Lucene search
K

482 matches found

0day.today
0day.today
added 2019/10/29 12:0 a.m.103 views

rConfig 3.9.2 - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: rConfig 3.9.2 - Remote Code Execution Exploit Author: Askar Vendor Homepage: https://rconfig.com/ Software link: https://rconfig.com/download Version: v3.9.2 Tested on: CentOS 7.7 / PHP 7.2.22 CVE : CVE-2019-16662 !/usr/bin/pyth...

10CVSS9.6AI score0.97702EPSS
Exploits10
Packet Storm
Packet Storm
added 2019/10/29 12:0 a.m.232 views

rConfig 3.9.2 Remote Code Execution

Exploit Title: rConfig 3.9.2 - Remote Code Execution Date: 2019-09-18 Exploit Author: Askar Vendor Homepage: https://rconfig.com/ Software link: https://rconfig.com/download Version: v3.9.2 Tested on: CentOS 7.7 / PHP 7.2.22 CVE : CVE-2019-16662 !/usr/bin/python import requests import sys from...

9.6AI score0.97702EPSS
Exploits10
Exploit DB
Exploit DB
added 2019/10/29 12:0 a.m.322 views

rConfig 3.9.2 - Remote Code Execution

Exploit Title: rConfig 3.9.2 - Remote Code Execution Date: 2019-09-18 Exploit Author: Askar Vendor Homepage: https://rconfig.com/ Software link: https://rconfig.com/download Version: v3.9.2 Tested on: CentOS 7.7 / PHP 7.2.22 CVE : CVE-2019-16662 !/usr/bin/python import requests import sys from...

10CVSS9.8AI score0.97702EPSS
Exploits10
exploitpack
exploitpack
added 2019/10/29 12:0 a.m.35 views

rConfig 3.9.2 - Remote Code Execution

rConfig 3.9.2 - Remote Code Execution Exploit Title: rConfig 3.9.2 - Remote Code Execution Date: 2019-09-18 Exploit Author: Askar Vendor Homepage: https://rconfig.com/ Software link: https://rconfig.com/download Version: v3.9.2 Tested on: CentOS 7.7 / PHP 7.2.22 CVE : CVE-2019-16662...

10CVSS9.8AI score0.97702EPSS
Exploits10
OSV
OSV
added 2019/10/28 12:15 p.m.4 views

CVE-2019-16662

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution...

9.8CVSS7.6AI score0.97702EPSS
Exploits11References7
NVD
NVD
added 2019/10/28 12:15 p.m.15 views

CVE-2019-16662

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution...

10CVSS9.7AI score0.97702EPSS
Exploits10References7
NVD
NVD
added 2019/10/28 12:15 p.m.16 views

CVE-2019-16663

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution...

9CVSS8.9AI score0.84696EPSS
Exploits11References5
OSV
OSV
added 2019/10/28 12:15 p.m.3 views

CVE-2019-16663

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution...

8.8CVSS7.6AI score0.97702EPSS
Exploits11References5
Prion
Prion
added 2019/10/28 12:15 p.m.16 views

Command injection

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution...

10CVSS9.6AI score0.97702EPSS
Exploits11References7Affected Software1
Prion
Prion
added 2019/10/28 12:15 p.m.12 views

Command injection

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution...

9CVSS9.4AI score0.97702EPSS
Exploits11References5Affected Software1
Cvelist
Cvelist
added 2019/10/28 11:53 a.m.39 views

CVE-2019-16663

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution...

9.5AI score0.97702EPSS
Exploits11References5
CVE
CVE
added 2019/10/28 11:53 a.m.123 views

CVE-2019-16663

CVE-2019-16663 affects rConfig 3.9.2. An attacker can directly execute system commands by issuing a GET to search.crud.php, where the category command parameter (catCommand) is passed to exec without proper filtering, enabling command execution. The description specifies remote code execution via...

9CVSS9.3AI score0.97702EPSS
Exploits11References5Affected Software1
CVE
CVE
added 2019/10/28 11:52 a.m.150 views

CVE-2019-16662

CVE-2019-16662 affects rConfig 3.9.2 and earlier. The flaw enables remote command execution via unauthenticated requests to ajaxServerSettingsChk.php where the rootUname parameter is passed to exec without filtering, enabling commands to run as the web server user. Related evidence shows Metasplo...

10CVSS9.5AI score0.97702EPSS
In wildExploits10References7Affected Software1
Cvelist
Cvelist
added 2019/10/28 11:52 a.m.53 views

CVE-2019-16662

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution...

9.8AI score0.97702EPSS
Exploits10References7
ATTACKERKB
ATTACKERKB
added 2019/10/28 12:0 a.m.21 views

CVE-2019-16662

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution. Recent assessments: pbarry-r7 at...

10CVSS3.6AI score0.97702EPSS
Exploits11References8
Symantec
Symantec
added 2019/09/18 12:0 a.m.13 views

rConfig Multiple Command Execution Vulnerabilities

Description rConfig is prone to multiple command-execution vulnerabilities. An can exploit these issues to execute arbitrary commands within the context of the affected application. rConfig version 3.9.2 is vulnerable; other versions may also be affected. Technologies Affected rConfig rConfig 3.9...

1.9AI score
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2019/08/08 12:0 a.m.47 views

CVE-2019-19585

An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an “rConfig specific Apache configuration” update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions...

7.8CVSS1.6AI score0.05668EPSS
Exploits9References4
Positive Technologies
Positive Technologies
added 2018/09/11 12:0 a.m.6 views

PT-2018-3754 · Rconfig · Rconfig

Name of the Vulnerable Software and Affected Versions: rConfig version 3.9.5 Description: The issue arises from the lack of sanitization of the userLogin parameter in the ldap/login.php file of the rConfig utility for managing network device configurations. This allows attackers to perform a LDAP...

7.8CVSS7.5AI score0.01623EPSS
Exploits1References6
Exploit DB
Exploit DB
added 2016/06/06 12:0 a.m.28 views

rConfig 3.1.1 - Local File Inclusion

Title =================== rConfig, the open source network device configuration management tool, Vulnerable to Local File Inclusion Summary =================== rConfig, the open source network device configuration management tool, is vulnerable to local file inclusion in /lib/crud/downloadFile.ph...

7.4AI score
Exploits0
0day.today
0day.today
added 2016/06/06 12:0 a.m.23 views

rConfig 3.1.1 - Local File Inclusion

Exploit for php platform in category web applications Title =================== rConfig, the open source network device configuration management tool, Vulnerable to Local File Inclusion Summary =================== rConfig, the open source network device configuration management tool, is vulnerabl...

7.1AI score
Exploits0
Rows per page
Query Builder