Hackers want to make someone else’s program do something that the hacker wants.

Normally the program does something the programmer wanted it to do. But if the programmer makes a mistake, certain inputs can cause problems. Usually when the program has problems, it crashes, or provides wrong output, or whatever. Something random.

But if a hacker knows this bug, and that bug can cause the program to do something the hacker wants… Out of all the possible random things that could happen, some of those things might be useful.

There is another type. Programs typically have separate parts. If one part has an output and another part has an input. You may be able to figure out how to skip one part of the program and provide inputs directly to where you want it. A classic example of this is the pay telephone boxes. Normally you put in a coin and it makes noises. But you can bring your own noisemaker, pick up the phone, and avoid paying for it.

There are a bunch of other vulnerabilities. Timing vulnerabilities. Vulnerabilities related to leaking keys. Emulation is similar but is related to the supplanted input type. Hackers may even use several of these, or even phishing or other social attacks to get what they want.