CVE-2019-16278CISA KEV: Actively Exploited

Nostromo nhttpd Directory Traversal Vulnerability

Published Nov 7, 2024·Updated Nov 7, 2024

Description

Nostromo nhttpd contains a directory traversal vulnerability in the http_verify() function in a non-chrooted nhttpd server allowing for remote code execution.

Public Exploits & PoCs15 found

PoC: CVE-2019-16278

Directory transversal to remote code execution

68

PoC: CVE-2019-16278-PoC

CVE-2019-16728 Proof of Concept

8

PoC: CVE-2019-16278-Nostromo_1.9.6-RCE

Python script to exploit RCE in Nostromo nhttpd <= 1.9.6.

7

PoC: CVE-2019-16278

A quick python exploit for the Nostromo 1.9.6 remote code execution vulnerability. Simply takes a host and port that the web server is running on.

5

PoC: CVE-2019-16278

CVE-2019-16278Nostromo httpd命令执行

4

PoC: CVE-2019-16278

Remote Code Execution exploit for Nostromo nhttpd ≤ 1.9.6. Exploits directory traversal vulnerability using URL-encoded CRLF characters to execute arbitrary commands

1

PoC: CVE-2019-16278

CVE-2019-16278:Nostromo Web服务器的RCE漏洞

1

PoC: cve-2019-16278

(Nhttpd) Nostromo 1.9.6 RCE due to Directory Traversal

1

PoC: CVE-2019-16278_Nostromo-1.9.6---Remote-Code-Execution

An unauthenticated attacker can force server points to a shell file like ‘/bin/sh’ and execute arbitrary commands due to the failure in verifying the URL which leads to path traversal to any file that exists in the system. Nostromo’s versions such as 1.9.6 fail to verify this URL

PoC: CVE-2019-16278-Nostromo-1.9.6-RCE

This repository contains an exploit for CVE-2019-16278 in Nostromo Web Server 1.9.6, allowing remote code execution via a directory traversal vulnerability. The script uses pwntools to establish a reverse shell. For educational and authorized testing use only.

PoC: CVE-2019-16278

Nostromo 1.9.6 reverse shell

PoC: CVE-2019-16278-Nostromo-1.9.6-RCE

This is a exploit of CVE-2019-16278 for Nostromo 1.9.6 RCE. This exploit allows RCE on the victim machine.

PoC: CVE-2019-16278

A quick python exploit for the Nostromo 1.9.6 remote code execution vulnerability. Only takes in host and port of web server as required arguments.

PoC: cve-2019-16278

Exploit for the CVE-2019-16278 vulnerability

PoC: Nostromo_Python3

CVE-2019-16278 Python3 Exploit Code

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free