42 matches found
CVE-2023-50922
An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000...
CVE-1999-0872
Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file...
EUVD-2019-19070
Malware in sbrugna...
EUVD-2018-13440
Malware in sbrugna...
EUVD-2017-9515
Malware in sbrugna...
EUVD-2017-9567
Malware in sbrugna...
EUVD-2023-55653
Malicious code in bioql PyPI...
CVE-2018-20902
cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation SEC-408...
CVE-2018-20940
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups SEC-342...
Critical Flaws in Traccar GPS System Expose Users to Remote Attacks
Two security vulnerabilities have been disclosed in the open-source Traccar GPS tracking system that could be potentially exploited by unauthenticated attackers to achieve remote code execution under certain circumstances. Both the vulnerabilities are path traversal flaws and could be weaponized ...
CVE-2023-50922
An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000...
CVE-2023-50922
An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000...
SUSE CVE-2019-9704
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service daemon crash via a large crontab file because the calloc return value is not checked...
cPanel Information Disclosure Vulnerability (CNVD-2019-26346)
cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An information disclosure vulnerability exists in versions prior to cPanel 64.0.21. An attacker can exploit the vulnerability to...
Design/Logic Flaw
cPanel before 64.0.21 allows attackers to read a user's crontab file during a short time interval upon a cPAddon upgrade SEC-257...
CVE-2017-18399
cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer SEC-332...
CVE-2017-18399
cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer SEC-332...
CVE-2018-20902
CVE-2018-20902 affects cPanel before 71.9980.37. The vulnerability lets an attacker read the root user’s crontab by leveraging the ClamAV installation (SEC-408). This is a local access issue tied to the ClamAV integration within cPanel. The available documents do not specify a patch version or re...
MGASA-2019-0157 Updated cronie packages fix security vulnerabilities
Updated cronie packages fix security vulnerabilities: Cronie before 1.5.3 allows local users to cause a denial of service daemon crash via a large crontab file because the calloc return value is not checked CVE-2019-9704. Cronie before 1.5.3 allows local users to cause a denial of service memory...
CVE-2019-9704
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service daemon crash via a large crontab file because the calloc return value is not checked...