Lucene search
+L

13 matches found

redhatcve
redhatcve
added 2025/05/22 10:8 a.m.6 views

CVE-2019-19509

An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution...

9CVSS7AI score0.71635EPSS
Exploits13References1
checkpoint_advisories
checkpoint_advisories
added 2020/04/08 12:0 a.m.26 views

rConfig Network Device Configuration Tool Command Injection (CVE-2019-19509)

A command injection vulnerability exists in rConfig Network Device Configuration Tool. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

9CVSS5.5AI score0.71635EPSS
Exploits13
exploitdb
exploitdb
added 2020/03/27 12:0 a.m.232 views

rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution

Exploit Title: rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution Exploit Author: vikingfr Greetz : Orange Cyberdefense - team CSR-SO https://cyberdefense.orange.com Date: 2020-03-12 CVE-2019-19509 + CVE-2019-19585 + CVE-2020-10220 Exploit link :...

9.8CVSS8.8AI score0.99683EPSS
Exploits20
exploitpack
exploitpack
added 2020/03/27 12:0 a.m.177 views

rConfig 3.9.4 - searchField Unauthenticated Root Remote Code Execution

rConfig 3.9.4 - searchField Unauthenticated Root Remote Code Execution Exploit Title: rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution Exploit Author: vikingfr Greetz : Orange Cyberdefense - team CSR-SO https://cyberdefense.orange.com Date: 2020-03-12 CVE-2019-19509 +...

9CVSS0.6AI score0.99683EPSS
Exploits20
exploitdb
exploitdb
added 2020/03/17 12:0 a.m.298 views

Rconfig 3.x - Chained Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rconfig 3.x Chained Remote Code Execution', 'Description' = ' This module exploits multiple vulnerabilities in rConfig version 3.9 in order to...

8.8AI score
Exploits0
zdt
zdt
added 2020/03/17 12:0 a.m.314 views

Rconfig 3.x Chained Remote Code Execution Exploit

This Metasploit module takes advantage of a command injection vulnerability in the path parameter of the ajax archive file functionality within the rConfig web interface in order to execute the payload. Valid credentials for a user with administrative privileges are required . However, this modul...

9.8CVSS1.4AI score0.99683EPSS
Exploits20
packetstorm
packetstorm
added 2020/03/16 12:0 a.m.147 views

Rconfig 3.x Chained Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rconfig 3.x Chained Remote Code Execution', 'Description' = ' This module exploits multiple vulnerabilities in rConfig version 3.9 in order to...

9CVSS0.99683EPSS
Exploits20
exploitdb
exploitdb
added 2020/01/30 12:0 a.m.266 views

rConfig 3.9.3 - Authenticated Remote Code Execution

Exploit Title: rConfig 3.9.3 - Authenticated Remote Code Execution Date: 2019-11-07 CVE-2019-19509 Exploit Author: vikingfr Vendor Homepage: https://rconfig.com/ see also : https://github.com/rconfig/rconfig Software Link : http://files.rconfig.com/downloads/scripts/centos7install.sh Version:...

9CVSS8.7AI score0.71635EPSS
Exploits13
packetstorm
packetstorm
added 2020/01/30 12:0 a.m.158 views

rConfig 3.9.3 Remote Code Execution

Exploit Title: rConfig 3.9.3 - Authenticated Remote Code Execution Date: 2019-11-07 CVE-2019-19509 Exploit Author: vikingfr Vendor Homepage: https://rconfig.com/ see also : https://github.com/rconfig/rconfig Software Link : http://files.rconfig.com/downloads/scripts/centos7install.sh Version:...

9CVSS8.7AI score0.71635EPSS
Exploits13
zdt
zdt
added 2020/01/30 12:0 a.m.138 views

rConfig 3.9.3 - Authenticated Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: rConfig 3.9.3 - Authenticated Remote Code Execution CVE-2019-19509 Exploit Author: vikingfr Vendor Homepage: https://rconfig.com/ see also : https://github.com/rconfig/rconfig Software Link :...

9CVSS0.71635EPSS
Exploits13
circl
circl
added 2020/01/30 12:0 a.m.13 views

CVE-2019-19509

creationtimestamp| type| source ---|---|--- 2020-01-30 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/47982 2020-03-16 11:28:40+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/rconfigajaxarchivefilesrce.rb 2020-03-17...

9CVSS8.1AI score0.71635EPSS
Exploits13References4
osv
osv
added 2020/01/06 8:15 p.m.3 views

CVE-2019-19509

An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution...

8.8CVSS7.4AI score0.71635EPSS
Exploits13References6
cve
cve
added 2020/01/06 7:27 p.m.389 views

CVE-2019-19509

CVE-2019-19509 affects rConfig 3.9.3 (and related 3.9.x) where the path parameter in ajaxArchiveFiles.php is passed directly to exec, enabling a remote authenticated user to execute arbitrary commands. Multiple public disclosures and exploits (e.g., exploit-db entries for 3.9.3 Auth RCE and 3.9.4...

9CVSS8.6AI score0.71635EPSS
In wildExploits13References6Affected Software1
Rows per page
Query Builder