Guillaume André (@yaumn_) - Security Researcher

CVE-2018-15710 METASPLOIT HIGH ruby WORKING POC

Nagios XI - OS Command Injection

Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.

CVSS 7.8

View Code

CVE-2018-15708 EXPLOITDB CRITICAL ruby WORKING POC

Nagios XI Magpie_debug.php Root Remote Code Execution

Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.

CVSS 9.8

View Code

CVE-2018-15708 METASPLOIT CRITICAL ruby WORKING POC

Nagios XI Magpie_debug.php Root Remote Code Execution

Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.

CVSS 9.8

View Code

CVE-2018-15710 EXPLOITDB HIGH ruby WORKING POC

Nagios XI - OS Command Injection

Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.

CVSS 7.8

View Code