-
Notifications
You must be signed in to change notification settings - Fork 1
Studied Vulnerability Exploits
Fogo Tunde-Onadele edited this page Jan 17, 2024
·
3 revisions
The table outlines the studied vulnerability exploits.
Return a shell and execute arbitrary code
| Attack | Application | |
|---|---|---|
| 1. | CVE-2012-1823 | PHP |
| 2. | CVE-2014-3120 | Elasticsearch |
| 3. | CVE-2015-1427 | Elasticsearch (Groovy scripting) |
| 4. | CVE-2015-2208 | phpMoAdmin (env) |
| 5. | CVE-2015-3306 | ProFTPD |
| 6. | CVE-2015-8103 | Jboss (Jenkins) |
| 7. | CVE-2016-10033 | PHPMailer |
| 8. | CVE-2016-3088 | ActiveMQ |
| 9. | CVE-2016-9920 | Roundcube |
| 10. | CVE-2017-11610 | Supervisor on Unix systems |
| 11. | CVE-2017-12615 | Tomcat |
| 12. | CVE-2017-7494 | Samba |
| 13. | CVE-2017-8291 | Ghostscript |
Execute arbitrary code
| Attack | Application | |
|---|---|---|
| 14. | CVE-2014-6271 | Bash |
| 15. | CVE-2015-8562 | Joomla |
| 16. | CVE-2016-3714 | ImageMagick - Linux systems |
| 17. | CVE-2017-12794 | Django |
| 18. | CVE-2017-5638 | Apache Struts 2 |
| 19. | CVE-2018-16509 | GhostScript |
| 20. | CVE-2018-19475 | GhostScript |
| 21. | CVE-2019-6116 | GhostScript |
Disclose credential information
| Attack | Application | |
|---|---|---|
| 22. | CVE-2014-0160 | OpenSSL |
| 23. | CVE-2015-5531 | Elasticsearch |
| 24. | CVE-2017-7529 | Nginx |
| 25. | CVE-2017-8917 | Joomla |
| 26. | CVE-2018-15473 | OpenSSH |
Consume excessive CPU
| Attack | Application | |
|---|---|---|
| 27. | CVE-2014-0050 | Apache Commons FileUpload |
| 28. | CVE-2016-6515 | OpenSSH |
Crash the application
| Attack | Application | |
|---|---|---|
| 29. | CVE-2015-5477 | BIND |
| 30. | CVE-2016-7434 | NTP |
Escalate privilege level
| Attack | Application | |
|---|---|---|
| 31. | CVE-2017-12635 | CouchDB |