Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rconfig rconfig vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2020-27466
An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows malicious users to execute arbitrary code via a crafted file.
Rconfig Rconfig 3.9.6
4
CVSSv2
CVE-2020-15712
rConfig 3.9.5 could allow a remote authenticated malicious user to traverse directories on the system. An attacker could send a crafted request to the ajaxGetFileByPath.php script containing hexadecimal encoded "dot dot" sequences (%2f..%2f) in the path parameter to vie...
Rconfig Rconfig 3.9.5
6.5
CVSSv2
CVE-2020-15713
rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.php script using the sortBy parameter, which could allow the malicious user to view, add, modify, or delete information in the back-end database.
Rconfig Rconfig 3.9.5
6.5
CVSSv2
CVE-2020-15714
rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.crud.php script using the custom_Location parameter, which could allow the malicious user to view, add, modify, or delete information in the back-end dat...
Rconfig Rconfig 3.9.5
NA
CVE-2019-19268
Multiple attack vectors in rConfig v3.9.2 due to misconfiguration, which allows local users to execute root commands via sudo. The Sudo configuration in rConfig 3.9.2 gives the apache user access to execute the /usr/bin/zip, /bin/chmod, and /usr/bin/tail programs as root. This ca...
1 Github repository
9
CVSSv2
CVE-2022-24388
Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability i...
Fidelissecurity Deception
Fidelissecurity Network
9
CVSSv2
CVE-2022-24389
Vulnerability in rconfig “cert_utils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerabi...
Fidelissecurity Deception
Fidelissecurity Network
6.5
CVSSv2
CVE-2022-24390
Vulnerability in rconfig “remote_text_file” enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vul...
Fidelissecurity Deception
Fidelissecurity Network
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5