rConfig v3.9.2 authenticated and unauthenticated RCE (CVE-2019-16663) and (CVE-2019-16662)

Estimated Reading Time: 6 minutes Summary about rConfig rConfig is an open source network device configuration management utility for network engineers to take frequent configuration snapshots of their network devices. About the exploit I was able two detect two remote command execution vulnerabilities in two different files, the first one called “ajaxServerSettingsChk.php” file which suffers from an unauthenticated RCE that could…

Centreon v19.04 Remote Code Execution (CVE-2019-13024)

Estimated Reading Time: 6 minutes Summary about Centreon Centreon is a free and open source infrastructure monitoring software, Centreon allows the system administrators to monitor their infrastructure from a centralized web application, Centreon has become the number 1 open source solution for enterprise monitoring in Europe. About the exploit The exploitation triggers by adding an arbitrary command in the nagios_bin…