CVSS: 8.4EPSS: 1%CPEs: 3EXPL: 0CVE-2024-6658 – Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.
https://notcve.org/view.php?id=CVE-2024-6658
12 Sep 2024 — Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.0 (inclusive) From 7.2.49.0 to 7.2.54.11 (inclusive) 7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.11 and all prior versions ECS All prior versions to 7.2.60.0 (inclusive) • https://support.kemptechnologies.com/hc/en-us/articles/28910587250701 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29929
https://notcve.org/view.php?id=CVE-2023-29929
21 Aug 2024 — Buffer Overflow vulnerability found in Kemptechnologies Loadmaster before v.7.2.60.0 allows a remote attacker to casue a denial of service via the libkemplink.so, isreverse library. • https://github.com/YSaxon/CVE-2023-29929 • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41823
https://notcve.org/view.php?id=CVE-2021-41823
01 Jan 2023 — The Web Application Firewall (WAF) in Kemp LoadMaster 7.2.54.1 allows certain uses of onmouseover to bypass an XSS protection mechanism. El firewall de aplicaciones web (WAF) en Kemp LoadMaster 7.2.54.1 permite ciertos usos de onmouseover para evitar un mecanismo de protección XSS. • https://pastebin.com/kpx9Nvbf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2018-9091
https://notcve.org/view.php?id=CVE-2018-9091
25 May 2018 — A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and Long Term Support (LTS) LMOS before 7.1.35.5 related to Session Management could allow an unauthenticated, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, etc., thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information ma... • https://support.kemptechnologies.com/hc/en-us/articles/360001982452-Mitigation-for-Remote-Access-Execution-Vulnerability •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 2CVE-2017-15524 – Kemp Load Balancer WAF 7.2.40 Bypass
https://notcve.org/view.php?id=CVE-2017-15524
15 Dec 2017 — The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request. El componente Application Firewall Pack (AFP, también conocido como Web Application Firewall) en los dispositivos Kemp Load Balancer con versiones de software anteriores a la 7.2.40.1 permite que se omita la característica de seguridad mediante una petición HTTP POST. Kemp load balancers with AFP WAF functionality v... • https://packetstorm.news/files/id/145433 •
CVSS: 8.8EPSS: 13%CPEs: 1EXPL: 3CVE-2014-5287 – Kemp Load Master 7.1.16 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-5287
03 Apr 2015 — A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI). Existe una vulnerabilidad de inyección de script Bash en Kemp Load Master versión 7.1-16 y anteriores, debido a un fallo en el saneamiento de la entrada en la Interfaz de Usuario Web (WUI). Kemp Load Master version 7.1-16 suffers from code execution, cross site request forgery, cross site scripting, and denial of service vulnerabilities. • https://packetstorm.news/files/id/131284 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2014-5288 – Kemp Load Master 7.1.16 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-5288
03 Apr 2015 — A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via unspecified vectors in administrative pages. Se presenta una vulnerabilidad CSRF en Kemp Load Master versiones anteriores a 7.0-18a por medio de vectores no especificados en páginas administrativas. Kemp Load Master version 7.1-16 suffers from code execution, cross site request forgery, cross site scripting, and denial of service vulnerabilities. • https://packetstorm.news/files/id/131284 • CWE-352: Cross-Site Request Forgery (CSRF) •