Lucene search
K

16 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-19976

Malware in sbrugna...

7.8CVSS7.7AI score0.01894EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-15650

Malware in sbrugna...

8.8CVSS8.7AI score0.02017EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2022/11/17 12:0 a.m.7 views

CVE-2022-44384

An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file...

8.9AI score0.05009EPSS
Exploits2References1
NVD
NVD
added 2021/10/11 1:15 p.m.11 views

CVE-2021-29006

rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server...

6.5CVSS0.05471EPSS
Exploits1References1
Prion
Prion
added 2021/10/11 1:15 p.m.19 views

Arbitrary file deletion

rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server...

4CVSS6.3AI score0.05471EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/10/11 12:2 p.m.15 views

CVE-2021-29006

rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server...

6.9AI score0.05471EPSS
Exploits1References1
NVD
NVD
added 2021/08/20 7:15 p.m.19 views

CVE-2020-27466

An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file...

7.8CVSS0.01894EPSS
Exploits0References1
Prion
Prion
added 2021/08/20 7:15 p.m.15 views

Arbitrary file deletion

An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file...

6.8CVSS7.8AI score0.01894EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/08/20 6:10 p.m.51 views

CVE-2020-27466

CVE-2020-27466 affects rConfig 3.9.6. The vulnerability is in lib/AjaxHandlers/ajaxEditTemplate.php and is described as an arbitrary file write that allows an attacker to execute arbitrary code via a crafted file. Publicly available connected documents corroborate this as the core issue; however,...

7.8CVSS7.8AI score0.01894EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/08/20 6:10 p.m.22 views

CVE-2020-27466

An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file...

7.8AI score0.01894EPSS
Exploits0References1
CVE
CVE
added 2021/08/20 6:10 p.m.47 views

CVE-2020-27464

CVE-2020-27464 affects rConfig versions up to 3.9.6, where an insecure update feature in the /updater.php component allows an attacker to execute arbitrary code through a specially crafted ZIP file. Documents consistently describe the vulnerability as an update mechanism issue leading to code exe...

7.8CVSS7.8AI score0.0246EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/08/20 6:10 p.m.19 views

CVE-2020-27464

An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows attackers to execute arbitrary code via a crafted ZIP file...

7.8AI score0.0246EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/08/20 6:10 p.m.19 views

CVE-2020-25359

An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability gave attackers the ability to send a crafted request to /lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php by specifying a path in the path parameter and an extension in the ext parameter and delet...

9.2AI score0.0225EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/08/20 6:10 p.m.13 views

CVE-2020-25352

A stored cross-site scripting XSS vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote attackers to perform arbitrary Javascript execution through entering a crafted payload into the 'Model' field then saving...

6.1AI score0.02006EPSS
Exploits1References1
Metasploit
Metasploit
added 2021/06/24 5:43 p.m.81 views

rConfig Vendors Auth File Upload RCE

This module allows an attacker with a privileged rConfig account to start a reverse shell due to an arbitrary file upload vulnerability in /lib/crud/vendors.crud.php. Then, the uploaded payload can be triggered by a call to images/vendor/.php Module Options msf use...

8.8CVSS7.1AI score0.05009EPSS
Exploits2
Exploit DB
Exploit DB
added 2021/03/18 12:0 a.m.365 views

rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (1)

Exploit Title: rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution Authenticated 1 Date: 2021-03-17 Exploit Author: Murat ŞEKER Vendor Homepage: https://www.rconfig.com Software Link: https://www.rconfig.com/downloads/rconfig-3.9.6.zip Version: rConfig v3.9.6 Install scripts :...

7.4AI score
Exploits0
Rows per page
Query Builder