Injection exploits

type of code injection, used to attack vulnerable data-driven software applications

type of computer security vulnerability typically found in web applications

security bug in the Unix Bash shell

Shellcode is executable code intended to be used as a payload for exploiting a software vulnerability. The term includes shell because the attack originally described an attack that opens a command shell that the attacker can use to control the target machine, but any code that is injected to gain access that is otherwise not allowed can be called shellcode. For this reason, some consider the name shellcode to be inaccurate.

class of exploits in which a vulnerable computer program misinterprets data as code

an attacker's ability to run any commands or code of the attacker's choice on a target machine or in a target process

Log4Shell (CVE-2021-44228) is a vulnerability reported in November 2021 in Log4j, a popular Java logging framework, involving arbitrary code execution and exploited as a zero-day vulnerability. The vulnerability had existed unnoticed since 2013 and was privately disclosed to the Apache Software Foundation, of which Log4j is a project, by Chen Zhaojun of Alibaba Cloud's security team on 24 November 2021.

Type of web vulnerability

computer security attack against language-processing systems

Cyber attack management for Metasploit

security violation technique using web email forms