Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-16278
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
nostromo nhttpd 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
nostromo nhttpd是一款开源的Web服务器。 nostromo nhttpd 1.9.6及之前版本中的‘http_verify’函数存在路径遍历漏洞。该漏洞源于网络系统或产品未能正确地过滤资源或文件路径中的特殊元素。攻击者可利用该漏洞访问受限目录之外的位置。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
-n/a n/a -
II. Public POCs for CVE-2019-16278
#POC DescriptionSource LinkShenlong Link
1Directory transversal to remote code executionhttps://github.com/jas502n/CVE-2019-16278POC Details
2CVE-2019-16728 Proof of Concepthttps://github.com/imjdl/CVE-2019-16278-PoCPOC Details
3CVE-2019-16278Nostromo httpd命令执行https://github.com/ianxtianxt/CVE-2019-16278POC Details
4CVE-2019-16278 Python3 Exploit Codehttps://github.com/darkerego/Nostromo_Python3POC Details
5A quick python exploit for the Nostromo 1.9.6 remote code execution vulnerability. Simply takes a host and port that the web server is running on. https://github.com/AnubisSec/CVE-2019-16278POC Details
6Python script to exploit RCE in Nostromo nhttpd <= 1.9.6.https://github.com/theRealFr13nd/CVE-2019-16278-Nostromo_1.9.6-RCEPOC Details
7(Nhttpd) Nostromo 1.9.6 RCE due to Directory Traversal https://github.com/Kr0ff/cve-2019-16278POC Details
8CVE-2019-16278:Nostromo Web服务器的RCE漏洞https://github.com/NHPT/CVE-2019-16278POC Details
9Exploit for the CVE-2019-16278 vulnerabilityhttps://github.com/keshiba/cve-2019-16278POC Details
10Nonehttps://github.com/crypticdante/CVE-2019-16278POC Details
11A quick python exploit for the Nostromo 1.9.6 remote code execution vulnerability. Only takes in host and port of web server as required arguments.https://github.com/alexander-fernandes/CVE-2019-16278POC Details
12This is a exploit of CVE-2019-16278 for Nostromo 1.9.6 RCE. This exploit allows RCE on the victim machine.https://github.com/FredBrave/CVE-2019-16278-Nostromo-1.9.6-RCEPOC Details
13Nostromo 1.9.6 reverse shellhttps://github.com/0xTabun/CVE-2019-16278POC Details
14Nonehttps://github.com/H3xL00m/CVE-2019-16278POC Details
15Python script to exploit RCE in Nostromo nhttpd <= 1.9.6.https://github.com/aN0mad/CVE-2019-16278-Nostromo_1.9.6-RCEPOC Details
16Nonehttps://github.com/n3ov4n1sh/CVE-2019-16278POC Details
17Nonehttps://github.com/c0d3cr4f73r/CVE-2019-16278POC Details
18Nonehttps://github.com/Sp3c73rSh4d0w/CVE-2019-16278POC Details
19Nonehttps://github.com/0xwh1pl4sh/CVE-2019-16278POC Details
20Nonehttps://github.com/N3rdyN3xus/CVE-2019-16278POC Details
21Nonehttps://github.com/NyxByt3/CVE-2019-16278POC Details
22Nonehttps://github.com/h3xcr4ck3r/CVE-2019-16278POC Details
23Nonehttps://github.com/n3rdh4x0r/CVE-2019-16278POC Details
24This repository contains an exploit for CVE-2019-16278 in Nostromo Web Server 1.9.6, allowing remote code execution via a directory traversal vulnerability. The script uses pwntools to establish a reverse shell. For educational and authorized testing use only.https://github.com/cancela24/CVE-2019-16278-Nostromo-1.9.6-RCEPOC Details
25An unauthenticated attacker can force server points to a shell file like ‘/bin/sh’ and execute arbitrary commands due to the failure in verifying the URL which leads to path traversal to any file that exists in the system. Nostromo’s versions such as 1.9.6 fail to verify this URL https://github.com/CybermonkX/CVE-2019-16278_Nostromo-1.9.6---Remote-Code-ExecutionPOC Details
26nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via directory traversal in the function http_verify.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-16278.yamlPOC Details
27Nonehttps://github.com/h3x0v3rl0rd/CVE-2019-16278POC Details
28Remote Code Execution exploit for Nostromo nhttpd ≤ 1.9.6. Exploits directory traversal vulnerability using URL-encoded CRLF characters to execute arbitrary commandshttps://github.com/andknownmaly/CVE-2019-16278POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2019-16278
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: n/a
Same vendor: n/a
V. Comments for CVE-2019-16278

No comments yet

Leave a comment