28 matches found
CVE-2026-62202
OpenClaw is affected: version 2026.6.1 prior to 2026.6.9 contains a privilege escalation in isolated cron jobs. The root cause involves misconfigured input paths in the cron feature, enabling lower-trust callers to regain denied execution tools and to execute or persist actions beyond their inten...
CVE-2026-54636 Dokku: OS Command Injection via app.json managed Cron
Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku user. An app.json cron command utilizing special shell characters - including, but not limited to, or ; - can break out of the Docker container and...
PT-2026-52854
Name of the Vulnerable Software and Affected Versions Dokku versions prior to 0.38.7 Description The cron plugin uses commands defined in the app.json file to manage system cron tasks running as the Dokku user. If a cron command in app.json contains special shell characters, such as or ;, it can...
EUVD-2026-36591
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember user can create a scheduled cron task with Cover=CronCoverAll, Servers= and an arbitrary Command. At every tick of the scheduler, the dashboard...
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service
CVE-2019-9704 Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service daemon crash via a large crontab file because the calloc return value is not checked. CVE-2019-9705 Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of...
CVE-2001-1576
Buffer overflow in cron in Caldera UnixWare 7 allows local users to execute arbitrary code via a command line argument...
WordPress plugin Download Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
EUVD-2000-0311
Malware in sbrugna...
USN-5259-3 cron regression
USN-5259-1 and USN-5259-2 fixed vulnerabilities in Cron. Unfortunately that update was incomplete and could introduce a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the postinst maintainer script in Cron unsafely...
CVE-2020-12839
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php...
Apple macOS 10.13.1 High Sierra Cron Privilege Escalation
Recently I was working on an security issue in some other software that has yet to be disclosed which created a rather interesting condition. As a non-root user I was able to write to any file on the system that was not SIP-protected but the resulting file would not be root-owned, even if it...
The vulnerability of the scheduler daemon in UNIX-like operating systems, Cron, allows a intruder to expand their privileges.
The vulnerability of the Cron task scheduler in UNIX-like operating systems is related to the incorrect definition of references before accessing a file. Exploiting this vulnerability allows an attacker, operating remotely, to increase their privileges by using the postinst script, through symlin...
DEBIAN-CVE-2017-9525
In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs...
The vulnerability of the Red Hat Enterprise Linux operating system, which allows a malicious individual to compromise the accessibility of protected information
The vulnerability of the vixie-cron-4.1 package of the Red Hat Enterprise Linux operating system can lead to a violation of the accessibility of protected information. Exploitation of this vulnerability can be carried out locally...
UBUNTU-CVE-2012-6110
bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessing an open file descriptor...
ecshop 4 8 leak site path vulnerability-vulnerability warning-the black bar safety net
http:// 网站 /shop/api/cron.php http:// 网站 /shop/wap/goods.php http:// 网站 /shop/temp/compiled/urhere.lbi.php http:// 网站 /shop/temp/compiled/pages.lbi.php http:// 网站 /shop/temp/compiled/usertransaction.dwt.php http:// 网站 /shop/temp/compiled/history.lbi.php http:// 网站...
security flaw
crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235...
CVE-2001-1576
CVE-2001-1576: Buffer overflow in cron on Caldera UnixWare 7 allows local users to execute arbitrary code via a command line argument. The connected documents confirm cron as the affected component and the root cause is a buffer overflow; no explicit exploit details or fixes are provided in the s...
Debian DSA-024-1 : cron - local insecure crontab handling
The FreeBSD team has found a bug in the way new crontabs were handled which allowed malicious users to display arbitrary crontab files on the local system. This only affects valid crontab files so it can't be used to get access to /etc/shadow or something. crontab files are not especially secure...
CVE-2001-1576
Buffer overflow in cron in Caldera UnixWare 7 allows local users to execute arbitrary code via a command line argument...