Filtered by vendor Rconfig
Subscriptions
Total
44 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19372 | 1 Rconfig | 1 Rconfig | 2024-08-05 | 7.5 High |
| A downloadFile.php download_file path traversal vulnerability in rConfig through 3.9.3 allows attackers to list files in arbitrary folders and potentially download files. NOTE: the discoverer later reported that there was not a "fully working exploit. | ||||
| CVE-2019-19585 | 1 Rconfig | 1 Rconfig | 2024-08-05 | 7.8 High |
| An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions. | ||||
| CVE-2019-19509 | 1 Rconfig | 1 Rconfig | 2024-08-05 | 8.8 High |
| An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution. | ||||
| CVE-2019-19207 | 1 Rconfig | 1 Rconfig | 2024-08-05 | 8.8 High |
| rConfig 3.9.2 allows devices.php?searchColumn= SQL injection. | ||||
| CVE-2019-16663 | 1 Rconfig | 1 Rconfig | 2024-08-05 | 8.8 High |
| An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution. | ||||
| CVE-2019-16662 | 1 Rconfig | 1 Rconfig | 2024-08-05 | 9.8 Critical |
| An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution. | ||||
| CVE-2020-27466 | 1 Rconfig | 1 Rconfig | 2024-08-04 | 7.8 High |
| An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file. | ||||
| CVE-2020-27464 | 1 Rconfig | 1 Rconfig | 2024-08-04 | 7.8 High |
| An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows attackers to execute arbitrary code via a crafted ZIP file. | ||||
| CVE-2020-25351 | 1 Rconfig | 1 Rconfig | 2024-08-04 | 6.5 Medium |
| An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote authenticated attackers to read files on the system via a crafted request sent to to the /lib/crud/configcompare.crud.php script. | ||||
| CVE-2020-25359 | 1 Rconfig | 1 Rconfig | 2024-08-04 | 9.1 Critical |
| An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability gave attackers the ability to send a crafted request to /lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php by specifying a path in the path parameter and an extension in the ext parameter and delete all the files with that extension in that path. | ||||
| CVE-2020-25352 | 1 Rconfig | 1 Rconfig | 2024-08-04 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote attackers to perform arbitrary Javascript execution through entering a crafted payload into the 'Model' field then saving. | ||||
| CVE-2020-25353 | 1 Rconfig | 1 Rconfig | 2024-08-04 | 6.5 Medium |
| A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability allowed remote authenticated attackers to open a connection to the machine via the deviceIpAddr and connPort parameters. | ||||
| CVE-2020-23148 | 1 Rconfig | 1 Rconfig | 2024-08-04 | 7.5 High |
| The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request. | ||||
| CVE-2020-23151 | 1 Rconfig | 1 Rconfig | 2024-08-04 | 9.8 Critical |
| rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped. | ||||
| CVE-2020-23150 | 1 Rconfig | 1 Rconfig | 2024-08-04 | 7.5 High |
| A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows attackers to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php. | ||||
| CVE-2020-23149 | 1 Rconfig | 1 Rconfig | 2024-08-04 | 7.5 High |
| The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a SQL injection and access sensitive database information. | ||||
| CVE-2020-15713 | 1 Rconfig | 1 Rconfig | 2024-08-04 | 8.8 High |
| rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.php script using the sortBy parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database. | ||||
| CVE-2020-15715 | 1 Rconfig | 1 Rconfig | 2024-08-04 | 9.9 Critical |
| rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter. | ||||
| CVE-2020-15714 | 1 Rconfig | 1 Rconfig | 2024-08-04 | 8.8 High |
| rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.crud.php script using the custom_Location parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database. | ||||
| CVE-2020-15712 | 1 Rconfig | 1 Rconfig | 2024-08-04 | 4.3 Medium |
| rConfig 3.9.5 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a crafted request to the ajaxGetFileByPath.php script containing hexadecimal encoded "dot dot" sequences (%2f..%2f) in the path parameter to view arbitrary files on the system. | ||||