482 matches found
The vulnerability of the lib/ajaxHandlers/ajaxAddTemplate.php component, a utility for managing network device configurations using the rConfig protocol, allows a attacker to execute arbitrary operating system commands.
The vulnerability of the lib/ajaxHandlers/ajaxAddTemplate.php utility, which is used to manage network device configurations in the rConfig framework, exists because special elements used in the operating system command are not properly eliminated. Exploiting this vulnerability allows a malicious...
rConfig <= 3.x Multiple Vulnerabilities
rConfig is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rconfig:rconfig"; if description...
rConfig <= 3.x Arbitrary File Upload Vulnerability
rConfig is prone to an arbitrary file upload vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rconfig:rconfig"; if...
CVE-2022-44384
An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-44384
An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file...
Privilege escalation
An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-44384
An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-44384
An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file...
rConfig 代码问题漏洞
rConfig is an open source network configuration management utility. A security vulnerability exists in rConfig version v3.9.6. An attacker exploits the vulnerability to execute arbitrary code via specially crafted PHP files...
PT-2022-27205 · Rconfig · Rconfig
Name of the Vulnerable Software and Affected Versions: rconfig version 3.9.6 Description: An arbitrary file upload issue allows attackers to execute arbitrary code via a crafted PHP file. Recommendations: For rconfig version 3.9.6, update to a version that fixes this issue, as the current version...
CVE-2022-44384
CVE-2022-44384 affects rconfig v3.9.6 and describes an arbitrary file upload vulnerability that allows an attacker to execute arbitrary PHP code by uploading a crafted file. The issue enables remote code execution via a crafted PHP file, with in‑the‑wild risk demonstrated by a Metasploit module t...
Fidelis Network Deception Command Injection Vulnerability (CNVD-2022-59170)
Fidelis Network Deception is a security product from Fidelis USA. A security vulnerability exists in versions prior to Fidelis Network Deception 9.4.5, which stems from a problem with date in rconfig. An attacker with CLI user-level access could exploit the vulnerability to inject root-level...
CVE-2022-24388
Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network...
CVE-2022-24389
Vulnerability in rconfig “certutils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis...
CVE-2022-24390
Vulnerability in rconfig “remotetextfile” enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fideli...
Design/Logic Flaw
Vulnerability in rconfig “certutils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis...
Design/Logic Flaw
Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network...
Design/Logic Flaw
Vulnerability in rconfig “remotetextfile” enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fideli...
CVE-2022-24388 Authenticated Privileged Command Injection Vulnerability in Fidelis Network and Deception
Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network...
CVE-2022-24388
CVE-2022-24388 involves Fidelis Network and Fidelis Deception components (CommandPost, Collector, Sensor, Sandbox, and neighboring Fidelis components) with a vulnerability rooted in rconfig date handling. Versions prior to 9.4.5 are affected. An attacker who already has CLI user-level access can ...