482 matches found
rConfig 3.9.2 - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: rConfig 3.9.2 - Remote Code Execution Exploit Author: Askar Vendor Homepage: https://rconfig.com/ Software link: https://rconfig.com/download Version: v3.9.2 Tested on: CentOS 7.7 / PHP 7.2.22 CVE : CVE-2019-16662 !/usr/bin/pyth...
rConfig 3.9.2 Remote Code Execution
Exploit Title: rConfig 3.9.2 - Remote Code Execution Date: 2019-09-18 Exploit Author: Askar Vendor Homepage: https://rconfig.com/ Software link: https://rconfig.com/download Version: v3.9.2 Tested on: CentOS 7.7 / PHP 7.2.22 CVE : CVE-2019-16662 !/usr/bin/python import requests import sys from...
rConfig 3.9.2 - Remote Code Execution
Exploit Title: rConfig 3.9.2 - Remote Code Execution Date: 2019-09-18 Exploit Author: Askar Vendor Homepage: https://rconfig.com/ Software link: https://rconfig.com/download Version: v3.9.2 Tested on: CentOS 7.7 / PHP 7.2.22 CVE : CVE-2019-16662 !/usr/bin/python import requests import sys from...
rConfig 3.9.2 - Remote Code Execution
rConfig 3.9.2 - Remote Code Execution Exploit Title: rConfig 3.9.2 - Remote Code Execution Date: 2019-09-18 Exploit Author: Askar Vendor Homepage: https://rconfig.com/ Software link: https://rconfig.com/download Version: v3.9.2 Tested on: CentOS 7.7 / PHP 7.2.22 CVE : CVE-2019-16662...
CVE-2019-16662
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution...
CVE-2019-16662
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution...
CVE-2019-16663
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution...
CVE-2019-16663
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution...
Command injection
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution...
Command injection
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution...
CVE-2019-16663
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution...
CVE-2019-16663
CVE-2019-16663 affects rConfig 3.9.2. An attacker can directly execute system commands by issuing a GET to search.crud.php, where the category command parameter (catCommand) is passed to exec without proper filtering, enabling command execution. The description specifies remote code execution via...
CVE-2019-16662
CVE-2019-16662 affects rConfig 3.9.2 and earlier. The flaw enables remote command execution via unauthenticated requests to ajaxServerSettingsChk.php where the rootUname parameter is passed to exec without filtering, enabling commands to run as the web server user. Related evidence shows Metasplo...
CVE-2019-16662
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution...
CVE-2019-16662
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution. Recent assessments: pbarry-r7 at...
rConfig Multiple Command Execution Vulnerabilities
Description rConfig is prone to multiple command-execution vulnerabilities. An can exploit these issues to execute arbitrary commands within the context of the affected application. rConfig version 3.9.2 is vulnerable; other versions may also be affected. Technologies Affected rConfig rConfig 3.9...
CVE-2019-19585
An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an “rConfig specific Apache configuration” update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions...
PT-2018-3754 · Rconfig · Rconfig
Name of the Vulnerable Software and Affected Versions: rConfig version 3.9.5 Description: The issue arises from the lack of sanitization of the userLogin parameter in the ldap/login.php file of the rConfig utility for managing network device configurations. This allows attackers to perform a LDAP...
rConfig 3.1.1 - Local File Inclusion
Title =================== rConfig, the open source network device configuration management tool, Vulnerable to Local File Inclusion Summary =================== rConfig, the open source network device configuration management tool, is vulnerable to local file inclusion in /lib/crud/downloadFile.ph...
rConfig 3.1.1 - Local File Inclusion
Exploit for php platform in category web applications Title =================== rConfig, the open source network device configuration management tool, Vulnerable to Local File Inclusion Summary =================== rConfig, the open source network device configuration management tool, is vulnerabl...