8 matches found
Exploit for OS Command Injection in Nagios Nagios_Xi
Nagios-CVE-2019-15949-RCE-Poc a python PoC for the CVE-2019-15...
CVE-2019-15949
Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile profile.php?cmd=download, is executed as root via a...
📄 Nagios Xi 5.6.6 Remote Code Execution
Nagios Xi version 5.6.6 proof of concept authenticated remote code execution exploit. Exploit Title: Nagiosxi authenticated Remote Code Execution Date: 17/02/2024 Exploit Author: Calil Khalil Vendor Homepage: https://www.nagios.com/products/nagios-xi/ Version: Nagios Xi 5.6.6 Tested on: Ubuntu CV...
Nagios Xi 5.6.6 - Authenticated Remote Code Execution (RCE)
Exploit Title: Nagiosxi authenticated Remote Code Execution Date: 17/02/2024 Exploit Author: Calil Khalil Vendor Homepage: https://www.nagios.com/products/nagios-xi/ Version: Nagios Xi 5.6.6 Tested on: Ubuntu CVE : CVE-2019-15949 python3 exp.py -t https:/// -b // -u user -p 'password' -lh -lp -k...
VulnCheck KEV: CVE-2019-15949
Nagios XI contains a remote code execution vulnerability in which a user can modify the checkplugin executable and insert malicious commands to execute as root...
Nagios XI getprofile.sh Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI Prior to 5.6.6 getprofile.sh Authenticated Remote Command Execution', 'Description' = %q This module exploits a vulnerability in the...
CVE-2019-15949
creationtimestamp| type| source ---|---|--- 2020-03-10 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/48191 2021-03-26 23:19:21+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/nagiosxiscanner.rb 2021-04-14 00:06:12+00:00| seen...
CVE-2019-15949
Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile profile.php?cmd=download, is executed as root via a...