GHSA-75H4-C557-J89R Froxlor has Incomplete Symlink Validation in DataDump.add() Allows Arbitrary Directory Ownership Takeover via Cron

Summary DataDump.add constructs the export destination path from user-supplied input without passing the $fixedhomedir parameter to FileDir::makeCorrectDir, bypassing the symlink validation that was added to all other customer-facing path operations likely as the fix for CVE-2023-6069. When the...

CVE-2026-26279 Froxlor Admin-to-Root Privilege Escalation via Input Validation Bypass + OS Command Injection

Froxlor is open source server administration software. Prior to 2.3.4, a typo in Froxlor's input validation code == instead of = completely disables email format checking for all settings fields declared as email type. This allows an authenticated admin to store arbitrary strings in the...

Cron execution command field allows attackers with admin privilege to execute OS command as root

Description - Cron execution command value is written into cronfile without any security protection mechanism. - If an attacker gained admin access, he/she can run OS command as root. Proof of Concept 1/ Navigate to http://webserver/froxlor/adminsettings.php?page=overview&part=crond 2/ In the Cro...

PT-2021-24298 · Unknown · Metersphere

Name of the Vulnerable Software and Affected Versions: Metersphere version 1.15.4 Description: An arbitrary file upload issue was discovered, allowing unauthenticated users to upload files to any directory. This could enable attackers to write a cron job for command execution. Recommendations: Fo...

CVE-2020-9024

Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl executed as root by crond and /root/loadperl.sh executed as root at boot time scripts...

XML sitemap - Moderately critical - Information Disclosure - SA-CONTRIB-2018-053

This module enables you to generate XML sitemaps and it helps search engines to more intelligently crawl a website and keep their results up to date. The module doesn't sufficiently handle access rights under the scenario of updating contents from cron execution...

[ADV/EXP]: RH6.x root from bash /tmp vuln + MORE

Advisory: its been fixed, check some previous messages. bash1 /tmp vulns Also: uucp exploit - file creation/overwriting symlinks kinda exploit for man/makewhatis Requires: 1 local access to run the program 2 a crash or reboot to happened 3 /etc/cron.weekly/makewhatis.cron to be executed by cron 4...