13 matches found
PT-2026-29569
Name of the Vulnerable Software and Affected Versions CrnMaster versions prior to 2.2.0 Description CrnMaster is a Cronjob management UI. Prior to version 2.2.0, an authentication bypass exists in the middleware. When the middleware’s session-validation fetch fails, unauthenticated requests with ...
📄 Hestia Control Panel 1.9.3 Code Execution
Hestia Control Panel version 1.9.3 code injection proof of concept exploit written in PHP that leverages cronjobs. ============================================================================================================================================= | Title : Hestia Control Panel 1.9.3 PHP...
📄 FreePBX SQL Injection / Remote Code Execution
This Metasploit module exploits an unauthenticated SQL injection flaw in FreePBX prior to versions 15.0.66, 16.0.89, and 17.0.3. The vulnerability lies in the /admin/ajax.php endpoint, which is accessible without authentication. Additionally, the database user created by FreePBX can schedule...
WebAssembly Jobs and CronJobs in Kubernetes with SpinKube & the Spin Command Trigger
Learn how to run WebAssembly workloads as Kubernetes Jobs and CronJobs using SpinKube and the Spin command trigger...
0xsp Mongoose v1.7 - Linux/Windows Privilege Escalation intelligent Enumeration Toolkit
Using 0xsp mongoose you will be able to scan targeted operating system for any possible way for privilege escalation attacks, starting from collecting information stage until reporting information through 0xsp Web Application API. user will be able to scan different Linux / windows Operation...
0xsp-Mongoose - Privilege Escalation Enumeration Toolkit (ELF 64/32), Fast, Intelligent Enumeration With Web API Integration
Using 0xsp mongoose you will be able to scan a targeted operating system for any possible way for privilege escalation attacks, starting from collecting information stage until reporting information through 0xsp Web Application API. user will be able to scan different Linux os system at the same...
glusterfs: Privilege escalation via gluster_shared_storage when snapshot scheduling is enabled
A privilege escalation flaw was found in gluster snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink...
CVE-2018-1088
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink...
NTP Privilege Escalation
Source: http://www.halfdog.net/Security/2015/NtpCronjobUserNtpToRootPrivilegeEscalation/ Introduction Problem description: The cronjob script bundled with ntp package is intended to perform cleanup on statistics files produced by NTP daemon running with statistics enabled. The script is run as ro...
NTP - Local Privilege Escalation
Source: http://www.halfdog.net/Security/2015/NtpCronjobUserNtpToRootPrivilegeEscalation/ Introduction Problem description: The cronjob script bundled with ntp package is intended to perform cleanup on statistics files produced by NTP daemon running with statistics enabled. The script is run as ro...
vixie-cron security, bug fix, and enhancement update
4:4.1-81 - 455664 adoptions of crontab orphans, forgot add buffer for list of orphans - Related: rhbz455664 4:4.1-80 - 654961 crond process ignores the changes of user's home directory needs bigger changes of code. The fix wasn't applied, detail in comment11. - Related: rhbz249512 4:4.1-79 -...
CVE-2009-3304
GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorizedkeys files in users' home directories, related to deb-specific/sshdumpupdate.pl and cronjobs/cvs-cron/sshcreate.php...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in Contenido CMS 4.8.4 allow remote attackers to execute arbitrary PHP code via a URL in the 1 contenidopath parameter to a contenido/backendsearch.php; the 2 cfgpathcontenido parameter to b movearticles.php, c moveoldstats.php, d...