漏洞分类 — 代码执行

英文名字
Code Execution
漏洞详情:
代码执行漏洞是用户通过浏览器提交执行命令,由于服务器端没有针对执行函数做过滤,导致在没有指定绝对路径的情况下就执行命令,可能会允许攻击者通过改变 $PATH 或程序执行环境的其他方面来执行一个恶意构造的代码。

相关漏洞

SSV ID 漏洞名称
SSV-96456 FreeRDP Rdp Client Recv RDP Code Execution Vulnerability(CVE-2017-2835)
SSV-96455 EZB Systems UltraISO ISO Parsing Code Execution Vulnerability(CVE-2017-2840)
SSV-96454 Kakadu SDK JPEG 2000 Contiguous Codestream Code Execution Vulnerability(CVE-2017-2812)
SSV-96453 Kakadu SDK JPEG 2000 Unknown Marker Code Execution Vulnerability(CVE-2017-2811)
SSV-96452 Adobe Acrobat Reader DC AcroForm PDFDocEncoding Remote Code Execution Vulnerability(CVE-2017-11263)
SSV-96451 GNOME libsoup HTTP Chunked Encoding Remote Code Execution Vulnerability(CVE-2017-2885)
SSV-96450 Lexmark Perceptive Document Filters PDF GfxFont Code Execution Vulnerability(CVE-2017-2821)
SSV-96449 Lexmark LibISYSpdf Image Rendering DCTStream::getBlock() Code Execution Vulnerability(CVE-2017-2822)
SSV-96448 National Instruments LabVIEW RSRC Arbitrary Null Write Code Execution Vulnerability(CVE-2017-2779)
SSV-96447 Gdk-Pixbuf JPEG gdk_pixbuf__jpeg_image_load_increment Code Execution Vulnerability(CVE-2017-2862)
SSV-96446 Gdk-Pixbuf TIFF tiff_image_parse Code Execution Vulnerability(CVE-2017-2870)
SSV-96445 Ledger CLI Tags Parsing Code Execution Vulnerability(CVE-2017-2807)
SSV-96441 FreeXL read_biff_next_record Code Execution Vulnerability(CVE-2017-2923)
SSV-96440 FreeXL BIFF Dimension Marker Code Execution Vulnerability(CVE-2017-2924)
SSV-96435 DEDECMS 会员中心代码投稿缺陷可getshell
SSV-96425 Apache Struts2 S2-053 (CVE-2017-12611)
SSV-96420 Apache Struts2 S2-052 (CVE-2017-9805)
SSV-96349 Microsoft Internet Explorer Remote Code Execution Vulnerability(CVE-2017-8618)
SSV-96342 onethink 前台代码执行漏洞
SSV-96340 ThinkPHP5.0.10-3.2.3缓存函数设计缺陷可导致Getshell
SSV-96337 wordpress plugin updraftplus 任意文件上传
SSV-96331 Synology Photo Station Unauthenticated Remote Code Execution
SSV-96328 Remote Exploitation of the NeoCoolcam IP Cameras and Gateway
SSV-96326 DotNetNuke任意代码执行漏洞(CVE-2017-9822)
SSV-96316 Supervisor Authenticated Remote Code Execution(CVE-2017-11610)
SSV-96296 ZenCart 1.5.5e 后台代码执行漏洞
SSV-96295 ManageEngine Desktop Central 10 Build 100087 RCE(CVE-2017-11346)
SSV-96292 FineCMS 前台无限制getshell
SSV-96285 Apache Kafka desrialization vulnerability
SSV-96284 Devil's Ivy vulnerability(CVE-2017-9765)
SSV-96276 MetInfo 5.3.17 Authenticated Code Execution Vulnerability(CVE-2017-11347)
SSV-96270 Apache Struts 2 远程命令执行漏洞(S2-048)
SSV-96253 zzcms最新版及之前版本系统重装漏洞可Getshell
SSV-96239 Microsoft Windows Uniscribe Remote Code Execution Vulnerability(CVE-2017-0283)
SSV-96227 Alpine Linux: From vulnerability discovery to code execution
SSV-93219 TP-Link WR841N code execution( CVE-2017-9466)
SSV-93206 HP PageWide Printers / HP OfficeJet Pro Printers (OfficeJet Pro 8210) - Arbitrary Code Execution
SSV-93139 Samba远程代码执行漏洞(CVE-2017-7494)
SSV-93135 IBM Informix Dynamic Server Open Admin Tool RCE (CVE-2017-1092)
SSV-93118 PlaySMs 1.4 'import.php' Remote Code Execution
SSV-93117 GNU Bash code execution vulnerability in path completion(CVE-2017-5932)
SSV-93110 Microsoft Malware Protection Engine RCE (CVE-2017-0290)
SSV-93105 Google Nexus 9 SensorHub Firmware Downgrade Vulnerability(CVE-2017-0582)
SSV-93104 Google Nexus 9 Cypress SAR Firmware Injection via I2C(CVE-2017-0563)
SSV-93101 Cordova-Android MiTM Remote Code Execution(CVE-2017-3160)
SSV-93097 Vanilla Forums <= 2.3 Unauth Remote Code Execution (CVE-2016-10033)
SSV-93077 WordPress Core 4.6 - Unauthenticated Remote Code Execution
SSV-93067 Ghostscript remote code execution (CVE-2017-8291)
SSV-93062 Jenkins Java Deserialization Remote Code Execution Vulnerability (CVE-2017-1000353)
SSV-93060 Zabbix Server Active Proxy Trapper Remote Code Execution Vulnerability( CVE-2017-2824)
SSV-93044 BigTree CMS - Bypass CSRF filter and execute code with PHPMailer
SSV-93005 Squirrelmail 1.4.22 Remote Code Execution (CVE-2017-7692)
SSV-92990 Trend Micro Threat Discovery Appliance <= 2.6.1062r1 (latest) upload.cgi Remote Code Execution Vulnerability Raw (CVE-2016-8593)
SSV-92987 Trend Micro Threat Discovery Appliance <= 2.6.1062r1 (latest) log_query.cgi Command Injection Remote Code Execution Vulnerability (CVE-2016-8591)
SSV-92986 Trend Micro Threat Discovery Appliance <= 2.6.1062r1 log_query_dlp.cgi Command Injection Remote Code Execution Vulnerability (CVE-2016-8590)
SSV-92985 Trend Micro Threat Discovery Appliance <= 2.6.1062r1 log_query_dae.cgi Command Injection Remote Code Execution Vulnerability (CVE-2016-8589)
SSV-92984 Trend Micro Threat Discovery Appliance <= 2.6.1062r1 dlp_policy_upload.cgi Remote Code Execution Vulnerability (CVE-2016-8587)
SSV-92983 Trend Micro Threat Discovery Appliance <= 2.6.1062r1 detected_potential_files.cgi Command Injection Remote Code Execution Vulnerability (CVE-2016-8586)
SSV-92982 Trend Micro Threat Discovery Appliance <= 2.6.1062r1 admin_sys_time.cgi Command Injection Remote Code Execution Vulnerability Raw(CVE-2016-8585)
SSV-92967 Windows: ManagementObject Arbitrary .NET Serialization RCE(CVE-2017-0160)
SSV-92965 Apache Log4j socket receiver deserialization vulnerability (CVE-2017-5645)
SSV-92964 EternalChampion - Windows SMB Remote Code Execution Vulnerability (CVE-2017-0146)
SSV-92962 Jackson enableDefaultTyping 方法反序列化代码执行漏洞(CVE-2017-7525)
SSV-92954 ETERNALSYNERGY —remote SMB exploit for  Windows 8 and Windows Server 2012
SSV-92952 ETERNALBLUE - Remote RCE via SMB & NBT (Windows XP to Windows 2012)
SSV-92945 Linux 内核 'udp.c' 远程代码执行漏洞(CVE-2016-10229)
SSV-92940 Trend Micro Threat Discovery Appliance remote code execution(CVE-2016-7547)
SSV-92935 Microsoft Office OLE2Link vulnerability (CVE-2017-0199)
SSV-92932 Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability (CVE-2017-3881)
SSV-92924 iOS/macOS Remote code execution triggered by malformed GIF in ImageIO framework(CVE-2017-2416)
SSV-92913 AMF3 Java implementations deserialization Vulnerability
SSV-92870 math.js remote code execution vulnerability
SSV-92868 LastPass: global properties can be modified across isolated worlds, allowing remote code execution
SSV-92827 pfsense 2.3.2 Code Execution Vulnerability
SSV-92807 Moodle Remote Code Execution Vulnerability (CVE-2017-2641)
SSV-92804 S2-046: Struts 2 Remote Code Execution vulnerability(CVE-2017-5638)
SSV-92791 GitHub Enterprise Remote Code Execution via Marshal
SSV-92787 fastjson < 1.2.24 远程代码执行漏洞
SSV-92763 ohocms custom_design.php 代码执行漏洞
SSV-92762 ohocms design_edittheme2.php文件写入漏洞
SSV-92760 ohocms edittheme1.php 代码执行漏洞
SSV-92758 ASUSWRT - Multiple Vulnerabilities
SSV-92746 S2-045: Struts 2 Remote Code Execution vulnerability(CVE-2017-5638)
SSV-92744 seacms search.php 代码执行漏洞
SSV-92737 ohocms catid_user_save.php 代码执行漏洞
SSV-92736 ohocms edittheme.php 代码执行漏洞
SSV-92734 IE Godmode 远程代码执行漏洞(CVE-2014-6332)
SSV-92728 2017 Visual Studio Code Workspace settings code execution
SSV-92726 Cisco ASA Remote Code Execution (CVE-2016-1287)
SSV-92725 Remote Code Execution as Root via ESET Endpoint Antivirus 6(CVE-2016-9892)
SSV-92715 FireFox RCE by chaining small bugs
SSV-92710 Shutter user-assisted remote code execution
SSV-92697 74cms前台type参数模板引擎注入漏洞
SSV-92693 74cms 后台tpl_dir参数任意代码执行漏洞
SSV-92685 Oracle Mysql Memcached Remote Code Execution Vulnerability
SSV-92674 Node.js 模块 node-serialize 反序列化任意代码执行漏洞
SSV-92655 Jenkins 远程代码执行漏洞 (CVE-2017-2608)
SSV-92638 Apache Struts 远程代码执行漏洞
SSV-92631 MyBB <= 1.8.3 远程代码执行漏洞
SSV-92626 libgd 2.1.1 - Signedness Heap Overflow
京ICP备10040895号 京公网安备 11010502034610号 Copyright @ 404 Team from Knownsec. English