CVE-2018-9091
https://notcve.org/view.php?id=CVE-2018-9091
A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and Long Term Support (LTS) LMOS before 7.1.35.5 related to Session Management could allow an unauthenticated, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, etc., thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible. Una vulnerabilidad crítica relacionada con la gestión de sesiones en KEMP LoadMaster Operating System (LMOS), de la versión 6.0.44 hasta la 7.2.41.2, y Long Term Support (LTS) LMOS, en versiones anteriores a la 7.1.35.5, podría permitir que un atacante remoto no autenticado omita las protecciones de seguridad, obtenga privilegios del sistema y ejecute comandos elevados como ls, ps, cat, etc., comprometiendo el sistema. Mediante esta ejecución remota, en ciertos casos, podrían exponerse datos sensibles del sistema como certificados, claves privadas u otro tipo de información. • https://support.kemptechnologies.com/hc/en-us/articles/360001982452-Mitigation-for-Remote-Access-Execution-Vulnerability •
CVE-2014-5287 – Kemp Load Master 7.1.16 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-5287
A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI). Existe una vulnerabilidad de inyección de script Bash en Kemp Load Master versión 7.1-16 y anteriores, debido a un fallo en el saneamiento de la entrada en la Interfaz de Usuario Web (WUI). Kemp Load Master version 7.1-16 suffers from code execution, cross site request forgery, cross site scripting, and denial of service vulnerabilities. • https://www.exploit-db.com/exploits/36609 http://packetstormsecurity.com/files/131284/Kemp-Load-Master-7.1-16-CSRF-XSS-DoS-Code-Execution.html https://www.fxc.jp/news/Product_Overview-LoadMaster_Release_Notes.pdf • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •