Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2011-0751

Published: 16/03/2011 Updated: 09/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 756
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Nostromo

Vulnerability Summary

Directory traversal vulnerability in nhttpd (aka Nostromo webserver) prior to 1.9.4 allows remote malicious users to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in a URI.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

nazgul nostromo

nazgul nostromo 1.8.5

nazgul nostromo 1.8.4

nazgul nostromo 1.7.7

nazgul nostromo 1.7.6

nazgul nostromo 1.6

nazgul nostromo 1.5.1

nazgul nostromo 1.8.7

nazgul nostromo 1.8.6

nazgul nostromo 1.7.9

nazgul nostromo 1.7.8

nazgul nostromo 1.7.1

nazgul nostromo 1.7

nazgul nostromo 1.0

nazgul nostromo 0.9

nazgul nostromo 0.2

nazgul nostromo 0.1

nazgul nostromo 1.9.2

nazgul nostromo 1.9.1

nazgul nostromo 1.8.3

nazgul nostromo 1.8.2

nazgul nostromo 1.7.5

nazgul nostromo 1.7.4

nazgul nostromo 1.5

nazgul nostromo 1.4

nazgul nostromo 0.6

nazgul nostromo 0.5

nazgul nostromo 0.8

nazgul nostromo 0.7

nazgul nostromo 1.9

nazgul nostromo 1.8.9

nazgul nostromo 1.8.8

nazgul nostromo 1.8.1

nazgul nostromo 1.8

nazgul nostromo 1.7.3

nazgul nostromo 1.7.2

nazgul nostromo 1.3

nazgul nostromo 1.2

nazgul nostromo 1.1

nazgul nostromo 0.4

nazgul nostromo 0.3

Exploits

Exploit DB: nostromo nhttpd 1.9.3 - Directory Traversal Remote Command Execution
source: wwwsecurityfocuscom/bid/46880/info nostromo nhttpd is prone to a remote command-execution vulnerability because it fails to properly validate user-supplied data An attacker can exploit this issue to access arbitrary files and execute arbitrary commands with application-level privileges nostromo versions prior to 194 are affe ...
Exploit DB: Nostromo 1.9.3 Directory Traversal
Nostromo (nhttpd) versions 193 and below suffer from a directory traversal vulnerability ...

Github Repositories

https://github.com/NHPT/CVE-2019-16278

CVE-2019-16278:Nostromo Web服务器的RCE漏洞

CVE-2019-16278 Nostromo Web服务器的远程命令执行漏洞利用脚本 简介 因目录穿越而造成的远程命令执行漏洞,同CVE-2011-0751一样可以,过滤不严谨导致可以使用%0d进行绕过。 影响范围 nostromo <= 196

https://github.com/jas502n/CVE-2019-16278

Directory transversal to remote code execution

Exploits for CVE-2019-16278 and CVE-2019-16279 Nostromo httpd is prone to 2 cricital vulnerabilities for versions <= 196 (0day =]) first one is an RCE through directory transversal, second one is a DoS CVE-2019-16278 - Directory transversal to remote code execution POST /%0d/%0d/%0d/%0d/bin/sh HTTP/10 Connection: close User-Agent: Mozilla/50 (Windows NT 1

References

CWE-22http://www.redteam-pentesting.de/advisories/rt-sa-2011-001http://www.nazgul.ch/dev_nostromo.htmlhttp://secunia.com/advisories/43775http://www.vupen.com/english/advisories/2011/0674http://www.securityfocus.com/bid/46880http://osvdb.org/71235http://securityreason.com/securityalert/8140https://exchange.xforce.ibmcloud.com/vulnerabilities/66103http://www.securityfocus.com/archive/1/517026/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/35466/https://github.com/NHPT/CVE-2019-16278
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651CVE-2024-34255elevation of privilegeCVE-2024-25529CVE-2024-4671NULL pointer dereferenceCVE-2024-25527template injectionCVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook