33 matches found
CVE-2025-8432 CentreonBI user account on the MBI server can execute commands as root by modifying script runned by the CRON
Incorrect Default Permissions vulnerability in Centreon Infra Monitoring MBI modules allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 before 24.04.9, from 23.10.0 before 23.10.15...
EUVD-2007-1468
Malware in sbrugna...
EUVD-2025-31434
Malicious code in bioql PyPI...
SUSE CVE-2007-1474
Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames...
PT-2023-10147 · Unknown · Pointhi Searx Stats
Name of the Vulnerable Software and Affected Versions: pointhi searx stats affected versions not specified Description: A critical issue has been found in pointhi searx stats, affecting some unknown processing of the file cgi/cron.php, leading to sql injection. Recommendations: Apply a patch to f...
searx_stats SQL注入漏洞
searxstats is a small website by Thomas Pointhuber, a personal developer, that displays current statistics about searx instances and the searx engine. searxstats suffers from a SQL injection vulnerability that stems from some unknown handling of the file cgi/cron.php, which operates to cause SQL...
UBUNTU-CVE-2023-22622
WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not receive enough visits to execute scheduled tasks in a timely manner," but neither the installation gui...
CVE-2020-12842
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php...
CVE-2020-8833 Apport race condition in crash report permissions
Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protectedsymlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash...
openSUSE Security Update : texlive-filesystem (openSUSE-2020-368)
This update for texlive-filesystem fixes the following issues : Security issues fixed : - Changed default user for ls-R files and font cache directories to user nobody bsc1159740 - Switched to rm instead of safe-rm or safe-rmdir to avoid race conditions bsc1158910 . - Made cron script more failsa...
OPENSUSE-SU-2020:0368-1 Security update for texlive-filesystem
This update for texlive-filesystem fixes the following issues: Security issues fixed: - Changed default user for ls-R files and font cache directories to user nobody bsc1159740 - Switched to rm instead of safe-rm or safe-rmdir to avoid race conditions bsc1158910 . - Made cron script more failsafe...
Security update for texlive-filesystem (moderate)
openSUSE Security Update: Security update for texlive-filesystem Announcement ID: openSUSE-SU-2020:0368-1 Rating: moderate References: 1150556 1155381 1158910 1159740 Affected Products: openSUSE Leap 15.1 An update that contains security fixes can now be installed. Description: This update for...
SUSE-SU-2020:0520-1 Security update for texlive-filesystem
This update for texlive-filesystem fixes the following issues: Security issues fixed: - Changed default user for ls-R files and font cache directories to user nobody bsc1159740 - Switched to rm instead of safe-rm or safe-rmdir to avoid race conditions bsc1158910 . - Made cron script more failsafe...
Palo Alto Networks - 'readSessionVarsFromFile()' Session Corruption (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Palo Alto Networks readSessionVarsFromFile Session Corruption', 'Description' = %q This module exploits a chain of vulnerabilities in Palo Alto...
Palo Alto Networks readSessionVarsFromFile() Session Corruption
This module exploits a chain of vulnerabilities in Palo Alto Networks products running PAN-OS versions prior to 6.1.19, 7.0.19, 7.1.14, and 8.0.6. This chain starts by using an authentication bypass flaw to to exploit an XML injection issue, which is then abused to create an arbitrary directory,...
eBay Magento CE 1.9.2.1 - Unrestricted Cron Script (Code Execution Denial of Service)
eBay Magento CE 1.9.2.1 - Unrestricted Cron Script Code Execution Denial of Service Exploit Title: eBay Magento CE = 1.9.2.1 Unrestricted Cron Script Potential Code Execution / DoS Date: 06.11.2015 Exploit Author: Dawid Golunski Vendor Homepage: http://magento.com Version: eBay Magento CE = 1.9.2...
Horde Framework and IMP 2.x/3.x Cleanup Cron Script Arbitrary File Deletion Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/22985/info Horde Framework and IMP are prone to a vulnerability that allows a local attacker to delete arbitrary files in the context of the user running the application. A successful attack can reduce the integrity of...
[USN-762-1] APT vulnerabilities
=========================================================== Ubuntu Security Notice USN-762-1 April 20, 2009 apt vulnerabilities CVE-2009-1300, https://launchpad.net/bugs/356012 =========================================================== A security issue affects the following Ubuntu releases: Ubun...
USN-762-1: APT vulnerabilities
Alexandre Martani discovered that the APT daily cron script did not check the return code of the date command. If a machine is configured for automatic updates and is in a time zone where DST occurs at midnight, under certain circumstances automatic updates might not be applied and could become...
Fedora 8 : rkhunter-1.3.2-5.fc8 (2008-8364)
Wed Sep 3 2008 Kevin Fenzi - 1.3.2-5 - Patch debug tmp file issue - bug 460628 - Mon Jun 16 2008 Kevin Fenzi - 1.3.2-4 - Fix cron script to only mail on warn/error - bug 450703 - Fix conditional to account for fc10 rsyslog Note that Tenable Network Security has extracted the preceding description...