rConfig v3.9.2 authenticated and unauthenticated RCE (CVE-2019-16663) and (CVE-2019-16662)

Posted on by Askar

Estimated Reading Time: 6 minutes Summary about rConfig rConfig is an open source network device configuration management utility for network engineers to take frequent configuration snapshots of their network devices. About the exploit I was able two detect two remote command execution vulnerabilities in two different files, the first one called “ajaxServerSettingsChk.php” file which suffers from an unauthenticated RCE that could…

FusionPBX v4.4.8 authenticated Remote Code Execution (CVE-2019-15029)

Posted on by Askar

Estimated Reading Time: 7 minutes Summary about FusionPBX FusionPBX can be used as a highly available single or domain based multi-tenant PBX, carrier grade switch, call center server, fax server, voip server, voicemail server, conference server, voice application server, appliance framework and more. About the exploit In this vulnerability the exploit was kind of easy to find and exploit ,…

Centreon v19.04 Remote Code Execution (CVE-2019-13024)

Posted on by Askar

Estimated Reading Time: 6 minutes Summary about Centreon Centreon is a free and open source infrastructure monitoring software, Centreon allows the system administrators to monitor their infrastructure from a centralized web application, Centreon has become the number 1 open source solution for enterprise monitoring in Europe. About the exploit The exploitation triggers by adding an arbitrary command in the nagios_bin…

Bypassing Kaspersky Endpoint and Cloud SandBox (real world pentest case)

Posted on by Ahmed Khlief

Estimated Reading Time: 5 minutes Introduction Kaspersky is one the of leading anti-virus in the market with more 400M user using this product, the malware threat still exist and can bypass this technology. in this article i will explain how i bypassed kaspersky enterprise version along with their cloud sandbox while i was conducting penetration testing for a company. Anti-virus…

LibreNMS v1.46 Remote Code Execution (CVE-2018-20434)

Posted on by Askar

Estimated Reading Time: 7 minutes Summary about LibreNMS LibreNMS is an open source, powerful and feature-rich auto-discovering PHP based network monitoring system which uses the SNMP protocol. It supports a broad range of operating systems including Linux, FreeBSD, as well as network devices including Cisco, Juniper, Brocade, Foundry, HP and many more. About the exploit The exploitation triggers by adding…