Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:8 a.m.5 views

CVE-2019-19509

An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution...

9CVSS7AI score0.71635EPSS
Exploits13References1
Check Point Advisories
Check Point Advisories
added 2020/04/08 12:0 a.m.26 views

rConfig Network Device Configuration Tool Command Injection (CVE-2019-19509)

A command injection vulnerability exists in rConfig Network Device Configuration Tool. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

9CVSS5.5AI score0.71635EPSS
Exploits13
exploitpack
exploitpack
added 2020/03/27 12:0 a.m.177 views

rConfig 3.9.4 - searchField Unauthenticated Root Remote Code Execution

rConfig 3.9.4 - searchField Unauthenticated Root Remote Code Execution Exploit Title: rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution Exploit Author: vikingfr Greetz : Orange Cyberdefense - team CSR-SO https://cyberdefense.orange.com Date: 2020-03-12 CVE-2019-19509 +...

9CVSS0.6AI score0.99683EPSS
Exploits20
Exploit DB
Exploit DB
added 2020/03/27 12:0 a.m.232 views

rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution

Exploit Title: rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution Exploit Author: vikingfr Greetz : Orange Cyberdefense - team CSR-SO https://cyberdefense.orange.com Date: 2020-03-12 CVE-2019-19509 + CVE-2019-19585 + CVE-2020-10220 Exploit link :...

9.8CVSS8.8AI score0.99683EPSS
Exploits20
Exploit DB
Exploit DB
added 2020/03/17 12:0 a.m.298 views

Rconfig 3.x - Chained Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rconfig 3.x Chained Remote Code Execution', 'Description' = ' This module exploits multiple vulnerabilities in rConfig version 3.9 in order to...

8.8AI score
Exploits0
0day.today
0day.today
added 2020/03/17 12:0 a.m.314 views

Rconfig 3.x Chained Remote Code Execution Exploit

This Metasploit module takes advantage of a command injection vulnerability in the path parameter of the ajax archive file functionality within the rConfig web interface in order to execute the payload. Valid credentials for a user with administrative privileges are required . However, this modul...

9.8CVSS1.4AI score0.99683EPSS
Exploits20
Packet Storm
Packet Storm
added 2020/03/16 12:0 a.m.147 views

Rconfig 3.x Chained Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rconfig 3.x Chained Remote Code Execution', 'Description' = ' This module exploits multiple vulnerabilities in rConfig version 3.9 in order to...

9CVSS0.99683EPSS
Exploits20
Packet Storm
Packet Storm
added 2020/01/30 12:0 a.m.157 views

rConfig 3.9.3 Remote Code Execution

Exploit Title: rConfig 3.9.3 - Authenticated Remote Code Execution Date: 2019-11-07 CVE-2019-19509 Exploit Author: vikingfr Vendor Homepage: https://rconfig.com/ see also : https://github.com/rconfig/rconfig Software Link : http://files.rconfig.com/downloads/scripts/centos7install.sh Version:...

9CVSS8.7AI score0.71635EPSS
Exploits13
0day.today
0day.today
added 2020/01/30 12:0 a.m.138 views

rConfig 3.9.3 - Authenticated Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: rConfig 3.9.3 - Authenticated Remote Code Execution CVE-2019-19509 Exploit Author: vikingfr Vendor Homepage: https://rconfig.com/ see also : https://github.com/rconfig/rconfig Software Link :...

9CVSS0.71635EPSS
Exploits13
Circl
Circl
added 2020/01/30 12:0 a.m.13 views

CVE-2019-19509

creationtimestamp| type| source ---|---|--- 2020-01-30 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/47982 2020-03-16 11:28:40+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/rconfigajaxarchivefilesrce.rb 2020-03-17...

9CVSS8.1AI score0.71635EPSS
Exploits13References4
Exploit DB
Exploit DB
added 2020/01/30 12:0 a.m.266 views

rConfig 3.9.3 - Authenticated Remote Code Execution

Exploit Title: rConfig 3.9.3 - Authenticated Remote Code Execution Date: 2019-11-07 CVE-2019-19509 Exploit Author: vikingfr Vendor Homepage: https://rconfig.com/ see also : https://github.com/rconfig/rconfig Software Link : http://files.rconfig.com/downloads/scripts/centos7install.sh Version:...

9CVSS8.7AI score0.71635EPSS
Exploits13
OSV
OSV
added 2020/01/06 8:15 p.m.3 views

CVE-2019-19509

An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution...

8.8CVSS7.4AI score0.71635EPSS
Exploits13References6
CVE
CVE
added 2020/01/06 7:27 p.m.387 views

CVE-2019-19509

CVE-2019-19509 affects rConfig 3.9.3 (and related 3.9.x) where the path parameter in ajaxArchiveFiles.php is passed directly to exec, enabling a remote authenticated user to execute arbitrary commands. Multiple public disclosures and exploits (e.g., exploit-db entries for 3.9.3 Auth RCE and 3.9.4...

9CVSS8.6AI score0.71635EPSS
In wildExploits13References6Affected Software1
Rows per page
Query Builder