15 matches found
CVE-2019-16662
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution...
CVE-2020-16662
CVE-2020-16662 is rejected/not used; this entry does not represent an active vulnerability.
CVE-2020-16662
...
rConfig - install Command Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'rConfig install Command Execution', 'Description' = %q This module exploits an unauthenticated command injection vulnerability in rConfig version...
rConfig - install Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'rConfig install Command Execution', 'Description' = %q This module exploits an unauthenticated command injection vulnerability in rConfig version...
rConfig Remote Code Execution (CVE-2019-16662; CVE-2019-16663)
A remote code execution vulnerability exists in rConfig. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
rConfig < 3.9.3 Multiple RCE Vulnerabilities - Version Check
rConfig is prone to multiple remote code execution RCE vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Watch Out IT Admins! Two Unpatched Critical RCE Flaws Disclosed in rConfig
If you're using the popular rConfig network configuration management utility to protect and manage your network devices, here we have an important and urgent warning for you. A cybersecurity researcher has recently published details and proof-of-concept exploits for two unpatched, critical remote...
CVE-2019-16662
creationtimestamp| type| source ---|---|--- 2019-11-03 12:10:08+00:00| published-proof-of-concept| https://t.me/antichat/6953 2019-11-03 13:03:58+00:00| seen| https://t.me/canyoupwnme/6111 2019-11-03 15:07:22+00:00| seen| https://t.me/DC8044Info/458 2019-11-06 19:54:12+00:00| seen|...
rConfig install Command Execution
This module exploits an unauthenticated command injection vulnerability in rConfig versions 3.9.2 and prior. The install directory is not automatically removed after installation, allowing unauthenticated users to execute arbitrary commands via the ajaxServerSettingsChk.php file as the web server...
rConfig 3.9.2 Remote Code Execution
Exploit Title: rConfig 3.9.2 - Remote Code Execution Date: 2019-09-18 Exploit Author: Askar Vendor Homepage: https://rconfig.com/ Software link: https://rconfig.com/download Version: v3.9.2 Tested on: CentOS 7.7 / PHP 7.2.22 CVE : CVE-2019-16662 !/usr/bin/python import requests import sys from...
rConfig 3.9.2 - Remote Code Execution
Exploit Title: rConfig 3.9.2 - Remote Code Execution Date: 2019-09-18 Exploit Author: Askar Vendor Homepage: https://rconfig.com/ Software link: https://rconfig.com/download Version: v3.9.2 Tested on: CentOS 7.7 / PHP 7.2.22 CVE : CVE-2019-16662 !/usr/bin/python import requests import sys from...
rConfig 3.9.2 - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: rConfig 3.9.2 - Remote Code Execution Exploit Author: Askar Vendor Homepage: https://rconfig.com/ Software link: https://rconfig.com/download Version: v3.9.2 Tested on: CentOS 7.7 / PHP 7.2.22 CVE : CVE-2019-16662 !/usr/bin/pyth...
Immunity Canvas: RCONFIG_AJAXSERVER_RCE
Name| rconfigajaxserverrce ---|--- CVE| CVE-2019-16662 Exploit Pack| CANVAS Description| rconfigajaxserverrce Notes| CVE Name: CVE-2019-16662 VENDOR: rConfig NOTES: The current exploit initializes a tcp server to serve the mosdef callback port 8080 IMPORTANT: In the path textfield you need the pa...
CVE-2019-16662
CVE-2019-16662 affects rConfig 3.9.2 and earlier. The flaw enables remote command execution via unauthenticated requests to ajaxServerSettingsChk.php where the rootUname parameter is passed to exec without filtering, enabling commands to run as the web server user. Related evidence shows Metasplo...