Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service

CVE-2019-9704 Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service daemon crash via a large crontab file because the calloc return value is not checked. CVE-2019-9705 Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of...

CVE-2001-1576

Buffer overflow in cron in Caldera UnixWare 7 allows local users to execute arbitrary code via a command line argument...

WordPress plugin Download Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

EUVD-2000-0311

Malware in sbrugna...

USN-5259-3 cron regression

USN-5259-1 and USN-5259-2 fixed vulnerabilities in Cron. Unfortunately that update was incomplete and could introduce a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the postinst maintainer script in Cron unsafely...

CVE-2020-12839

ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php...

Apple macOS 10.13.1 High Sierra Cron Privilege Escalation

Recently I was working on an security issue in some other software that has yet to be disclosed which created a rather interesting condition. As a non-root user I was able to write to any file on the system that was not SIP-protected but the resulting file would not be root-owned, even if it...

DEBIAN-CVE-2017-9525

In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs...

UBUNTU-CVE-2012-6110

bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessing an open file descriptor...

ecshop 4 8 leak site path vulnerability-vulnerability warning-the black bar safety net

http:// 网站 /shop/api/cron.php http:// 网站 /shop/wap/goods.php http:// 网站 /shop/temp/compiled/urhere.lbi.php http:// 网站 /shop/temp/compiled/pages.lbi.php http:// 网站 /shop/temp/compiled/usertransaction.dwt.php http:// 网站 /shop/temp/compiled/history.lbi.php http:// 网站...

security flaw

crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235...

CVE-2001-1576

CVE-2001-1576: Buffer overflow in cron on Caldera UnixWare 7 allows local users to execute arbitrary code via a command line argument. The connected documents confirm cron as the affected component and the root cause is a buffer overflow; no explicit exploit details or fixes are provided in the s...

Debian DSA-024-1 : cron - local insecure crontab handling

The FreeBSD team has found a bug in the way new crontabs were handled which allowed malicious users to display arbitrary crontab files on the local system. This only affects valid crontab files so it can't be used to get access to /etc/shadow or something. crontab files are not especially secure...

CVE-2001-1576

Buffer overflow in cron in Caldera UnixWare 7 allows local users to execute arbitrary code via a command line argument...

Security Update: [CSSA-2001-SCO.3] UnixWare - cron buffer overflow

To: [email protected] [email protected] Caldera International, Inc. Security Advisory Subject: UnixWare - cron buffer overflow Advisory number: CSSA-2001-SCO.3 Issue date: 2001 June, 27 Cross reference: 1. Problem Description The cron command is vulnerable to a...

CVE-2000-0312

cron in OpenBSD 2.5 allows local users to gain root privileges via an argv that is not NULL terminated, which is passed to cron's fake popen function...

CVE-2000-0312

OpenBSD 2.5 cron is affected. A local user can exploit an argv[] that is not NULL terminated, which is passed to cron’s fake popen function, to gain root privileges.

[SECURITY] [DSA 024-1] New version of cron released

---------------------------------------------------------------------------- Debian Security Advisory DSA-024-1 [email protected] http://www.debian.org/security/ Martin Schulze January 27, 2001 - ---------------------------------------------------------------------------- Package : cron...

[SECURITY] New Debian cron packages released

Package: cron Vulnerability: local priviledge escalation Debian-specific: no Vulnerable: yes The version of Vixie Cron shipped with Debian GNU/Linux 2.2 is vulnerable to a local attack, discovered by Michal Zalewski. Several problems, including insecure permissions on temporary files and race...

vixie cron...

Attached shell-script exploits fopen + preserved umask vulnerability in Paul Vixie's cron code. It will work on systems where /var/spool/cron is user-readable eg. 0755 - AFAIR Debian does so. RedHat at least 6.1 and previous have mode 0700 on /var/spool/cron, and thus it isn't exploitable in its...