CWE-508 - Non-Replicating Malicious Code

Home/CWEs/CWE info/

CWE-508

Abstraction:
Base

Structure:
Simple

Status:
Incomplete

Weakness Name: Non-Replicating Malicious Code

Description: Non-replicating malicious code only resides on the target system or product that is attacked; it does not attempt to spread to other systems.

Common Consequences: Scope: Confidentiality, Integrity, Availability
Impact: Execute Unauthorized Code or Commands

Related Weaknesses: CWE-507Trojan Horse

Release Date:
2006-07-19

Latest Modification Date:
2024-07-16

Latest Security News

North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS

A Hacker's Guide to Password Cracking

5 Most Common Malware Techniques in 2024

SteelFox and Rhadamanthys Malware Use Copyright Scams, Driver Exploits to Target Victims

China-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 Bait

Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418)

Malicious PyPI Package ‘Fabrice’ Found Stealing AWS Keys from Thousands of Developers

Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems

Common Alerts

MediumDirectory Browsing

LowPrivate IP Disclosure

LowStrict-Transport-Security Max-Age Malformed (Non-compliant with Spec)

HighSession Fixation

MediumSource Code Disclosure - SVN

HighXPath Injection

LowStrict-Transport-Security Defined via META (Non-compliant with Spec)

HighViewstate without MAC Signature (Unsure)

HighASP.NET ViewState Integrity

MediumAnti-CSRF Tokens Check

Top CVE List

CVE-2024-38094 Microsoft SharePoint Deserialization Vulnerability

CVE-2022-3075 Google Chromium Mojo Insufficient Data Validation Vulnerability

CVE-2024-8957 PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability

CVE-2024-37383 RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability

CVE-2024-20481 Cisco ASA and FTD Denial-of-Service Vulnerability

CVE-2024-8956 PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability

CVE-2020-3452 Cisco ASA and FTD Read-Only Path Traversal Vulnerability

CVE-2020-3837 Apple Multiple Products Memory Corruption Vulnerability

CVE-2021-34486 Microsoft Windows Event Tracing Privilege Escalation Vulnerability

CVE-2022-22948 VMware vCenter Server Incorrect Default File Permissions Vulnerability

Top CWE List

CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

MediumCWE-250 Execution with Unnecessary Privileges

CWE-328 Use of Weak Hash

CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')

HighCWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-1426 Improper Validation of Generative AI Output

HighCWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CWE-290 Authentication Bypass by Spoofing

CWE-350 Reliance on Reverse DNS Resolution for a Security-Critical Action

MediumCWE-353 Missing Support for Integrity Check

Free security scan for your website

Don't show website scan report rating on the leaderboard

CWE-508 - Non-Replicating Malicious Code

Non-replicating malicious code only resides on the target system or product that is attacked; it does not attempt to spread to other systems.