Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:8 a.m.8 views

CVE-2019-19585

An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions...

7.8CVSS6.6AI score0.05668EPSS
Exploits9References1
Circl
Circl
added 2024/03/19 5:41 p.m.11 views

CVE-2019-19585

creationtimestamp| type| source ---|---|--- 2024-03-19 17:41:24+00:00| seen| https://t.me/ctinow/211752 2024-11-14 06:10:04+00:00| seen| MISP/960cd098-d4ae-49ca-8c3a-8183adcce170 2025-02-06 03:13:44+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:10:15+00:00| seen|...

7.8CVSS7.9AI score0.05668EPSS
Exploits9References1
Exploit DB
Exploit DB
added 2020/03/27 12:0 a.m.232 views

rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution

Exploit Title: rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution Exploit Author: vikingfr Greetz : Orange Cyberdefense - team CSR-SO https://cyberdefense.orange.com Date: 2020-03-12 CVE-2019-19509 + CVE-2019-19585 + CVE-2020-10220 Exploit link :...

9.8CVSS8.8AI score0.99683EPSS
Exploits20
exploitpack
exploitpack
added 2020/03/27 12:0 a.m.177 views

rConfig 3.9.4 - searchField Unauthenticated Root Remote Code Execution

rConfig 3.9.4 - searchField Unauthenticated Root Remote Code Execution Exploit Title: rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution Exploit Author: vikingfr Greetz : Orange Cyberdefense - team CSR-SO https://cyberdefense.orange.com Date: 2020-03-12 CVE-2019-19509 +...

9CVSS0.6AI score0.99683EPSS
Exploits20
0day.today
0day.today
added 2020/03/17 12:0 a.m.314 views

Rconfig 3.x Chained Remote Code Execution Exploit

This Metasploit module takes advantage of a command injection vulnerability in the path parameter of the ajax archive file functionality within the rConfig web interface in order to execute the payload. Valid credentials for a user with administrative privileges are required . However, this modul...

9.8CVSS1.4AI score0.99683EPSS
Exploits20
Metasploit
Metasploit
added 2020/03/12 10:41 a.m.125 views

Rconfig 3.x Chained Remote Code Execution

This module exploits multiple vulnerabilities in rConfig version 3.9 in order to execute arbitrary commands. This module takes advantage of a command injection vulnerability in the path parameter of the ajax archive file functionality within the rConfig web interface in order to execute the...

9.8CVSS9.7AI score0.99683EPSS
Exploits20
Cvelist
Cvelist
added 2020/01/06 7:24 p.m.34 views

CVE-2019-19585

An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions...

8.5AI score0.05668EPSS
Exploits9References3
CVE
CVE
added 2020/01/06 7:24 p.m.166 views

CVE-2019-19585

CVE-2019-19585 affects rConfig 3.9.x, where the install script alters /etc/sudoers during an rConfig Apache-related update, giving Apache high privileges for certain binaries and enabling bypass of local security restrictions. Public materials describe chained vulnerabilities (including CVE-2019-...

7.8CVSS8.3AI score0.05668EPSS
Exploits9References3Affected Software1
Rows per page
Query Builder