For instance, the location /usr/local/nagvis/share/ is writable and publicly accessible. By requesting magpie_debug.php with a crafted value specified in the HTTP GET 'url' parameter, the vulnerable component can be exploited to write arbitrary data to a location on disk that is writable by the 'apache' user. ![]() This library contains a custom version of the Snoopy component which allows a remote, unauthenticated attacker to inject arbitrary arguments into a "curl" command. CVE-2018-15708: Magpie_debug.php Unauthenticated RCE via Command Argument InjectionĪ critical vulnerability exists in the MagpieRSS library. ![]() ![]() Tenable has discovered multiple vulnerabilities in Nagios XI 5.5.6.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |