11 matches found
CVE-2026-40498
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can access diagnostic and system tools that should be restricted to administrators. The /system/cron endpoint relies on a static MD5 hash derived from the APPKEY, which is exposed i...
CVE-2026-40498
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can access diagnostic and system tools that should be restricted to administrators. The /system/cron endpoint relies on a static MD5 hash derived from the APPKEY, which is exposed i...
EUVD-2026-24137
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can access diagnostic and system tools that should be restricted to administrators. The /system/cron endpoint relies on a static MD5 hash derived from the APPKEY, which is exposed i...
CVE-2026-40498
FreeScout prior to 1.8.213 exposes an unauthenticated /system/cron endpoint that uses a static MD5 hash derived from APP_KEY (md5(APP_KEY . 'web_cron_hash')), which can leak sensitive server data via the response/logs. This enables Full Path Disclosure, reveals process IDs, and allows automated r...
CVE-2026-40498 FreeScout has Authentication Bypass and Information Disclosure in SystemController via /system/cron
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can access diagnostic and system tools that should be restricted to administrators. The /system/cron endpoint relies on a static MD5 hash derived from the APPKEY, which is exposed i...
CVE-2026-40498 FreeScout has Authentication Bypass and Information Disclosure in SystemController via /system/cron
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can access diagnostic and system tools that should be restricted to administrators. The /system/cron endpoint relies on a static MD5 hash derived from the APPKEY, which is exposed i...
FreeScout 安全漏洞
FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.213 contained security vulnerabilities. These vulnerabilities stemmed from the reliance on static MD5 hashes for the...
CVE-2011-10035 Nagios XI < 2011R1.9 Race Conditions in Crontab Install Scripts LPE
Nagios XI versions prior to 2011R1.9 contain privilege escalation vulnerabilities in the scripts that install or update system crontab entries. Due to time-of-check/time-of-use race conditions and missing synchronization or final-path validation, a local low-privileged user could manipulate...
WordPress 'wp-cron.php' Accessible/Enabled (HTTP) - Active Check
The remote WordPress instance might have a default setup of SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress";...
Denial Of Service (DoS)
The vixie-cron package is vulnerable to Denial Of Service DoS. A local user with the ability to create a hardlink to /etc/crontab can prevent vixie-cron from executing certain system cron jobs...
Mandriva Update for vixie-cron MDKSA-2007:234 (vixie-cron)
Check for the Version of vixie-cron OpenVAS Vulnerability Test Mandriva Update for vixie-cron MDKSA-2007:234 vixie-cron Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...