CVE-2016-2056

Related Files

Xymon useradm Command Execution

Posted Jul 12, 2019

Authored by Brendan Coles, Markus Krell | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in Xymon versions before 4.3.25 which allows authenticated users to execute arbitrary operating system commands as the web server user. When adding a new user to the system via the web interface with useradm.sh, the user's username and password are passed to htpasswd in a call to system() without validation. This module has been tested successfully on Xymon version 4.3.10 on Debian 6.

tags | exploit, web, arbitrary

systems | linux, debian

advisories | CVE-2016-2056

SHA-256 | 56921faf23d84d68f64c70045561cd00f989f797c3579b3de87eae4139a3e53c

Download | Favorite | View

Debian Security Advisory 3495-1

Posted Feb 29, 2016

Authored by Debian | Site debian.org

Debian Linux Security Advisory 3495-1 - Markus Krell discovered that xymon, a network and applications monitoring system, was vulnerable to incorrect data handling, incorrect permissions, and various other security issues.

tags | advisory

systems | linux, debian

advisories | CVE-2016-2054, CVE-2016-2055, CVE-2016-2056, CVE-2016-2057, CVE-2016-2058

SHA-256 | 53a0dba24a61cd8d8b2c08030f630e1b8f8ff722b419c80f9a8acbed492ce294

Download | Favorite | View

Xymon 4.3.x Buffer Overflow / Code Execution / Information Disclosure

Posted Feb 15, 2016

Authored by Xymon Software

Xymon 4.3.x versions suffers from buffer overflow, information disclosure, code execution, cross site scripting, and various other vulnerabilities.

tags | exploit, overflow, vulnerability, code execution, xss, info disclosure

advisories | CVE-2016-2054, CVE-2016-2055, CVE-2016-2056, CVE-2016-2057, CVE-2016-2058

SHA-256 | e26ecbaeb5a8840288e97c4167e8412a009bb41ab790f296521530e68cf80840

Download | Favorite | View