Information security - security professional name | CVE | rce | POC | Vul | 0day

CVE

CVE Our English full name is “Common Vulnerabilities & Exposures” Universal Loophole Disclosure .CVE It's like a dictionary table , For widely recognized Information security Vulnerabilities or weaknesses that have been exposed give a public name . Use a common name , It can help users evaluate vulnerabilities in their independent vulnerability databases Tools Data sharing in , Although these tools are difficult to integrate . So that makes CVE It has become the of security information sharing “ keyword ”. If in a vulnerability report To specify A loophole in , If there is CVE name , You can do it quickly in any other CVE Find the corresponding patching information in the compatible database , Solve security problem .

RCE

Full name ：remote command/code execute

Remote code execution （RCE） It is a kind of software security defect / Loophole .RCE The vulnerability will allow malicious actors to pass LAN、WAN or Internet Execute any code of your choice on the remote computer .RCE Belongs to the broader arbitrary code execution （ACE） Vulnerability categories . However , With the popularization of the Internet ,RCE The impact of the vulnerability has expanded rapidly . therefore ,RCEs Now it could be ACE The most important type of vulnerability .

POC

Full name ：Proof of Concept, It means to provide evidence for opinions
Just evidence , Prove that the vulnerability exists , But not by means , Can't be used directly .

POC In the hacker world, it refers to the verification program ;

VUL

VUL,Vulnerability Abbreviation , A loophole .
 

EXP

EXP,Exploit, in ⽂ intend “ Loopholes benefit ⽤”.

intend ⼀ How to benefit from loopholes ⽤ Or ⼀ Individual performance ⽰ Vulnerability attack code , It can make readers fully understand the mechanism and benefits of vulnerabilities ⽤ Of ⽅ Law .

0DAY Loopholes and 0DAY attack

In the field of computer

zero ⽇ Vulnerability or zero time difference vulnerability （ English ：Zero-dayexploit） This usually refers to a security hole that has not been patched ;

⽽ zero ⽇ Attack or zero time difference attack （ English ：Zero-dayattack） It means profit ⽤ This loophole goes into ⾏ The attack of .

Provide details of the vulnerability or benefit ⽤ programmatic ⼈ It is usually the discoverer of the vulnerability .

zero ⽇ The benefit of loopholes ⽤ Program pair ⽹ Network security has great ⼤ threat , So zero ⽇ Loopholes are not only ⿊ My favorite , Master how many zeros ⽇ Vulnerabilities also become evaluation ⿊ Guest technology ⽔ Flat ⼀ An important parameter .
zero ⽇ Loopholes and their benefits ⽤ Code is not only for crime ⿊ customer ⽽⾔, Have pole ⾼ Benefits of ⽤ value ,⼀ Some state spies and ⽹ The army , For example, the national security agency and the United States ⽹ War command also ⾮ Always pay attention to this information .

According to Reuters report, the US government is zero ⽇ Loophole ⿊ The most ⼤ buyers .