SUSE CVE-2019-9705

Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service memory consumption via a large crontab file because an unlimited number of lines is accepted...

Over 39,000 Unauthenticated Redis Instances Found Exposed on the Internet

An unknown attacker targeted tens of thousands of unauthenticated Redis servers exposed on the internet in an attempt to install a cryptocurrency miner. It's not immediately known if all of these hosts were successfully compromised. Nonetheless, it was made possible by means of a "lesser-known...

CVE-2022-37108

An injection vulnerability in the syslog-ng configuration wizard in Securonix Snypr 6.4 allows an application user with the "Manage Ingesters" permission to execute arbitrary code on remote ingesters by appending arbitrary text to text files that are executed by the system, such as users' crontab...

CVE-2022-37108

An injection vulnerability in the syslog-ng configuration wizard in Securonix Snypr 6.4 allows an application user with the "Manage Ingesters" permission to execute arbitrary code on remote ingesters by appending arbitrary text to text files that are executed by the system, such as users' crontab...

CVE-2022-37108

An injection vulnerability in the syslog-ng configuration wizard in Securonix Snypr 6.4 allows an application user with the "Manage Ingesters" permission to execute arbitrary code on remote ingesters by appending arbitrary text to text files that are executed by the system, such as users' crontab...

Design/Logic Flaw

An injection vulnerability in the syslog-ng configuration wizard in Securonix Snypr 6.4 allows an application user with the "Manage Ingesters" permission to execute arbitrary code on remote ingesters by appending arbitrary text to text files that are executed by the system, such as users' crontab...

CVE-2022-37108

An injection vulnerability in the syslog-ng configuration wizard in Securonix Snypr 6.4 allows an application user with the "Manage Ingesters" permission to execute arbitrary code on remote ingesters by appending arbitrary text to text files that are executed by the system, such as users' crontab...

Securonix SNYPR 注入漏洞

Securonix SNYPR is an open, modular, next-generation security intelligence platform from Securonix, Inc. that combines log management, security information and events. A security vulnerability exists in Securonix SNYPR version 6.4, which stems from the syslog-ng configuration wizard that allows a...

Zyxel Firewall SUID Binary Privilege Escalation

This module exploits CVE-2022-30526, a local privilege escalation vulnerability that allows a low privileged user e.g. nobody escalate to root. The issue stems from a suid binary that allows all users to copy files as root. This module overwrites the firewall's crontab to execute an attacker...

USN-5259-2 cron vulnerabilities

USN-5259-1 fixed several vulnerabilities in Cron. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: It was discovered that the postinst maintainer script in Cron unsafely handled file permissions during package install or update operations. An attacker...

Ubuntu 18.04 LTS : Cron vulnerabilities (USN-5259-2)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5259-2 advisory. USN-5259-1 fixed several vulnerabilities in Cron. This update provides the corresponding update for Ubuntu 18.04 LTS. Tenable has extracted the preceding...

VulnCheck KEV: CVE-2022-27226

A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor's defined interval, leading to remote code execution, allowing the threat...

CVE-2022-27226

A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor's defined interval, leading to remote code execution, allowing the threat...

CVE-2022-27226

A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor's defined interval, leading to remote code execution, allowing the threat...

Cross site request forgery (csrf)

A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor's defined interval, leading to remote code execution, allowing the threat...

CVE-2022-27226

CVE-2022-27226 affects iRZ Mobile Routers. A CSRF flaw in /api/crontab enables a threat actor to insert a crontab entry in the router Admin panel, causing the defined cronjob to run and leading to remote code execution with filesystem access. The issue can also enable RCE if default credentials a...

iRZ Mobile Routers 跨站请求伪造漏洞

iRZ Mobile Routers is a series of mobile routers from the Russian company iRZ. A security vulnerability exists in /api/crontab of iRZ Mobile Routers, which can be exploited by an attacker to create a crontab entry in the router's administration panel, which will be executed by a cronjob at an...

Exploit for Cross-Site Request Forgery (CSRF) in Irz Ru21_Firmware

ez-iRZ Exploit for CVE-2022-27226 Cross Site Request Forgery...

DomainAlerting - Daily Alert When A New Domain Name Is Registered And Contains Your Keywords

Daily alert when a new domain name is registered and contains your keywords. Description DomainAlerting tool allows you to perform two main actions for educational purposes only: Download newly registered domains Send automatic email alert You can setup a wordlist and be alerted by email when you...

USN-5259-1 cron vulnerabilities

It was discovered that the postinst maintainer script in Cron unsafely handled file permissions during package install or update operations. An attacker could possibly use this issue to perform a privilege escalation attack. CVE-2017-9525 Florian Weimer discovered that Cron incorrectly handled...