Lucene search
K

482 matches found

BDU FSTEC
BDU FSTEC
added 2023/02/15 12:0 a.m.6 views

The vulnerability of the lib/ajaxHandlers/ajaxAddTemplate.php component, a utility for managing network device configurations using the rConfig protocol, allows a attacker to execute arbitrary operating system commands.

The vulnerability of the lib/ajaxHandlers/ajaxAddTemplate.php utility, which is used to manage network device configurations in the rConfig framework, exists because special elements used in the operating system command are not properly eliminated. Exploiting this vulnerability allows a malicious...

9CVSS8AI score0.36754EPSS
Exploits5References5Affected Software1
OpenVAS
OpenVAS
added 2022/12/06 12:0 a.m.12 views

rConfig <= 3.x Multiple Vulnerabilities

rConfig is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rconfig:rconfig"; if description...

9CVSS7.7AI score0.05471EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2022/11/18 12:0 a.m.14 views

rConfig <= 3.x Arbitrary File Upload Vulnerability

rConfig is prone to an arbitrary file upload vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rconfig:rconfig"; if...

8.8CVSS7.2AI score0.05009EPSS
Exploits2References2
OSV
OSV
added 2022/11/17 5:15 p.m.4 views

CVE-2022-44384

An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file...

8.8CVSS6.1AI score0.05009EPSS
Exploits2References1
NVD
NVD
added 2022/11/17 5:15 p.m.13 views

CVE-2022-44384

An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file...

8.8CVSS0.05009EPSS
Exploits2References1
Prion
Prion
added 2022/11/17 5:15 p.m.21 views

Privilege escalation

An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file...

6.5CVSS8.8AI score0.05009EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/11/17 12:0 a.m.23 views

CVE-2022-44384

An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file...

9.1AI score0.05009EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2022/11/17 12:0 a.m.7 views

CVE-2022-44384

An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file...

8.9AI score0.05009EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/11/17 12:0 a.m.3 views

rConfig 代码问题漏洞

rConfig is an open source network configuration management utility. A security vulnerability exists in rConfig version v3.9.6. An attacker exploits the vulnerability to execute arbitrary code via specially crafted PHP files...

8.8CVSS8.5AI score0.05009EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2022/11/17 12:0 a.m.3 views

PT-2022-27205 · Rconfig · Rconfig

Name of the Vulnerable Software and Affected Versions: rconfig version 3.9.6 Description: An arbitrary file upload issue allows attackers to execute arbitrary code via a crafted PHP file. Recommendations: For rconfig version 3.9.6, update to a version that fixes this issue, as the current version...

8.8CVSS8AI score0.05009EPSS
Exploits2References4
CVE
CVE
added 2022/11/17 12:0 a.m.59 views

CVE-2022-44384

CVE-2022-44384 affects rconfig v3.9.6 and describes an arbitrary file upload vulnerability that allows an attacker to execute arbitrary PHP code by uploading a crafted file. The issue enables remote code execution via a crafted PHP file, with in‑the‑wild risk demonstrated by a Metasploit module t...

8.8CVSS8.8AI score0.05009EPSS
Exploits2References1Affected Software1
CNVD
CNVD
added 2022/05/19 12:0 a.m.19 views

Fidelis Network Deception Command Injection Vulnerability (CNVD-2022-59170)

Fidelis Network Deception is a security product from Fidelis USA. A security vulnerability exists in versions prior to Fidelis Network Deception 9.4.5, which stems from a problem with date in rconfig. An attacker with CLI user-level access could exploit the vulnerability to inject root-level...

9CVSS3.7AI score0.01432EPSS
Exploits0References1
NVD
NVD
added 2022/05/17 8:15 p.m.15 views

CVE-2022-24388

Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network...

9CVSS0.01432EPSS
Exploits0References1
NVD
NVD
added 2022/05/17 8:15 p.m.21 views

CVE-2022-24389

Vulnerability in rconfig “certutils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis...

9CVSS0.01432EPSS
Exploits0References1
NVD
NVD
added 2022/05/17 8:15 p.m.18 views

CVE-2022-24390

Vulnerability in rconfig “remotetextfile” enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fideli...

8.8CVSS0.01227EPSS
Exploits0References1
Prion
Prion
added 2022/05/17 8:15 p.m.16 views

Design/Logic Flaw

Vulnerability in rconfig “certutils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis...

9CVSS8.5AI score0.01432EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2022/05/17 8:15 p.m.11 views

Design/Logic Flaw

Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network...

9CVSS8.5AI score0.01432EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2022/05/17 8:15 p.m.16 views

Design/Logic Flaw

Vulnerability in rconfig “remotetextfile” enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fideli...

6.5CVSS8.5AI score0.01227EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2022/05/17 7:30 p.m.23 views

CVE-2022-24388 Authenticated Privileged Command Injection Vulnerability in Fidelis Network and Deception

Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network...

8.8CVSS8.8AI score0.01432EPSS
Exploits0References1
CVE
CVE
added 2022/05/17 7:30 p.m.75 views

CVE-2022-24388

CVE-2022-24388 involves Fidelis Network and Fidelis Deception components (CommandPost, Collector, Sensor, Sandbox, and neighboring Fidelis components) with a vulnerability rooted in rconfig date handling. Versions prior to 9.4.5 are affected. An attacker who already has CLI user-level access can ...

9CVSS8.8AI score0.01432EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder