Lucene search
K

13 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-5995

Malware in sbrugna...

9CVSS8.7AI score0.0421EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-4572

Malware in sbrugna...

9.1CVSS9AI score0.01708EPSS
Exploits0References2
Prion
Prion
added 2020/10/19 1:15 p.m.16 views

Code injection

rConfig 3.9.4 and earlier allows authenticated code execution of system commands by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php...

9CVSS8.7AI score0.0421EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/10/19 12:54 p.m.24 views

CVE-2020-13778

rConfig 3.9.4 and earlier allows authenticated code execution of system commands by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php...

9.2AI score0.0421EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2020/06/04 12:0 a.m.20 views

CVE-2020-10546

rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes’ passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. Recent assessments: theguly at...

9.8CVSS4.1AI score0.99683EPSS
Exploits15References3
OSV
OSV
added 2020/05/18 3:15 p.m.4 views

CVE-2020-12255

rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality. vendor.crud.php accepts a file upload by checking content-type without considering the file extension and header. Thus, an attacker can exploit this by uploading a .php file to...

8.8CVSS7.9AI score0.52582EPSS
Exploits0References1
Prion
Prion
added 2020/05/18 3:15 p.m.15 views

Cross site scripting

rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file improperly validates user input. An attacker can exploit this by crafting arbitrary JavaScript in the deviceId GET parameter to devicemgmnt.php...

3.5CVSS6.2AI score0.95752EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/05/18 1:51 p.m.18 views

CVE-2020-12257

rConfig 3.9.4 is vulnerable to cross-site request forgery CSRF because it lacks implementation of CSRF protection such as a CSRF token. An attacker can leverage this vulnerability by creating a form add a user, delete a user, or edit a user...

8.9AI score0.01409EPSS
Exploits1References1
NVD
NVD
added 2020/05/18 1:15 p.m.19 views

CVE-2020-12259

rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php...

5.4CVSS6.2AI score0.94767EPSS
Exploits0References1
0day.today
0day.today
added 2020/03/28 12:0 a.m.230 views

rConfig 3.9.4 - (searchField) Unauthenticated Root Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution Exploit Author: vikingfr Greetz : Orange Cyberdefense - team CSR-SO https://cyberdefense.orange.com CVE-2019-19509 + CVE-2019-19585 + CVE-2020-10220 Exploi...

7.1AI score0.99683EPSS
Exploits20
Packet Storm
Packet Storm
added 2020/03/23 12:0 a.m.118 views

rConfig 3.9.4 Remote Command Injection

Exploit Title: rConfig 3.9.4 - 'search.crud.php' Remote Command Injection Date: 2020-03-21 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.rconfig.com Software Link: https://www.rconfig.com/downloads/rconfig-3.9.4.zip Version: rConfig 3.9.4 Tested on: Cent OS 7 1908...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/03/23 12:0 a.m.177 views

rConfig 3.9.4 - (search.crud.php) Remote Command Injection Exploit

Exploit for php platform in category web applications Exploit Title: rConfig 3.9.4 - 'search.crud.php' Remote Command Injection Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.rconfig.com Software Link: https://www.rconfig.com/downloads/rconfig-3.9.4.zip Version:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/03/23 12:0 a.m.163 views

rConfig 3.9.4 - 'search.crud.php' Remote Command Injection

Exploit Title: rConfig 3.9.4 - 'search.crud.php' Remote Command Injection Date: 2020-03-21 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.rconfig.com Software Link: https://www.rconfig.com/downloads/rconfig-3.9.4.zip Version: rConfig 3.9.4 Tested on: Cent OS 7 1908...

9.8CVSS9.7AI score0.83862EPSS
Exploits3
Rows per page
Query Builder