CVSS: 1.9EPSS: 0%CPEs: 34EXPL: 0CVE-2010-0792
https://notcve.org/view.php?id=CVE-2010-0792
fcrontab in fcron before 3.0.5 allows local users to read arbitrary files via a symlink attack on an unspecified file. fcrontab en fcron anteriores a v3.0.5 permite a usuarios locales leer ficheros arbitrarios a traves de un ataque de enlace simbolico en un fichero sin especificar. • http://fcron.free.fr http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038150.html http://seclists.org/fulldisclosure/2010/Mar/97 http://secunia.com/advisories/38796 http://secunia.com/advisories/39195 http://securitytracker.com/id?1023677 http://www.osvdb.org/62718 http://www.securityfocus.com/archive/1/509873/100/0/threaded http://www.securityfocus.com/bid/38531 http://www.vupen.com/english/advisories/2010/0730 https://exchange.xforce.ibmcloud.com/vulner • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.0EPSS: 8%CPEs: 2EXPL: 0CVE-2006-0575
https://notcve.org/view.php?id=CVE-2006-0575
convert-fcrontab in Fcron 2.9.5 and 3.0.0 allows remote attackers to create or overwrite arbitrary files via ".." sequences and a symlink attack on the temporary file that is used during conversion. convert-fcrontab en Fcron 2.9.5 y 3.0.0 permite a atacantes remotos crear o sobreescribir archivos arbitrarios a través de secuencias ".." y un ataque de enlace simbólico en el archivo temporal que es utilizado durante la conversión. • http://marc.info/?l=full-disclosure&m=113890734603201&w=2 http://secunia.com/advisories/18719 http://www.osvdb.org/22905 http://www.securityfocus.com/bid/25693 http://www.trustix.org/errata/2006/0006 http://www.vupen.com/english/advisories/2006/0435 https://exchange.xforce.ibmcloud.com/vulnerabilities/24504 •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1CVE-2006-0539 – Fcron 3.0 - Convert-FCronTab Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-0539
The convert-fcrontab program in fcron 3.0.0 might allow local users to gain privileges via a long command-line argument, which causes Linux glibc to report heap memory corruption, possibly because a strcpy in the strdup2 function can "overwrite some data." • https://www.exploit-db.com/exploits/27159 http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0999.html http://fcron.free.fr/doc/en/changes.html http://fcron.free.fr/news.php#a20060206a.xml http://secunia.com/advisories/18719 http://www.securityfocus.com/archive/1/423697/100/0/threaded http://www.securityfocus.com/bid/16467 http://www.trustix.org/errata/2006/0036 http://www.vupen.com/english/advisories/2006/0435 https://bugs.trustix.org/show_bug.cgi?id&# •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2004-1031
https://notcve.org/view.php?id=CVE-2004-1031
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ. • http://security.gentoo.org/glsa/glsa-200411-27.xml http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false http://www.securityfocus.com/bid/11684 https://exchange.xforce.ibmcloud.com/vulnerabilities/18076 •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2004-1032
https://notcve.org/view.php?id=CVE-2004-1032
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters such that fcronsighup does not properly append the intended fcrontab.sig to the resulting string. • http://security.gentoo.org/glsa/glsa-200411-27.xml http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false https://exchange.xforce.ibmcloud.com/vulnerabilities/18077 •