Lucene search
K

5 matches found

exploitpack
exploitpack
added 2020/01/30 12:0 a.m.51 views

rConfig 3.9.3 - Authenticated Remote Code Execution

rConfig 3.9.3 - Authenticated Remote Code Execution Exploit Title: rConfig 3.9.3 - Authenticated Remote Code Execution Date: 2019-11-07 CVE-2019-19509 Exploit Author: vikingfr Vendor Homepage: https://rconfig.com/ see also : https://github.com/rconfig/rconfig Software Link :...

9CVSS0.5AI score0.71635EPSS
Exploits13
OSV
OSV
added 2020/01/06 8:15 p.m.2 views

CVE-2019-19509

An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution...

8.8CVSS7.4AI score0.71635EPSS
Exploits13References6
NVD
NVD
added 2020/01/06 8:15 p.m.16 views

CVE-2019-19585

An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions...

7.8CVSS7.5AI score0.05668EPSS
Exploits9References3
Cvelist
Cvelist
added 2020/01/06 7:24 p.m.33 views

CVE-2019-19585

An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions...

8.5AI score0.05668EPSS
Exploits9References3
ATTACKERKB
ATTACKERKB
added 2020/01/06 12:0 a.m.241 views

CVE-2019-19509

An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution. Recent assessments: Assesse...

9CVSS3.8AI score0.71635EPSS
In wildExploits13References8
Rows per page
Query Builder