Vulnerability Category — Code Execution

Chinese name:
代码执行
Detail:
代码执行漏洞是用户通过浏览器提交执行命令,由于服务器端没有针对执行函数做过滤,导致在没有指定绝对路径的情况下就执行命令,可能会允许攻击者通过改变 $PATH 或程序执行环境的其他方面来执行一个恶意构造的代码。

Related Vulnerabilities

SSV ID Name
SSV-99033 Adtec Digital多款产品 硬编码默认凭证RCE漏洞
SSV-98405 Advantech WebAccess/SCADA(CVE-2020-25161)
SSV-98399 weblogic 远程代码执行漏洞(CVE-2020-14882 、CVE-2020-14883)
SSV-98398 Weblogic 远程代码执行漏洞(CVE-2020-14841)
SSV-98397 Windows TCP/IP远程执行代码漏洞(CVE-2020-16898)
SSV-98396 Nette 框架未授权远程代码执行漏洞 (CVE-2020-15227)
SSV-98395 Microsoft SharePoint 授权RCE漏洞(CVE-2020-16952)
SSV-98393 Apache Solr 远程代码执行漏洞 (CVE-2020-13957)
SSV-98391 RocketLinx系列多个经过身份验证的命令注入(CVE-2020-12503)
SSV-98388 fastadmin前台getshell漏洞
SSV-98387 Microsoft Exchange Server 远程命令执⾏漏洞(CVE-2020-16875)
SSV-98385 PAN-OS未授权RCE(CVE-2020-2040)
SSV-98383 齐治堡垒机未授权RCE
SSV-98380 Apache Superset远程代码执行漏洞(CVE-2020-13948)
SSV-98379 D-Link DIR-610 多个安全漏洞
SSV-98377 MobileIron MDM 未授权远程代码执行(CVE-2020-15505)
SSV-98370 Jackson 多个反序列化安全漏洞(CVE-2020-24616)
SSV-98369 Weblogic XMLDecoder反序列化代码执行(CVE-2019-2729)
SSV-98356 锐捷易网关存在命令执行漏洞
SSV-98355 禅道OA后台任意文件写入&代码执行
SSV-98353 Joomla 授权 RCE漏洞 (CVE-2020-11890 CVE-2020-10238 CVE-2020-10239)
SSV-98339 PHPCMS V9 前台RCE
SSV-98338 Apache Struts2远程代码执行漏洞(CVE-2019-0230)
SSV-98336 vBulletin 5.x 远程代码执行漏洞 (CVE-2019-17132)绕过
SSV-98335 Geutebruck IP Cameras 认证 RCE(CVE-2020-16205)
SSV-98333 Liferay Portal授权RCE漏洞(CVE-2020-13445)
SSV-98326 Ruby On Rails代码执行漏洞(CVE-2020-8163)
SSV-98322 .NET Framework,SharePoint Server和Visual Studio远程执行代码漏洞(CVE-2020-1147)
SSV-98316 WEBSPHERE远程代码执行漏洞(CVE-2020-4450)
SSV-98293 DNS Server远程代码执行漏洞(CVE-2020-1350)
SSV-98292 WebLogic coherence UniversalExtractor远程代码执行漏洞(CVE-2020-14645)
SSV-98291 exacqVision Web Service 远程代码执行漏洞(CVE-2020-9047)
SSV-98287 Gitlab CE/EE任意文件读取导致远程命令执行漏洞(CVE-2020-10977)
SSV-98286 CDATA OLTs Multiple vulnerabilities
SSV-98285 F5 BIG-IP 认证绕过导致远程代码执行漏洞(CVE-2020-5902)
SSV-98284 Ripple20:Treck TCP/IP 协议栈漏洞
SSV-98279 Lerx CMS 文件上传漏洞
SSV-98278 IBOS 远程代码执行漏洞
SSV-98277 jspxcms 后台代码执行漏洞
SSV-98263 weiphp5.0 Apps.php页面远程命令执行漏洞
SSV-98262 weiphp4.0 beta AddonsController.class.php页面远程命令执行漏洞
SSV-98261 weiphp 4.0 beta PluginController.class.php页面远程命令执行漏洞
SSV-98258 Apache Dubbo反序列化漏洞(CVE-2020-1948)
SSV-98256 SharePoint Remote Code Execution Through Web Parts(CVE-2020-1181)
SSV-98253 NETGEAR R6700 httpd固件上传基于堆栈的缓冲区溢出远程执行代码漏洞
SSV-98245 AnyDesk UDP Discovery Remote Code Execution (CVE-2020-13160)
SSV-98243 Windows OLE 远程代码执行漏洞(CVE-2020-1281)
SSV-98241 用友NC远程代码执行漏洞
SSV-98238 VMware Cloud Director RCE (CVE-2020-3956)
SSV-98236 Fastjson<1.2.69反序列化远程代码执行漏洞
SSV-98234 Apache Tomcat session持久化远程代码执行漏洞(CVE-2020-9484)
SSV-98233 QNAP NAS 未授权任意文件读取、未授权 RCE等多个漏洞应急报告(CVE-2019-7192~7195)
SSV-98229 OpenNMS ActiveMQ 远程命令执行漏洞(CVE-2020-12760)
SSV-98228 Jenkins SCM Filter Jervis插件存在远程代码执行漏洞(CVE-2020-2189)
SSV-98226 SaltStack远程命令执行漏洞(CVE-2020-11651)
SSV-98225 TP-LINK Cloud Cameras NCXXX 系列授权 RCE漏洞(CVE-2020-12109)
SSV-98224 Nexus Repository Manager Groovy注入漏洞(CVE-2020-11753)
SSV-98223 ThinkCMF缓存Getshell漏洞
SSV-98222 MICROSOFT SHAREPOINT USING TYPECONVERTERS远程代码执行漏洞( CVE-2020-0932)
SSV-98221 Junos OS HTTP/HTTPS 服务漏洞 (CVE-2020-1631)
SSV-98220 Apache IoTDB 错误配置JMX RMI远程代码执行漏洞(CVE-2020-1952)
SSV-98219 Android 8.0-9.0 Bluetooth Zero-Click RCE(CVE-2020-0022)
SSV-98217 Cisco UCS Director and Cisco UCS Director Express for Big Data未授权RCE等多个CVE漏洞
SSV-98215 Edimax Technology EW-7438RPn-v3 Mini 1.27 - Remote Code Execution
SSV-98214 Weblogic 远程代码执行漏洞(CVE-2020-2915)
SSV-98213 Weblogic 远程代码执行漏洞(CVE-2020-2801)
SSV-98212 Weblogic 远程代码执行漏洞(CVE-2020-2883)
SSV-98211 Weblogic 远程代码执行漏洞(CVE-2020-2963)
SSV-98210 Weblogic 远程代码执行漏洞(CVE-2020-2798)
SSV-98206 Centreon v19.04 Remote Code Execution (CVE-2019-13024)
SSV-98205 FusionPBX v4.4.8 authenticated Remote Code Execution (CVE-2019-15029)
SSV-98204 rConfig v3.9.2 authenticated and unauthenticated RCE (CVE-2019-16663) and (CVE-2019-16662)
SSV-98203 PandoraFMS v7.0NG authenticated Remote Code Execution (CVE-2019-20224)
SSV-98202 Cacti v1.2.8 authenticated Remote Code Execution (CVE-2020-8813)
SSV-98200 Sonatype Nexus Repository Manager 3远程代码执行漏洞(CVE-2020-10199)
SSV-98199 Sonatype Nexus Repository Manager 3远程代码执行漏洞(CVE-2020-10204)
SSV-98197 ecshop v4.0.7 Authentication code execution vulnerability
SSV-98195 Pi-hole Remote Code Execution(CVE-2020-8816)
SSV-98194 OPENWRT远程执行代码漏洞(CVE-2020-7982)
SSV-98193 Liferay Portal JSON Web Service RCE Vulnerabilities(CVE-2020-7961))
SSV-98190 Adobe ColdFusion 任意文件读取(CVE-2020-3761)和任意文件包含(CVE-2020-3794)漏洞
SSV-98188 Netlink GPON Router 1.0.11 Remote Code Execution
SSV-98186 通达OA 文件上传+文件包含导致RCE漏洞
SSV-98185 Artifactory FreeMarker模板注入(CVE-2020-7931)漏洞
SSV-98183 微软SMBv3协议远程代码执行漏洞(CVE-2020-0796)
SSV-98180 Apache ShardingSphere远程代码执行漏洞(CVE-2020-1947)
SSV-98177 Authenticated Remote Code Execution in M302-L M302-LG M402-LG Industrial 4G LTE Cellular Router
SSV-98176 RCE in Gocloud Routers (authenticated) - (CVE-2020-8949)
SSV-98170 Authenticated Remote Code Execution in Teradek video decoders
SSV-98160 Post Oak Traffic Systems AWAM Bluetooth Field Device -RCE - (CVE-2020-9021)
SSV-98159 Authenticated Remote Code Execution in MultiConnect Conduit devices(CVE-2020-7594)
SSV-98158 Meinberg LANTIME M1000 - RCE - (CVE-2020-7240)
SSV-98155 Iteris Vantage Velocity Field Unit - Os Code Injection - (CVE-2020-9020)
SSV-98149 Eltex Devices NTP-RG-1402G & NTP-2 - OS command Injection - (CVE-2020-9026/CVE-2020-9027)
SSV-98146 Unauthenticated RCE in Draytek Vigor 2960, 3900 and 300B (CVE-2020-8515)
SSV-98145 Multiple Authenticated RCE on FX-1010 Fetch URL and Poll Routes CVE-2020-7243 CVE-2020-7244)
SSV-98144 Authenticated RCE on Comtech FX Series (CVE-2020-5179)
SSV-98143 Authenticated RCE on Comtech Stampede FX-1010 (CVE-2020-7242)
SSV-98141 ManageEngine Desktop Central 反序列化远程执行代码漏洞
SSV-98140 WebLogic coherence远程代码执行漏洞(CVE-2020-2555)
京ICP备10040895号 京公网安备 11010502034610号 Copyright @ 404 Team from Knownsec. 简体中文