CVE-2010-4099

Nitrosecurity Nitroview Esm Software - Improper Input Validation

Title source: rule

Description

ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the Request parameter to ess.

Exploits (2)

exploitdb WORKING POC VERIFIED

by s_n · htmlremotelinux

https://www.exploit-db.com/exploits/34932

View Code ZIP pw:eip

exploitdb WORKING POC

by Filip Palian · textremotelinux

https://www.exploit-db.com/exploits/15318

View Code ZIP pw:eip

References (4)

[Exploit] http://www.exploit-db.com/exploits/15318

[Exploit] http://www.securityfocus.com/bid/44421

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1024639

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/62768

Scores

EPSS 0.0254

EPSS Percentile 85.5%

Details

CWE

CWE-20

Status published

Products (1)

nitrosecurity/nitroview_esm_software 8.4.0a

Published Oct 27, 2010

Tracked Since Feb 18, 2026