13 matches found
CVE-2019-19509
An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution...
rConfig Network Device Configuration Tool Command Injection (CVE-2019-19509)
A command injection vulnerability exists in rConfig Network Device Configuration Tool. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
rConfig 3.9.4 - searchField Unauthenticated Root Remote Code Execution
rConfig 3.9.4 - searchField Unauthenticated Root Remote Code Execution Exploit Title: rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution Exploit Author: vikingfr Greetz : Orange Cyberdefense - team CSR-SO https://cyberdefense.orange.com Date: 2020-03-12 CVE-2019-19509 +...
rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution
Exploit Title: rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution Exploit Author: vikingfr Greetz : Orange Cyberdefense - team CSR-SO https://cyberdefense.orange.com Date: 2020-03-12 CVE-2019-19509 + CVE-2019-19585 + CVE-2020-10220 Exploit link :...
Rconfig 3.x - Chained Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rconfig 3.x Chained Remote Code Execution', 'Description' = ' This module exploits multiple vulnerabilities in rConfig version 3.9 in order to...
Rconfig 3.x Chained Remote Code Execution Exploit
This Metasploit module takes advantage of a command injection vulnerability in the path parameter of the ajax archive file functionality within the rConfig web interface in order to execute the payload. Valid credentials for a user with administrative privileges are required . However, this modul...
Rconfig 3.x Chained Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rconfig 3.x Chained Remote Code Execution', 'Description' = ' This module exploits multiple vulnerabilities in rConfig version 3.9 in order to...
rConfig 3.9.3 Remote Code Execution
Exploit Title: rConfig 3.9.3 - Authenticated Remote Code Execution Date: 2019-11-07 CVE-2019-19509 Exploit Author: vikingfr Vendor Homepage: https://rconfig.com/ see also : https://github.com/rconfig/rconfig Software Link : http://files.rconfig.com/downloads/scripts/centos7install.sh Version:...
rConfig 3.9.3 - Authenticated Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: rConfig 3.9.3 - Authenticated Remote Code Execution CVE-2019-19509 Exploit Author: vikingfr Vendor Homepage: https://rconfig.com/ see also : https://github.com/rconfig/rconfig Software Link :...
CVE-2019-19509
creationtimestamp| type| source ---|---|--- 2020-01-30 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/47982 2020-03-16 11:28:40+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/rconfigajaxarchivefilesrce.rb 2020-03-17...
rConfig 3.9.3 - Authenticated Remote Code Execution
Exploit Title: rConfig 3.9.3 - Authenticated Remote Code Execution Date: 2019-11-07 CVE-2019-19509 Exploit Author: vikingfr Vendor Homepage: https://rconfig.com/ see also : https://github.com/rconfig/rconfig Software Link : http://files.rconfig.com/downloads/scripts/centos7install.sh Version:...
CVE-2019-19509
An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution...
CVE-2019-19509
CVE-2019-19509 affects rConfig 3.9.3 (and related 3.9.x) where the path parameter in ajaxArchiveFiles.php is passed directly to exec, enabling a remote authenticated user to execute arbitrary commands. Multiple public disclosures and exploits (e.g., exploit-db entries for 3.9.3 Auth RCE and 3.9.4...