Lucene search
K

12 matches found

Check Point Advisories
Check Point Advisories
added 2021/11/28 12:0 a.m.52 views

LibreNMS addhost Command Injection (CVE-2018-20434)

A command injection vulnerability exists in LibreNMS. This vulnerability is due to incorrect parsing of the community HTTP header. A remote attacker can exploit this vulnerability by sending a crafted HTTP request to the target server...

10CVSS9.2AI score0.71487EPSS
Exploits9
0day.today
0day.today
added 2019/06/30 12:0 a.m.171 views

LibreNMS 1.46 - addhost Remote Code Execution Exploit

Exploit for php platform in category web applications !/usr/bin/python ''' Exploit Title: LibreNMS v1.46 authenticated Remote Code Execution Date: 24/12/2018 Exploit Author: Askar @mohammadaskar2 CVE : CVE-2018-20434 Vendor Homepage: https://www.librenms.org/ Version: v1.46 Tested on: Ubuntu 18.0...

10CVSS0.71487EPSS
Exploits9
exploitpack
exploitpack
added 2019/06/28 12:0 a.m.72 views

LibreNMS 1.46 - addhost Remote Code Execution

LibreNMS 1.46 - addhost Remote Code Execution !/usr/bin/python ''' Exploit Title: LibreNMS v1.46 authenticated Remote Code Execution Date: 24/12/2018 Exploit Author: Askar @mohammadaskar2 CVE : CVE-2018-20434 Vendor Homepage: https://www.librenms.org/ Version: v1.46 Tested on: Ubuntu 18.04 / PHP...

10CVSS0.1AI score0.71487EPSS
Exploits9
Packet Storm
Packet Storm
added 2019/06/28 12:0 a.m.68 views

LibreNMS 1.46 addhost Remote Code Execution

!/usr/bin/python ''' Exploit Title: LibreNMS v1.46 authenticated Remote Code Execution Date: 24/12/2018 Exploit Author: Askar @mohammadaskar2 CVE : CVE-2018-20434 Vendor Homepage: https://www.librenms.org/ Version: v1.46 Tested on: Ubuntu 18.04 / PHP 7.2.10 ''' import requests from urllib import...

10CVSS0.1AI score0.71487EPSS
Exploits9
Exploit DB
Exploit DB
added 2019/06/28 12:0 a.m.684 views

LibreNMS 1.46 - 'addhost' Remote Code Execution

!/usr/bin/python ''' Exploit Title: LibreNMS v1.46 authenticated Remote Code Execution Date: 24/12/2018 Exploit Author: Askar @mohammadaskar2 CVE : CVE-2018-20434 Vendor Homepage: https://www.librenms.org/ Version: v1.46 Tested on: Ubuntu 18.04 / PHP 7.2.10 ''' import requests from urllib import...

10CVSS9.8AI score0.71487EPSS
Exploits9
0day.today
0day.today
added 2019/06/05 12:0 a.m.132 views

LibreNMS - addhost Command Injection Exploit

This Metasploit module exploits a command injection vulnerability in the open source network management software known as LibreNMS. The community parameter used in a POST request to the addhost functionality is unsanitized. This parameter is later used as part of a shell command that gets passed ...

10CVSS0.8AI score0.71487EPSS
Exploits9
Exploit DB
Exploit DB
added 2019/06/05 12:0 a.m.451 views

LibreNMS - addhost Command Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LibreNMS addhost Command Injection', 'Description' = %q This module exploits a command injection vulnerability in the open source network...

10CVSS9.5AI score0.71487EPSS
Exploits9
Circl
Circl
added 2019/06/04 5:58 p.m.31 views

CVE-2018-20434

creationtimestamp| type| source ---|---|--- 2019-06-04 17:58:45+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/librenmsaddhostcmdinject.rb 2019-06-05 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/46970 2019-06-28 00:00:00+00:00...

10CVSS8.6AI score0.71487EPSS
Exploits9References3
Packet Storm
Packet Storm
added 2019/06/04 12:0 a.m.184 views

LibreNMS addhost Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LibreNMS addhost Command Injection', 'Description' = %q This module exploits a command injection vulnerability in the open source network...

10CVSS0.4AI score0.71487EPSS
Exploits9
Metasploit
Metasploit
added 2019/05/29 11:30 p.m.36 views

LibreNMS addhost Command Injection

This module exploits a command injection vulnerability in the open source network management software known as LibreNMS. The community parameter used in a POST request to the addhost functionality is unsanitized. This parameter is later used as part of a shell command that gets passed to the pope...

9.8CVSS9.9AI score0.71487EPSS
Exploits9
CVE
CVE
added 2019/04/24 8:5 p.m.171 views

CVE-2018-20434

LibreNMS 1.46 is affected by CVE-2018-20434. The vulnerability allows remote command execution via the POST parameter $_POST['community'] used in html/pages/addhost.inc.php during device creation. A subsequent request to /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost tri...

10CVSS9.7AI score0.71487EPSS
Exploits9References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2019/04/24 12:0 a.m.24 views

CVE-2018-20434 - LibreNMS Addhost Command Injection

LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $POST'community' parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajaxoutput.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers...

10CVSS0.8AI score0.71487EPSS
Exploits9References2
Rows per page
Query Builder