Vulnerability Category - 代码执行 - Code Execution - Seebug Vulnerability Platform

Vulnerability Category — Code Execution

Chinese name:: 代码执行

Detail：: 代码执行漏洞是用户通过浏览器提交执行命令，由于服务器端没有针对执行函数做过滤，导致在没有指定绝对路径的情况下就执行命令，可能会允许攻击者通过改变 $PATH 或程序执行环境的其他方面来执行一个恶意构造的代码。

Related Vulnerabilities

SSV ID	Submit Time	Level	Name	Status	Popularity \| Comments
SSV-15922	2006-03-15		php iCalendar <= 2.21 (publish.ical.php) Remote Code Execution Exploit		884 \| 0
SSV-15919	2006-03-13		Simple PHP Blog <= 0.4.7.1 Remote Command Execution Exploit		840 \| 0
SSV-15914	2006-03-11		GuestBook Script <= 1.7 (include_files) Remote Code Execution Exploit		879 \| 0
SSV-15911	2006-03-10		Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service		1467 \| 0
SSV-15912	2006-03-10		Guppy <= 4.5.11 (Delete Databases) Remote Denial of Service Exploit		845 \| 0
SSV-15909	2006-03-09		Light Weight Calendar 1.x (date) Remote Code Execution Vulnerability		822 \| 0
SSV-15910	2006-03-09		JiRos Banner Experience 1.0 (Create Admin Bypass) Remote Exploit		873 \| 0
SSV-15904	2006-03-07		Limbo CMS <= 1.0.4.2 (ItemID) Remote Code Execution Exploit (meta)		901 \| 0
SSV-15896	2006-03-05		LibTiff 3.7.1 (BitsPerSample Tag) Local Buffer Overflow Exploit		839 \| 0
SSV-15895	2006-03-04		Fantastic News <= 2.1.2 (script_path) Remote Code Execution Exploit		830 \| 0
SSV-15888	2006-03-02		phpRPC Library <= 0.7 XML Data Decoding Remote Code Execution (2)		850 \| 0
SSV-15884	2006-03-01		Limbo CMS <= 1.0.4.2 (ItemID) Remote Code Execution Exploit		926 \| 0
SSV-15885	2006-03-01		phpRPC Library <= 0.7 XML Data Decoding Remote Code Execution		859 \| 0
SSV-15879	2006-02-26		4Images <= 1.7.1 (Local Inclusion) Remote Code Execution Exploit		1372 \| 0
SSV-15873	2006-02-25		iGENUS WebMail <= 2.0.2 (config_inc.php) Remote Code Execution Exploit		952 \| 0
SSV-15868	2006-02-23		NOCC Webmail <= 1.0 (Local Inclusion) Remote Code Execution Exploit		945 \| 0
SSV-15867	2006-02-22		Noahs Classifieds <= 1.3 (lowerTemplate) Remote Code Execution		805 \| 0
SSV-15860	2006-02-19		Admbook <= 1.2.2 (X-Forwarded-For) Remote Command Execution Exploit		882 \| 0
SSV-15859	2006-02-17		Coppermine Photo Gallery <= 1.4.3 Remote Commands Execution Exploit		1094 \| 0
SSV-15858	2006-02-17		Gravity Board X <= 1.1 (csscontent) Remote Code Execution Exploit		823 \| 0
SSV-15797	2005-12-20		PHPGedView <= 3.3.7 Arbitrary Remote Code Execution Exploit		830 \| 0
SSV-13620	2005-12-15		Watchfire AppScan QA 5.0.x Remote Code Execution Exploit PoC		825 \| 0
SSV-15791	2005-12-12		phpCOIN 1.2.2 (phpcoinsessid) SQL Inj / Remote Code Execution Exploit		865 \| 0
SSV-15787	2005-12-08		SugarSuite Open Source <= 4.0beta Remote Code Execution Exploit (c)		823 \| 0
SSV-15786	2005-12-08		Website Baker <= 2.6.0 Login Bypass / Remote Code Execution Exploit		840 \| 0
SSV-15782	2005-12-07		SugarSuite Open Source <= 4.0beta Remote Code Execution Exploit		861 \| 0
SSV-15710	2005-10-14		w-Agora <= 4.2.0 (quicklist.php) Remote Code Execution Exploit		874 \| 0
SSV-15683	2005-09-13		AzDGDatingLite <= 2.1.3 Remote Code Execution Exploit		886 \| 0
SSV-15677	2005-09-09		Class-1 Forum <= 0.24.4 Remote Code Execution Exploit		807 \| 0
SSV-15654	2005-08-10		Wordpress <= 1.5.1.3 Remote Code Execution eXploit (metasploit)		910 \| 0
SSV-15652	2005-08-09		Wordpress <= 1.5.1.3 Remote Code Execution 0-Day Exploit		946 \| 0
SSV-15651	2005-08-08		Flatnuke <= 2.5.5 Remote Code Execution		797 \| 0
SSV-13656	2005-07-21		Intruder Client 1.00 Remote Command Execution & DoS Exploit		850 \| 0
SSV-13682	2005-04-19		MS Exchange Server Remote Code Execution Exploit (MS05-021)		1574 \| 0
SSV-15406	2004-12-05		phpBB v1.0.0 - 2.0.10 admin_cash.php remote exploit		987 \| 0
SSV-13752	2004-10-06		Icecast <= 2.0.1 Win32 Remote Code Execution Exploit		903 \| 0
SSV-13765	2004-08-25		Winamp <= 5.04 Skin File (.wsz) Remote Code Execution Exploit		1330 \| 0
SSV-13831	2003-05-12		Snitz Forums 3.3.03 Remote Command Execution Exploit		1110 \| 0

1
...
20
21
22
23
24
25