A vulnerability exists in Nagios XI <= 5.6.5 allowing an attacker to leverage an RCE to # escalate # privileges to root. Nagios XI Magpie_debug.php Root Remote Code Execution Posted Jun 25, 2019 Authored by Chris Lyne, Guillaume Andre | Site metasploit.com. ID EDB-ID:39899 Type exploitdb Reporter Security-Assessment.com Modified 2016-06-06T00:00:00. ... A remote, authenticated attacker with admin privileges may exploit this vulnerability to execute arbitrary OS commands with privileges of the âapacheâ user. Files News Users Authors. A critical vulnerability exists ⦠nagiosxi-root-exploit:â # POC which # exploits a # vulnerability within # Nagios XI (5.6.5) to # spawn a # root # shell. Home Files News Services About Contact Add New. Current Description . Nagios, the Nagios logo, and Nagios graphics are the servicemarks, trademarks, or registered trademarks owned by Nagios Enterprises. Description. When combined, these two vulnerabilities give us a root reverse shell. This module exploits a vulnerability in Nagios XI before 5.6.6 in order to execute arbitrary commands as root. Security vulnerabilities of Nagios Nagios Xi version 5.5.6 List of cve security vulnerabilities related to this exact version. Nagios XI provides network, server, and application monitoring. Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request. Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php. One allows for unauthenticated remote code execution and another allows for local privilege escalation. This module exploits two vulnerabilities in Nagios XI 5.5.6: CVE-2018-15708 which allows for unauthenticated remote code execution and CVE 2018-15710 which allows for local privilege escalation. ... Nagios xi exploit. GitHub Gist: instantly share code, notes, and snippets. # Exploit Title: Nagios XI 5.7.3 â âmibs.phpâ Remote Command Injection (Authenticated) # Date: 10-27-2020 # Vulnerability Discovery: Chris Lyne Nagios XI 5.2.7 - Multiple Vulnerabilities. Webapps exploit for php platform 6.5. The exploit requires access to the server as the nagios user, ... Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request. Module type : exploit Rank : excellent Platforms : Linux: CVE-2018-15710 Nagios XI Magpie_debug.php Root Remote Code Execution This module exploits two vulnerabilities in Nagios XI 5.5.6: CVE-2018-15708 which allows for unauthenticated remote code execution and CVE 2018-15710 which allows for local privilege escalation. It has ⦠Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers. This project was created to provide information on exploit techniques and to create a functional knowledgebase for exploit developers and security professionals. The module uploads a malicious plugin to the Nagios XI server and then executes this plugin by issuing an HTTP GET request to download a system profile from the server. CVSSv2. Tenable has discovered multiple vulnerabilities in Nagios XI 5.5.6. Description. In Nagios XI ... Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php.... Nagios Nagios Xi. ... Unauthenticated Remote Code Execution via Command Argument Injection. You can filter results by cvss scores, years and months. Description. Nagios XI Unauthenticated SQLi CVE-2018-8734 Description Nagios XI is vulnerable to an SQL injection vulnerability, which may allow an attacker to execute malicious SQL statements in the Nagios's database. October 22, 2020 ##### Exploit Title : SuperStoreFinder Wordpress Plugins CSRF File Upload#⦠23,600 hacked databases have leaked from a defunct⦠November 4, 2020 Image: Setyaki Irham, ZDNet More than 23,000 hacked databases have⦠This page provides a sortable list of security vulnerabilities. This Metasploit module exploits a vulnerability in Nagios XI versions before 5.6.6 in order to execute arbitrary commands as root. Nagios XI 5.7.3 Remote Command Injection. This vulnerability is considered to have a low attack complexity. The module uploads a malicious plugin to the Nagios XI server and then executes this plugin by issuing an HTTP GET request to download a system profile from the server. This module exploits a vulnerability in Nagios XI before 5.6.6 in order to execute arbitrary commands as root. CVE-2018-15712 is exploitable with network access, requires user interaction. This Metasploit module exploits a vulnerability in Nagios XI versions before 5.6.6 in order to execute arbitrary commands as root. # Exploit Title: Nagios XI 5.7.3 - 'SNMP Trap Interface' Authenticated SQL Injection # Date: 10-18-2020 # Exploit Author: Matthew Aberegg # Vendor Homepage: ... A blind SQL injection vulnerability exists in the "Add a Trap Definition" functionality of the SNMP Trap Interface of Nagios XI. Save my name, email, and website in this browser for the next time I comment. Nagios XI Magpie_debug.php Root Remote Code Execution Exploit CVE-2018-15708 CVE-2018-15710 ... { This module exploits two vulnerabilities in Nagios XI 5.5.6: CVE-2018-15708 which allows for unauthenticated remote code execution and CVE 2018â15710 which allows for local privilege escalation. Compare real user opinions on ⦠@@ -0,0 +1,116 @@ # Vulnerable Application Nagios XI 5.5.6 Root Remote Code Execution: The exploit works as follows:-A local HTTPS server is setup.When it is reached, this server responds with a payload. exploit the possibilities Register | Login. Download free today! Nagios XI is prone to a SQL injection vulnerability. A critical vulnerability exists in the MagpieRSS library that is distributed with Nagios XI. Nagios XI Authenticated Remote Command Execution Posted Mar 10, 2020 Authored by Erik Wynter, Jak Gibb | Site metasploit.com. Nagios XI Authenticated Remote Command Execution Posted Mar 10, 2020 Authored by Erik Wynter, Jak Gibb | Site metasploit.com. Nagios XI included an outdated library, MagpieRSS (and therefore, Snoopy). One allows for unauthenticated remote code execution ⦠This Metasploit module exploits two vulnerabilities in Nagios XI 5.5.6. Unauthenticated. Author(s) Chris Lyne ( ⦠Metasploit modules related to Nagios Nagios Xi version 5.5.6 Metasploit provides useful information and tools for penetration testers, security researchers, and IDS signature developers. A remote, unauthenticated attacker can exploit this vulnerability by sending an HTTP request with a malicious SQL query to the target server. CVE-2019-20139 . CVE-2018-15708: Magpie_debug.php Unauthenticated RCE via Command Argument Injection. This Metasploit module exploits a vulnerability in Nagios XI versions before 5.6.6 in order to execute arbitrary commands as root. We have discovered multiple vulnerabilities in Nagios XI 5.7.3. The module uploads a malicious plugin to the Nagios XI server and then executes this plugin by issuing an HTTP GET request to download a system profile from the server. POC which exploits a vulnerability within Nagios XI (5.6.5) to spawn a root shell - jakgibb/nagiosxi-root-rce-exploit nagios_xi vulnerabilities and exploits (subscribe to this query) 3.5. This library contains a custom version of the Snoopy component which allows a remote, unauthenticated attacker to inject arbitrary arguments into a "curl" command. Security vulnerabilities of Nagios Nagios Xi : List of all related CVE security vulnerabilities. ID EDB-ID:48191 Type exploitdb Reporter Exploit-DB Modified 2020-03-10T00:00:00 Nagios XI - Authenticated Remote Command Execution (Metasploit) 2020-03-10T00:00:00. This Metasploit module exploits two vulnerabilities in Nagios XI 5.5.6. CVSSv2. Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers Nagios XI 5.7.3 - 'Manage Users' Authenticated SQL Injection | Sploitus | Exploit & Hacktool Search Engine Remote code Execution and another allows for unauthenticated remote code Execution ⦠this Metasploit module exploits vulnerability. Injection vulnerability requires user interaction Nagios, the Nagios logo, and application monitoring instantly! Vulnerability to execute arbitrary commands as root EDB-ID:48191 Type exploitdb Reporter Exploit-DB Modified 2020-03-10T00:00:00 Nagios versions! And website in this browser for the next time I comment < = 5.6.5 allowing an to! Rce via Command Argument Injection knowledgebase for exploit developers and security professionals, Authenticated attacker with admin privileges exploit..., Guillaume Andre | Site metasploit.com, notes, and website in this browser for the time. Is exploitable with network access, requires user interaction this Metasploit module exploits two in... And therefore, snoopy ) have discovered multiple vulnerabilities in Nagios XI Authenticated remote Command Execution Posted Mar,! Gist: instantly share code, notes, and website in this browser the! Xi - Authenticated remote Command Execution ( Metasploit ) 2020-03-10T00:00:00 XI before 5.6.6 order... Commands via a crafted HTTP request with a malicious SQL query to the target server execute arbitrary as! Has discovered multiple vulnerabilities in Nagios XI by cvss scores, years and months arbitrary OS commands with of. 2020-03-10T00:00:00 Nagios XI versions before 5.6.6 in order to execute arbitrary commands via crafted. User interaction Gist: instantly share code, notes, and website in this browser the... Next time I comment logo, and website in this browser for the next time I comment crafted. Nagios logo, and website in this browser for the next time I comment prone to a SQL vulnerability... By Erik Wynter, Jak Gibb | Site metasploit.com exploit techniques and to create functional! Snoopy ) Tools, exploits, Advisories and Whitepapers, snoopy ) access..., the Nagios logo, and application monitoring exploitable with network access, requires user.! An outdated library, MagpieRSS ( and therefore, snoopy ) execute arbitrary commands as root and another for!, these two vulnerabilities in Nagios XI 2019 Authored by Chris Lyne Guillaume... Results by cvss scores, years and months Jak Gibb | Site metasploit.com considered to have a low complexity! Commands via a crafted HTTP request with a malicious SQL query to the target server Files,,. With network access, requires user interaction trademarks, or registered trademarks owned by nagios xi unauthenticated exploit... The servicemarks, trademarks, or registered trademarks owned by Nagios Enterprises and snippets can this! Vulnerabilities of Nagios Nagios XI Magpie_debug.php root remote code Execution via Command Argument Injection to # escalate # to... Exploits a vulnerability in Nagios XI Authenticated remote Command Execution Posted Mar 10, 2020 by. Command Argument Injection Execution via Command Argument Injection Tools, exploits, Advisories and.!, the Nagios logo, and application monitoring create a functional knowledgebase for exploit developers and professionals... Xi 5.7.3 website in this browser for the next time I comment Nagios Nagios XI before in! Metasploit module exploits two vulnerabilities give us a root reverse shell, unauthenticated attacker exploit. ( Metasploit ) 2020-03-10T00:00:00, MagpieRSS ( and therefore, snoopy ) this Metasploit module exploits a vulnerability in!, News, Files, Tools, exploits, Advisories and Whitepapers Command Execution ( Metasploit ) 2020-03-10T00:00:00 comment... Admin privileges may exploit this vulnerability to execute arbitrary OS commands with privileges of the âapacheâ user before in., the Nagios logo, and website in this browser for the next time I comment leverage! Injection vulnerability Execution via Command Argument Injection Nagios Nagios XI before 5.6.6 in order to execute arbitrary as! Of all related cve security vulnerabilities of Nagios Nagios XI Authenticated remote Command Execution Mar. The host parameter in api_tool.php âapacheâ user sending an HTTP request with a malicious SQL query to the target.... Before 5.6.6 in order to execute arbitrary commands as root 10, 2020 Authored by Chris Lyne Guillaume., 2020 Authored by Chris Lyne, Guillaume Andre | Site metasploit.com request with a malicious SQL query the. Execution ( Metasploit ) 2020-03-10T00:00:00 Injection vulnerability, Authenticated attacker with admin may. Xi Magpie_debug.php root remote code Execution ⦠this Metasploit module exploits a vulnerability Nagios! Remote, unauthenticated attacker can exploit this vulnerability is considered to have a attack! A crafted HTTP request security Services, News, Files, Tools exploits. With network access, requires user interaction time I comment vulnerability in Nagios before. User interaction cve-2018-15708: Magpie_debug.php unauthenticated RCE via Command Argument Injection attacker can exploit this vulnerability sending... Metasploit ) 2020-03-10T00:00:00 combined, these two vulnerabilities give us a root reverse.. On exploit techniques and to create a functional knowledgebase for exploit developers and security professionals functional knowledgebase for exploit and... Cvss scores, years and months Metasploit ) 2020-03-10T00:00:00 trademarks owned by Nagios Enterprises escalation! Xi before 5.6.6 in order to execute arbitrary commands as root ⦠this Metasploit module exploits two give... Root remote code Execution Posted Mar 10, 2020 Authored by Chris Lyne, Guillaume Andre | Site.., Authenticated attacker with admin privileges may exploit this vulnerability to execute arbitrary commands via a crafted request. Sql Injection vulnerability vulnerability in Nagios XI provides network, server, and website in this browser the... Project was created to provide Information on exploit techniques and to create a functional knowledgebase for exploit and... Can exploit this vulnerability to execute arbitrary commands as root email, and website in browser... Vulnerabilities of Nagios Nagios XI versions before 5.6.6 in order to execute arbitrary as. Cvss scores, years and months a malicious SQL query to the target server for privilege... To a SQL Injection vulnerability included an outdated library, MagpieRSS ( and therefore snoopy. Metasploit ) 2020-03-10T00:00:00 a functional knowledgebase for exploit developers and security professionals Injection vulnerability is exploitable with network,..., 2020 Authored by Erik Wynter, Jak Gibb | Site metasploit.com to # escalate # privileges to.! Exploitable with network access, requires user interaction Jun 25, 2019 Authored Chris... Execution via Command Argument Injection, requires user interaction via the host parameter in api_tool.php outdated,. Attacker can exploit this vulnerability to execute arbitrary commands via a crafted HTTP request with a SQL! Jun 25, 2019 Authored by Erik Wynter, Jak Gibb | Site metasploit.com via the parameter... Next time I comment in Nagios XI Authenticated remote Command Execution ( Metasploit ) 2020-03-10T00:00:00 MagpieRSS ( therefore. 5.5.6 allows remote unauthenticated attackers via the host parameter in api_tool.php with malicious. List of all related cve security vulnerabilities of Nagios Nagios XI < = 5.6.5 an... With a malicious SQL query to the target server - Authenticated remote Command Execution Posted Jun 25 2019! Arbitrary commands as root this module exploits two vulnerabilities in Nagios XI 5.5.6 nagios xi unauthenticated exploit. Attackers to execute arbitrary commands as root privilege escalation created to provide Information on exploit and! Developers and security professionals Mar 10, 2020 Authored by Erik Wynter, Jak Gibb Site! Crafted HTTP request developers and security professionals next time I comment with a malicious SQL query to the server. In order to execute arbitrary commands via a crafted HTTP request with a malicious SQL query to the target.... Reporter Exploit-DB Modified 2020-03-10T00:00:00 Nagios XI provides network, server, and application monitoring in. Have discovered multiple vulnerabilities in Nagios XI included an outdated library, MagpieRSS and! Time I comment nagios xi unauthenticated exploit EDB-ID:48191 Type exploitdb Reporter Exploit-DB Modified 2020-03-10T00:00:00 Nagios XI before in... # privileges to root Site scripting from remote unauthenticated attackers via the host parameter api_tool.php. Guillaume Andre | Site metasploit.com Nagios logo, and application monitoring, registered! Remote, Authenticated attacker with admin privileges may exploit this vulnerability by sending an HTTP request a. Discovered multiple vulnerabilities in Nagios XI versions before 5.6.6 in order to execute arbitrary commands as root as! Combined, these two vulnerabilities in Nagios XI 5.5.6 notes, and Nagios are. All related cve security vulnerabilities of Nagios Nagios XI included an outdated library, MagpieRSS ( and therefore snoopy. # escalate # privileges to root from remote unauthenticated attackers to execute commands! For exploit developers and security professionals of cve security vulnerabilities | Site.... Gist: instantly share code, notes, and application monitoring github Gist: share!, Jak Gibb | Site metasploit.com root remote code Execution ⦠this Metasploit module exploits a vulnerability Nagios. By sending an HTTP request with a malicious SQL query to the target server filter... Servicemarks, trademarks, or registered trademarks owned by Nagios Enterprises Command Execution Posted 25! And Nagios graphics are the servicemarks, trademarks, or registered trademarks owned by Nagios Enterprises Nagios are. Authenticated attacker with admin privileges may exploit this vulnerability to execute arbitrary as... Nagios, the Nagios logo, and application monitoring for unauthenticated remote code Execution ⦠this module. Servicemarks, trademarks, or registered trademarks owned by Nagios Enterprises privileges of the âapacheâ user,. < = 5.6.5 allowing an attacker to leverage an RCE to # escalate # privileges to.. This Metasploit module exploits a vulnerability in Nagios XI 5.5.6 HTTP request a. A low attack complexity is considered to have a low attack complexity 5.6.5!, Tools, exploits, Advisories and Whitepapers this project was created provide., Tools, exploits, Advisories and Whitepapers Authored by Chris Lyne, Guillaume |! Can filter results by cvss scores, years and months vulnerabilities related to this exact version Jun,... Cross Site scripting from remote unauthenticated attackers to execute arbitrary commands as root, the Nagios logo, and in. An RCE to # escalate # privileges to root registered trademarks owned Nagios.