Vulnerability Category — Code Execution

Chinese name:
代码执行
Detail:
代码执行漏洞是用户通过浏览器提交执行命令,由于服务器端没有针对执行函数做过滤,导致在没有指定绝对路径的情况下就执行命令,可能会允许攻击者通过改变 $PATH 或程序执行环境的其他方面来执行一个恶意构造的代码。

Related Vulnerabilities

SSV ID Name
SSV-97458 Samsung SmartThings Hub video-core Camera Update Code Execution Vulnerabilities(CVE-2018-3903 - CVE-2018-3904)
SSV-97457 Samsung SmartThings Hub video-core credentials Code Execution Vulnerability(CVE-2018-3873 - CVE-2018-3878)
SSV-97456 Samsung SmartThings Hub video-core credentials videoHostUrl Code Execution Vulnerability(CVE-2018-3872)
SSV-97455 Samsung SmartThings Hub video-core samsungWifiScan Code Execution Vulnerability(CVE-2018-3863 - CVE-2018-3866)
SSV-97453 Samsung SmartThings Hub video-core Camera Creation Code Execution Vulnerability(CVE-2018-3905)
SSV-97452 Samsung SmartThings Hub video-core samsungWifiScan Callback Code Execution Vulnerability(CVE-2018-3867)
SSV-97451 Samsung SmartThings Hub video-core Database clips Code Execution Vulnerability(CVE-2018-3919)
SSV-97450 Samsung SmartThings Hub video-core Database find-by-cameraId Code Execution Vulnerability(CVE-2018-3880)
SSV-97448 Samsung SmartThings Hub video-core AWSELB Cookie Code Execution Vulnerability(CVE-2018-3925)
SSV-97446 Samsung SmartThings Hub video-core Database shard.videoHostURL Code Execution Vulnerability(CVE-2018-3906)
SSV-97444 Samsung SmartThings Hub video-core database shard code execution vulnerabilities(CVE-2018-3912 - CVE-2018-3917)
SSV-97443 Samsung SmartThings Hub video-core clips Code Execution Vulnerability(CVE-2018-3893 - CVE-2018-3897)
SSV-97436 Samsung SmartThings Hub video-core Camera URL Replace Code Execution Vulnerability(CVE-2018-3902)
SSV-97427 seacms 后台getshell
SSV-97419 WebLogic 反序列化远程命令执行漏洞(CVE-2018-2893)
SSV-97418 Auxblog 1.1.2 代码执行漏洞
SSV-97417 Remote code execution via multiple attack vectors in WAGO e!DISPLAY 7300T
SSV-97416 VLC media player 2.2.8 Arbitrary Code Execution PoC(CVE-2018-11529)
SSV-97364 Insteon Hub PubNub "cc" Channel Message Handler Multiple Global Overflow Code Execution Vulnerabilities(CVE-2017-16338 ~CVE-2017-16347)
SSV-97362 Insteon Hub HTTPExecuteGet Parameters Extraction Code Execution Vulnerability(CVE-2017-14446)
SSV-97361 Insteon Hub PubNub "ad" Channel Message Handler Code Execution Vulnerability(CVE-2017-14447)
SSV-97360 Insteon Hub PubNub control Channel Message Handler Code Execution Vulnerabilities(CVE-2017-14452~CVE-2017-14455)
SSV-97356 Insteon Hub HTTPExecuteGet Firmware Update URL Parameter Code Execution Vulnerability(CVE-2017-14444)
SSV-97355 phpmyadmin4.8.1后台getshell
SSV-97354 Microsoft wimgapi LoadIntegrityInfo Code Execution Vulnerability(CVE-2018-8210)
SSV-97347 AVTECH {DVR/NVR/IPC} IPCP API RCE
SSV-97346 ColdFusion RCE(CVE-2018-4939)
SSV-97343 ecshop 2.7.3 代码执行漏洞
SSV-97342 Code Injection in Moodle
SSV-97340 cscms getshell
SSV-97315 QRadar Remote Command Execution(CVE-2018-1418)
SSV-97314 Bitmain Antminer D3/L3+/S9 - Remote Command Execution(CVE-2018-11220)
SSV-97308 Adobe Enterprise Manager (AEM) < 6.3 - Remote Code Execution
SSV-97306 Claymore Dual Miner Remote Code Execution(CVE-2018-1000049)
SSV-97304 Foxit PDF Reader JavaScript setPersistent Remote Code Execution Vulnerability(CVE-2018-3842)
SSV-97302 Foxit PDF Reader JavaScript XFA Clone Remote Code Execution Vulnerability(CVE-2018-3850)
SSV-97301 Foxit PDF Reader Javascript Search Query Remote Code Execution Vulnerability(CVE-2017-14458)
SSV-97300 Foxit PDF Reader JavaScript createTemplate Remote Code Execution Vulnerability(CVE-2018-3853)
SSV-97299 Hyland Perceptive Document Filters DOC to HTML updateNumbering Code Execution Vulnerability(CVE-2018-3855)
SSV-97298 Hyland Perceptive Document Filters OpenDocument to JPEG conversion SkCanvas Code Execution vulnerability(CVE-2018-3845)
SSV-97297 Hyland Perceptive Document Filters DOCX to HTML Code Execution Vulnerability(CVE-2018-3844)
SSV-97296 Hyland Perceptive Document Filters Microsoft Word CDATA Code Execution Vulnerability(CVE-2018-3851)
SSV-97294 Adobe Acrobat Reader DC ANFancyAlertImpl Remote Code Execution Vulnerability(CVE-2018-4947)
SSV-97293 Adobe Acrobat Reader DC Net.Discovery.queryServices Remote Code Execution Vulnerability(CVE-2018-4996)
SSV-97290 DHCP Client Script Code Execution Vulnerability(CVE-2018-1111)
SSV-97288 SiteOmat Station Automation Software Multiple Vulnerabilities
SSV-97287 RCE with spring-security-oauth2 分析(CVE-2018-1260)
SSV-97274 Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance
SSV-97270 TPLINK TLWR740N路由器远程代码执行漏洞(CVE-2017-13772)
SSV-97269 Exim < 4.90.1 - base64d Remote Code Execution(CVE-2018-6789)
SSV-97262 GitList 0.6 Remote Code Execution
SSV-97246 Drupal core Remote Code Execution(CVE-2018-7602)
SSV-97242 Vigor ACS Unsafe Flex AMF Java Object Deserialization(CVE-2017-5641)
SSV-97237 Jolokia Vulnerabilities - RCE & XSS(CVE-2018-1000130,CVE-2018-1000129)
SSV-97236 Weblogic反序列化远程代码执行漏洞(CVE-2018-2628)
SSV-97217 Shenzhen TVT Digital Technology Co. Ltd & OEM {DVR/NVR/IPC} API RCE
SSV-97215 Cisco Smart Install Protocol Misuse
SSV-97214 spring-messaging Remote Code Execution(CVE-2018-1270)
SSV-97213 MetInfo 6.0.0代码执行漏洞(后台直接拿shell)
SSV-97212 D-Link DSL-3782 Code execution(CVE-2018-8941)
SSV-97210 Dedecms V5.7后台的两处getshell(CVE-2018-9175)
SSV-97208 Adobe ColdFusion 反序列化漏洞(CVE-2017-3066)
SSV-97207 Drupal core Remote Code Execution(CVE-2018-7600)
SSV-97206 Cisco Smart Install Remote Code Execution(CVE-2018-0171)
SSV-97203 Visual Studio Code remote code execution vulnerability
SSV-97168 MikroTik RouterOS < 6.38.4 (x86) - 'Chimay Red' Stack Clash Remote Code Execution
SSV-97161 Tenda AC15 Router - Unauthenticated Remote Code Execution(CVE-2018-5767)
SSV-97160 Spring data rest 远程代码执行(cve-2017-8046)
SSV-97136 Adobe Flash Player Use After Free Remote Code Execution Vulnerability(CVE-2018-4878)
SSV-97135 Cisco RV132W Multiple Vulnerabilities(CVE-2018-0125/CVE-2018-0127)
SSV-97128 Geovision IP Camera Multiple Remote Command Execution - Multiple Stack Overflow - Double free - Unauthorized Access
SSV-97127 Kaspersky Secure Mail Gateway Multiple Vulnerabilities
SSV-97126 HPE Integrated Lights-Out 4 Remote Code Execution Vulnerability(CVE-2017-12542)
SSV-97125 OpenNMS Java Object Deserialization RCE
SSV-97120 BMC BladeLogic 8.3.00.64 - Remote Command Execution
SSV-97119 Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability
SSV-97115 iBall Multiple Vulnerabilities
SSV-97114 Trend Micro Threat Discovery Appliance 2.6.1062r1 - 'dlp_policy_upload.cgi' Remote Code Execution
SSV-97105 Remote Code Execution on the Smiths Medical Medfusion 4000
SSV-97085 MikroTik RouterOS < 6.38.5 RCE
SSV-97083 CODE EXECUTION (CVE-2018-5189) WALKTHROUGH ON JUNGO WINDRIVER 12.5.1
SSV-97081 D-Link Routers 110/412/615/815 Arbitrary Code Execution
SSV-97076 Jackson-databind 远程代码执行漏洞(CVE-2017-17485)
SSV-97062 phpshe1.5商城系统任意文件删除加任意代码执行
SSV-97058 D-Link DSL-6850U Multiple Vulnerabilities
SSV-97054 ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote SYSTEM Code Execution
SSV-97044 InfraPower PPS-02-S Q213V1 Unauthenticated Remote Root Command Execution
SSV-97023 COMTREND ADSL Router CT-5367 - Remote Code Execution
SSV-97013 Pre-auth Remote Code Execution exploit for QNAP QTS
SSV-97011 Vitek RCE and Information Disclosure
SSV-97010 Huawei HG532 Router Remote Code Execution(CVE-2017-17215)
SSV-97009 Oracle WebLogic wls-wsat RCE(CVE-2017-10271)
SSV-97001 VMware VNC Dynamic Resolution Request Code Execution Vulnerability(CVE-2017-4933)
SSV-97000 VMware VNC Pointer Decode Code Execution Vulnerability(CVE-2017-4941)
SSV-96999 Ichano AtHome IP Cameras Multiple Vulnerabilities
SSV-96987 MacOS kernel code execution due to lack of bounds checking in AppleIntelCapriController::GetLinkConfig(CVE-2017-13875)
SSV-96985 QNAP QTS Unauthenticated Remote Code Execution(CVE-2017-17033)
SSV-96983 Palo Alto Networks firewalls remote root code execution(CVE-2017-15944)
SSV-96982 vBulletin routestring Unauthenticated Remote Code Execution
SSV-96979 Apache Synapse远程命令执行漏洞(CVE-2017-15708)
京ICP备10040895号 京公网安备 11010502034610号 Copyright @ 404 Team from Knownsec. 简体中文