CVE-2024-1212 – LoadMaster Pre-Authenticated OS Command Injection
https://notcve.org/view.php?id=CVE-2024-1212
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. Los atacantes remotos no autenticados pueden acceder al sistema a través de la interfaz de administración de LoadMaster, lo que permite la ejecución arbitraria de comandos del sistema. • https://github.com/Chocapikk/CVE-2024-1212 https://github.com/MuhammadWaseem29/CVE-2024-1212 https://freeloadbalancer.com https://kemptechnologies.com https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212 https://support.kemptechnologies.com/hc/en-us/articles/24325072850573-Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212 https://rhinosecuritylabs.com/research/cve-2024-1212unauthenticated-command-injection-in-progress-kemp-loadmaster h • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2014-5287 – Kemp Load Master 7.1.16 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-5287
A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI). Existe una vulnerabilidad de inyección de script Bash en Kemp Load Master versión 7.1-16 y anteriores, debido a un fallo en el saneamiento de la entrada en la Interfaz de Usuario Web (WUI). Kemp Load Master version 7.1-16 suffers from code execution, cross site request forgery, cross site scripting, and denial of service vulnerabilities. • https://www.exploit-db.com/exploits/36609 http://packetstormsecurity.com/files/131284/Kemp-Load-Master-7.1-16-CSRF-XSS-DoS-Code-Execution.html https://www.fxc.jp/news/Product_Overview-LoadMaster_Release_Notes.pdf • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •