Windows Service for User (S4U) Scheduled Task Persistence Logon Trigger

This Metasploit module creates a scheduled task that will run using service-for-user S4U. This allows the scheduled task to run even as an unprivileged user that is not logged into the device. This will result in lower security context, allowing access to local resources only. The module requires...

CVE-2025-66433

HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on the local machine by submitting a batch job. This is fixed in 24.12.14, 25.0.3, and 25.3.1. The earliest affected version is 24.7.3...

Linux Distros Unpatched Vulnerability : CVE-2025-66433

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on the local machine by submitting a batch job. This is fixed in...

EUVD-2025-199922

HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on the local machine by submitting a batch job. This is fixed in 24.12.14, 25.0.3, and 25.3.1. The earliest affected version is 24.7.3...

CVE-2025-66433

HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on the local machine by submitting a batch job. This is fixed in 24.12.14, 25.0.3, and 25.3.1. The earliest affected version is 24.7.3...

DEBIAN-CVE-2025-66433

HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on the local machine by submitting a batch job. This is fixed in 24.12.14, 25.0.3, and 25.3.1. The earliest affected version is 24.7.3...

HTCondor Access Point 安全漏洞

HTCondor Access Point is a submission node in a high-throughput computing architecture from HTCondor. A security vulnerability exists in HTCondor Access Point versions prior to 25.3.1, which stems from the possibility that an authenticated user may impersonate another user by submitting a batch j...

CVE-2025-66433

HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on the local machine by submitting a batch job. This is fixed in 24.12.14, 25.0.3, and 25.3.1. The earliest affected version is 24.7.3...

EUVD-2024-27200

Malicious code in bioql PyPI...

From Spring Cloud Data Flow 2.11.x to 3.0

Dear Spring Community, With the recent announcement of Spring Framework 7.0 and Spring Boot 4.0, the Spring Cloud Data Flow team is pleased to announce the next major release, SCDF 3.0, to align with both Spring Framework 7.0 and Spring Boot 4.0. This will bring the following SCDF ecosystem of...

CVE-2024-2244

REST service authentication anomaly with “valid username/no password” credential combination for batch job processing resulting in successful service invocation. The anomaly doesn’t exist with other credential combinations...

CVE-2024-2244

REST service authentication anomaly with “valid username/no password” credential combination for batch job processing resulting in successful service invocation. The anomaly doesn’t exist with other credential combinations...

CVE-2024-2244

REST service authentication anomaly with “valid username/no password” credential combination for batch job processing resulting in successful service invocation. The anomaly doesn’t exist with other credential combinations...

CVE-2024-2244

Hitachi Energy Asset Suite is affected by CVE-2024-2244 (improper authentication). The vulnerability allows a REST service to be invoked via a batch job using a valid username with no password, applicable to Asset Suite versions prior to 9.6.3.13 and 9.6.4.1. Root cause: authentication anomaly en...

HashiCorp Nomad Remote Command Execution Exploit

This Metasploit module lets you create a batch job on HashiCorp's Nomad service to spawn a shell. The default option is to use the rawexec driver, which runs with high privileges. Development servers and clients explicitly enabling the rawexec plugin can spawn these type of jobs. Regular exec job...

Task Scheduler S4U Logon Elevation of Privilege

The windows task scheduler allows a split token administrator to register a task which runs as a batch job from a limited privilege context. This doesn’t require a user’s password to accomplish as the task will be run non-interactively and so doesn’t need access to the password in order to access...

Microsoft Windows 10: Deny log on as a batch job

This policy setting determines which accounts are prevented from logging on by using a batch-queue tool to schedule and start jobs automatically in the future. The ability to log on by using a batch-queue tool is needed for any account that is used to start scheduled jobs by means of the Task...

Microsoft Windows 10: Log on as a batch job

This policy setting determines which accounts can log on by using a batch-queue tool such as the Task Scheduler service. When you use the Add Scheduled Task Wizard to schedule a task to run under a particular user name and password, that user is automatically assigned the Log on as a batch job us...

Windows Manage User Level Persistent Payload Installer

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...

Windows Manage User Level Persistent Payload Installer

Creates a scheduled task that will run using service-for-user S4U. This allows the scheduled task to run even as an unprivileged user that is not logged into the device. This will result in lower security context, allowing access to local resources only. The module requires 'Logon as a batch job'...