Rhino Security Labs

Strategic & Technical Blog

CVE-2024-1212:
Unauthenticated Command Injection
In Progress Kemp LoadMaster

David Yesland
March 19, 2024

While researching the Progress Kemp LoadMaster load balancer we discovered an unauthenticated command injection in the administrator web interface of the appliance. This allowed full compromise of the LoadMaster if you could reach the…

CVE-2024-23724:
Ghost CMS Stored XSS Leading to Owner Takeover

Silverpeas App: Multiple CVEs leading to File Read on Server

Multiple Vulnerabilities In Extreme Networks ExtremeXOS

David Yesland

During an external network pentest, we came across a switch administration interface running ExtremeNetworks’ Extreme Operating System (EXOS). This is a network operating system designed to manage ExtremeNetworks’ wide range of…