Xymon xymond Remote Code Execution (CVE-2016-2056)

A remote code execution vulnerability exists in Xymon xymond. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Xymon useradm Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Xymon useradm Command Execution', 'Description' = %q This module exploits a command injection vulnerability in Xymon versions before 4.3.25 which...

CVE-2016-2056

creationtimestamp| type| source ---|---|--- 2019-07-11 20:35:37+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/xymonuseradmcmdexec.rb 2019-07-12 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/47114 2025-02-06 03:13:42+00:00|...

Xymon useradm Command Execution

This module exploits a command injection vulnerability in Xymon versions before 4.3.25 which allows authenticated users to execute arbitrary operating system commands as the web server user. When adding a new user to the system via the web interface with useradm.sh, the user's username and passwo...

[SECURITY] [DLA 488-1] xymon security update

Package : xymon Version : 4.3.0beta2.dfsg-9.1+deb7u1 CVE ID : CVE-2016-2054 CVE-2016-2055 CVE-2016-2056 CVE-2016-2058 Markus Krell discovered that Xymon formerly known as Hobbit, a network- and applications-monitoring system, was vulnerable to the following security issues: CVE-2016-2054 The...

CVE-2016-2056

xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the addusername argument in 1 web/useradm.c or 2 web/chpasswd.c...

CVE-2016-2056

xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the addusername argument in 1 web/useradm.c or 2 web/chpasswd.c...

CVE-2016-2056

Xymon xymond prior to 4.3.25 is affected by CVE-2016-2056: remote authenticated users can inject shell commands via the adduser_name field in web/useradm.c or web/chpasswd.c, executing arbitrary commands as the web server user. This is a shell command injection vulnerability with potential for fu...

Debian DSA-3495-1 : xymon - security update

Markus Krell discovered that xymon, a network- and applications-monitoring system, was vulnerable to the following security issues : - CVE-2016-2054 The incorrect handling of user-supplied input in the 'config' command can trigger a stack-based buffer overflow, resulting in denial of service via...

[SECURITY] [DSA 3495-1] xymon security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3495-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 29, 2016 https://www.debian.org/security/faq -...

Xymon 4.3.x Buffer Overflow / Code Execution / Information Disclosure

Hi, Multiple security issues have been found in the server component of the Xymon monitoring system. These issues affect all versions of Xymon 4.3.x prior to 4.3.25, as well as the obsolete 4.1.x and 4.2.x versions. All issues have been resolved in Xymon 4.3.25, released on Feb 8 2016. It is...