Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
canvasImmunity CanvasNAGIOS_PING
HistoryJul 01, 2009 - 1:00 p.m.

Immunity Canvas: NAGIOS_PING

2009-07-0113:00:00
Immunity Canvas
exploitlist.immunityinc.com
32

0.97 High

EPSS

Percentile

99.7%

JSON
Name nagios_ping
CVE CVE-2009-2288 Exploit Pack
VENDOR: http://www.nagios.org/
CVEUrl: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2288
Notes: statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters. The actual .cgi file scrubs a lot of characters that would make this attack slightly easier, so wget or curl are used to download a trojan onto the target machine. If either of those two commands are not avaliable on the target machine then this exploit will fail.
Repeatability: Infinite
CVSS: 7.5

Related

nessus 9
ubuntucve 1
dsquare 1
debian 1
openvas 17
saint 4
securityvulns 4
prion 1
cve 1
cvelist 1
freebsd 1
packetstorm 1
checkpoint_advisories 1
nvd 1
ubuntu 1
gentoo 1
nessus
nessus
SuSE 10 Security Update : nagios (ZYPP Patch Number 6356)
2009-09-24 00:00:00
Ubuntu 8.04 LTS / 8.10 / 9.04 : nagios2, nagios3 vulnerability (USN-795-1)
2009-07-03 00:00:00
openSUSE Security Update : nagios (nagios-1102)
2009-07-31 00:00:00
ubuntucve
ubuntucve
CVE-2009-2288
2009-07-01 00:00:00
dsquare
dsquare
Nagios 3.1.0 RCE
2012-01-30 00:00:00
debian
debian
[SECURITY] [DSA 1825-1] New nagios2/nagios3 packages fix arbitrary code execution
2009-07-03 15:46:14
openvas
openvas
SLES11: Security update for nagios
2009-10-11 00:00:00
Nagios 'statuswml.cgi' Remote Arbitrary Shell Command Injection Vulnerability
2009-07-08 00:00:00
SLES10: Security update for nagios
2009-10-13 00:00:00
saint
saint
Nagios statuswml.cgi Command Injection
2010-04-13 00:00:00
Nagios statuswml.cgi Command Injection
2010-04-13 00:00:00
Nagios statuswml.cgi Command Injection
2010-04-13 00:00:00
securityvulns
securityvulns
[USN-795-1] Nagios vulnerability
2009-07-03 00:00:00
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2009-07-03 00:00:00
[security bulletin] HPSBMA02513 SSRT090110 rev.1 - Insight Control for Linux (IC-Linux) Remote Execution of Arbitrary Code, Local Unauthorized Elevation of Privilege
2010-03-31 00:00:00
prion
prion
Code injection
2009-07-01 13:00:00
cve
cve
CVE-2009-2288
2009-07-01 13:00:01
cvelist
cvelist
CVE-2009-2288
2009-07-01 12:26:00
freebsd
freebsd
nagios -- Command Injection Vulnerability
2009-05-29 00:00:00
packetstorm
packetstorm
Nagios3 statuswml.cgi Ping Command Execution
2009-10-30 00:00:00
checkpoint_advisories
checkpoint_advisories
Nagios statuswml.cgi Command Execution (CVE-2009-2288)
2013-12-02 00:00:00
nvd
nvd
CVE-2009-2288
2009-07-01 13:00:01
ubuntu
ubuntu
Nagios vulnerability
2009-07-02 00:00:00
gentoo
gentoo
Nagios: Execution of arbitrary code
2009-07-19 00:00:00

0.97 High

EPSS

Percentile

99.7%

JSON
Related for NAGIOS_PING
nessus9ubuntucve1dsquare1debian1openvas17saint4securityvulns4prion1cve1cvelist1freebsd1packetstorm1checkpoint_advisories1nvd1ubuntu1gentoo1