cve-2019-16662 vulnerabilities and exploits

10
CVSSv2
CVE-2019-16662

rConfig v3.9.2 authenticated and unauthenticated RCE. The vulnerability has been discovered in a file called “search.crud.php” which suffers from an authenticated RCE that could triggered by sending a crafted GET request that contains two parameters, the first one...

Rconfig
9
CVSSv2
CVE-2019-16663

rConfig v3.9.2 authenticated and unauthenticated RCE. “ajaxServerSettingsChk.php” file which suffers from an unauthenticated RCE that could triggered by sending a crafted GET request via “rootUname” parameter which is declared in line #2 and then passed...

Rconfig
NA
CVE-2019-19268

Multiple attack vectors in rConfig v3.9.2 due to misconfiguration, which allows local users to execute root commands via sudo. The Sudo configuration in rConfig 3.9.2 gives the apache user access to execute the /usr/bin/zip, /bin/chmod, and /usr/bin/tail programs as root. This...

10
CVSSv2
CVE-2019-0708

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution...

MicrosoftWindows 7Windows Server 2003Windows Server 2008Windows VistaWindows Xp
7.5
CVSSv2
CVE-2019-14277

** DISPUTED ** Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to unauthenticated blind XML injection (and XXE) in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS,...

AxwaySecuretransport
7.5
CVSSv2
CVE-2019-9670

mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability....

SynacorZimbra Collaboration Suite
10
CVSSv2
CVE-2019-15107

An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability....

Webmin
7.5
CVSSv2
CVE-2019-11043

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code...

PhpCanonicalUbuntu LinuxDebianDebian Linux
7.5
CVSSv2
CVE-2019-16278

Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request....

NazgulNostromo Nhttpd
7.5
CVSSv2
CVE-2019-16759

vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request....

Vbulletin