Nostromo nhttpd contains a directory traversal vulnerability in the http_verify() function in a non-chrooted nhttpd server allowing for remote code execution.
PoC: CVE-2019-16278
Directory transversal to remote code execution
PoC: CVE-2019-16278-PoC
CVE-2019-16728 Proof of Concept
PoC: CVE-2019-16278-Nostromo_1.9.6-RCE
Python script to exploit RCE in Nostromo nhttpd <= 1.9.6.
PoC: CVE-2019-16278
A quick python exploit for the Nostromo 1.9.6 remote code execution vulnerability. Simply takes a host and port that the web server is running on.
PoC: CVE-2019-16278
CVE-2019-16278Nostromo httpd命令执行
PoC: CVE-2019-16278
Remote Code Execution exploit for Nostromo nhttpd ≤ 1.9.6. Exploits directory traversal vulnerability using URL-encoded CRLF characters to execute arbitrary commands
PoC: CVE-2019-16278
CVE-2019-16278:Nostromo Web服务器的RCE漏洞
PoC: cve-2019-16278
(Nhttpd) Nostromo 1.9.6 RCE due to Directory Traversal
PoC: CVE-2019-16278_Nostromo-1.9.6---Remote-Code-Execution
An unauthenticated attacker can force server points to a shell file like ‘/bin/sh’ and execute arbitrary commands due to the failure in verifying the URL which leads to path traversal to any file that exists in the system. Nostromo’s versions such as 1.9.6 fail to verify this URL
PoC: CVE-2019-16278-Nostromo-1.9.6-RCE
This repository contains an exploit for CVE-2019-16278 in Nostromo Web Server 1.9.6, allowing remote code execution via a directory traversal vulnerability. The script uses pwntools to establish a reverse shell. For educational and authorized testing use only.
PoC: CVE-2019-16278
Nostromo 1.9.6 reverse shell
PoC: CVE-2019-16278-Nostromo-1.9.6-RCE
This is a exploit of CVE-2019-16278 for Nostromo 1.9.6 RCE. This exploit allows RCE on the victim machine.
PoC: CVE-2019-16278
A quick python exploit for the Nostromo 1.9.6 remote code execution vulnerability. Only takes in host and port of web server as required arguments.
PoC: cve-2019-16278
Exploit for the CVE-2019-16278 vulnerability
PoC: Nostromo_Python3
CVE-2019-16278 Python3 Exploit Code
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free