Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rconfig vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-16662
An issue exists in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
Rconfig Rconfig 3.9.2
2 EDB exploits
4 Github repositories
5.4
CVSSv3
CVE-2020-25352
A stored cross-site scripting (XSS) vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote malicious users to perform arbitrary Javascript execution through entering a crafted payload into the 'Model...
Rconfig Rconfig 3.9.5
8.8
CVSSv3
CVE-2021-29005
Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server.
Rconfig Rconfig 3.9.6
8.8
CVSSv3
CVE-2020-15713
rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.php script using the sortBy parameter, which could allow the malicious user to view, add, modify, or delete information in the back-end database.
Rconfig Rconfig 3.9.5
NA
CVE-2019-19268
Multiple attack vectors in rConfig v3.9.2 due to misconfiguration, which allows local users to execute root commands via sudo. The Sudo configuration in rConfig 3.9.2 gives the apache user access to execute the /usr/bin/zip, /bin/chmod, and /usr/bin/tail programs as root. This ca...
1 Github repository
8.8
CVSSv3
CVE-2022-24388
Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability i...
Fidelissecurity Deception
Fidelissecurity Network
8.8
CVSSv3
CVE-2022-24389
Vulnerability in rconfig “cert_utils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerabi...
Fidelissecurity Deception
Fidelissecurity Network
8.8
CVSSv3
CVE-2022-24390
Vulnerability in rconfig “remote_text_file” enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vul...
Fidelissecurity Deception
Fidelissecurity Network
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5