Configure the Scripts Executed by crontab to Be Writable Only by Their Owners

crontab is the configuration file used by the system to execute scheduled tasks. The path of the configuration file is /etc/crontab. With crontab, the OS automatically executes the tasks defined by the administrator based on service requirements. Therefore, the execution scripts or programs...

CVE-2024-12390

A vulnerability in binary-husky/gptacademic version git 310122f allows for remote code execution. The application supports the extraction of user-provided RAR files without proper validation. The Python rarfile module, which supports symlinks, can be exploited to perform arbitrary file writes. Th...

Critical Flaws in Traccar GPS System Expose Users to Remote Attacks

Two security vulnerabilities have been disclosed in the open-source Traccar GPS tracking system that could be potentially exploited by unauthenticated attackers to achieve remote code execution under certain circumstances. Both the vulnerabilities are path traversal flaws and could be weaponized ...

Openmediavault Remote Code Execution / Local Privilege Escalation Exploit

Openmediavault versions prior to 7.0.32 have a vulnerability that occurs when users in the web-admin group enter commands on the crontab by selecting the root shell. As a result of exploiting the vulnerability, authenticated web-admin users can run commands with root privileges and receive revers...

n0Mac - Yet Another Mac Changer!!!

This script changes the MAC address of the network interface to a randomly generated address on system startup using crontab. It then uses the macchanger command to generate a list of MAC address vendors and selects one at random and then combines that vendor prefix with a randomly generated suff...

The vulnerability of crontabs in the macOS operating system allows a hacker to elevate their privileges to root level.

The vulnerability of crontabs in the macOS operating system relates to deficiencies in access control. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level...

D3m0n1z3dShell - Demonized Shell Is An Advanced Tool For Persistence In Linux

Demonized Shell is an Advanced Tool for persistence in linux. Install git clone https://github.com/MatheuZSecurity/D3m0n1z3dShell.git cd D3m0n1z3dShell chmod +x demonizedshell.sh sudo ./demonizedshell.sh One-Liner Install Download D3m0n1z3dShell with all files: curl -L...

CVE-2023-50922

An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000...

CVE-2023-50922

An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000...

CVE-2023-50922

An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000...

Various GL.iNet products Security Breach

GL.iNet MT3000 and others are products of China-based GL.iNet GL.iNet.GL.iNet MT3000 is an AX3000 portable router that uses the Wi-Fi 6 protocol.GL.iNet MT2500 is a router.GL.iNet MT6000 is a router. A security vulnerability exists in various GL.iNet products that originated from a vulnerability...

How to auto execute shell command at a regular time every day using crontab

This article outlines the method to schedule a shell command at a regular time every day using crontab in an ADC...

SUSE CVE-2005-1038

crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235...

SUSE CVE-2012-6097

File descriptor leak in cronie 1.4.8, when running in certain environments, might allow local users to read restricted files, as demonstrated by reading /etc/crontab...

SUSE CVE-2018-12029

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...

SUSE CVE-2019-9704

Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service daemon crash via a large crontab file because the calloc return value is not checked...

SUSE CVE-2019-9705

Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service memory consumption via a large crontab file because an unlimited number of lines is accepted...

Over 39,000 Unauthenticated Redis Instances Found Exposed on the Internet

An unknown attacker targeted tens of thousands of unauthenticated Redis servers exposed on the internet in an attempt to install a cryptocurrency miner. It's not immediately known if all of these hosts were successfully compromised. Nonetheless, it was made possible by means of a "lesser-known...

CVE-2022-37108

An injection vulnerability in the syslog-ng configuration wizard in Securonix Snypr 6.4 allows an application user with the "Manage Ingesters" permission to execute arbitrary code on remote ingesters by appending arbitrary text to text files that are executed by the system, such as users' crontab...

CVE-2022-37108

An injection vulnerability in the syslog-ng configuration wizard in Securonix Snypr 6.4 allows an application user with the "Manage Ingesters" permission to execute arbitrary code on remote ingesters by appending arbitrary text to text files that are executed by the system, such as users' crontab...