8 matches found
CVE-2019-19585
An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions...
CVE-2019-19585
creationtimestamp| type| source ---|---|--- 2024-03-19 17:41:24+00:00| seen| https://t.me/ctinow/211752 2024-11-14 06:10:04+00:00| seen| MISP/960cd098-d4ae-49ca-8c3a-8183adcce170 2025-02-06 03:13:44+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:10:15+00:00| seen|...
rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution
Exploit Title: rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution Exploit Author: vikingfr Greetz : Orange Cyberdefense - team CSR-SO https://cyberdefense.orange.com Date: 2020-03-12 CVE-2019-19509 + CVE-2019-19585 + CVE-2020-10220 Exploit link :...
rConfig 3.9.4 - searchField Unauthenticated Root Remote Code Execution
rConfig 3.9.4 - searchField Unauthenticated Root Remote Code Execution Exploit Title: rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution Exploit Author: vikingfr Greetz : Orange Cyberdefense - team CSR-SO https://cyberdefense.orange.com Date: 2020-03-12 CVE-2019-19509 +...
Rconfig 3.x Chained Remote Code Execution Exploit
This Metasploit module takes advantage of a command injection vulnerability in the path parameter of the ajax archive file functionality within the rConfig web interface in order to execute the payload. Valid credentials for a user with administrative privileges are required . However, this modul...
Rconfig 3.x Chained Remote Code Execution
This module exploits multiple vulnerabilities in rConfig version 3.9 in order to execute arbitrary commands. This module takes advantage of a command injection vulnerability in the path parameter of the ajax archive file functionality within the rConfig web interface in order to execute the...
CVE-2019-19585
An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions...
CVE-2019-19585
CVE-2019-19585 affects rConfig 3.9.x, where the install script alters /etc/sudoers during an rConfig Apache-related update, giving Apache high privileges for certain binaries and enabling bypass of local security restrictions. Public materials describe chained vulnerabilities (including CVE-2019-...