following vulnerability has been resolved: md: Don't suspend the array for interrupted reshape mdstartsync will suspend the array if there are spares that can be added or removed from conf, however, if reshape is still in progress, this won't happen at all or data will be...
AZL-71927 CVE-2024-26800 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt request goes to the backlog and cryptoaeaddecrypt returns -EBUSY, tlsdodecryption will wait until all async decryptions have completed. If one of them fails,...
DEBIAN-CVE-2024-26800
In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt request goes to the backlog and cryptoaeaddecrypt returns -EBUSY, tlsdodecryption will wait until all async decryptions have completed. If one of them fails,...
PT-2024-5207 · Progress · Progress Whatsup Gold
Name of the Vulnerable Software and Affected Versions: Progress WhatsUp Gold versions prior to 2023.1.3 Description: The issue concerns an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold, specifically affecting the GetFileWithoutZip method. This vulnerability allows...
CVE-2024-2435 Stored XSS in Timeline View
For an attacker with pre-existing access to send a signal to a workflow, the attacker can make the signal name a script that executes when a victim views that signal. The XSS is in the timeline page displaying the workflow execution details of the workflow that was sent the crafted signal. Access...
progressdevelopments.com.au Cross Site Scripting vulnerability OBB-3896144
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Progress Kemp LoadMaster Command Injection (CVE-2024-1212)
Binary data progresskemploadmasterCVE-2024-1212.nbin...
Progress LoadMaster Detection
Binary data progresskemploadmasterdetect.nbin...
CVE-2024-1856
In Progress® Telerik® Reporting versions prior to 2024 Q1 18.0.24.130, a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability...
CVE-2024-1856 Progress Telerik Reporting Remote Deserialization Vulnerability
In Progress® Telerik® Reporting versions prior to 2024 Q1 18.0.24.130, a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability...
CVE-2024-1856
CVE-2024-1856 affects Progress Telerik Reporting: an ObjectReader deserialization vulnerability in versions prior to 2024 Q1 (18.0.24.130) allows remote code execution. Exploitation conditions vary by advisory (ZDI notes may require authentication and/or user interaction). Remediation is to upgra...