Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit300
Hikvision DVR RTSP Request Remote Code Execution
CVE-2014-488019 Nov 2014
Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote atta
60RISK
open
Metasploit500
HP Performance Monitoring xglance Priv Esc
CVE-2014-263019 Nov 2014
Unspecified vulnerability in HP Operations Agent 11.00, when Glance is used, allows local users to gain privileges via u
38RISK
open
Metasploit300
MS14-068 Microsoft Kerberos Checksum Validation Vulnerability
CVE-2014-6324HIGHunder attack18 Nov 2014
The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008
100RISK
open
Metasploit300
Cisco DLSw Information Disclosure Scanner
CVE-2014-799217 Nov 2014
The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensiti
23RISK
open
Metasploit400
MS14-064 Microsoft Internet Explorer Windows OLE Automation Array Remote Code Execution
CVE-2014-6332HIGHunder attack13 Nov 2014
OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows
100RISK
open
Metasploit600
MS14-064 Microsoft Windows OLE Package Manager Code Execution Through Python
CVE-2014-6352HIGHunder attack12 Nov 2014
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2
100RISK
open
Metasploit600
WordPress Photo Gallery Unrestricted File Upload
CVE-2014-931211 Nov 2014
Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.
50RISK
open
Metasploit400
Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory
CVE-2014-844011 Nov 2014
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on
60RISK
open
Metasploit200
MS14-070 Windows tcpip!SetAddrOptions NULL Pointer Dereference
CVE-2014-407611 Nov 2014
Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2)
43RISK
open
Metasploit300
ManageEngine Password Manager SQLAdvancedALSearchResult.cc Pro SQL Injection
CVE-2014-849908 Nov 2014
Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Servi
50RISK
open
Metasploit500
MantisBT XmlImportExport Plugin PHP Code Injection Vulnerability
CVE-2014-859808 Nov 2014
The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arb
50RISK
open
Metasploit500
MantisBT XmlImportExport Plugin PHP Code Injection Vulnerability
CVE-2014-714608 Nov 2014
The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a cr
50RISK
open
Metasploit300
i-FTP Schedule Buffer Overflow
CVE-2014-125114HIGH06 Nov 2014
i-Ftp 2.20 Schedule.xml Stack-Based Buffer Overflow
36RISK
open
Metasploit300
ManageEngine Eventlog Analyzer Managed Hosts Administrator Credential Disclosure
CVE-2014-603905 Nov 2014
ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed versio
50RISK
open
Metasploit300
ManageEngine Eventlog Analyzer Managed Hosts Administrator Credential Disclosure
CVE-2014-603805 Nov 2014
Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerabili
60RISK
open
Metasploit600
Visual Mining NetCharts Server Remote Code Execution
CVE-2014-851603 Nov 2014
Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary co
60RISK
open
Metasploit600
HP Data Protector 8.10 Remote Command Execution
CVE-2014-262302 Nov 2014
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown
60RISK
open
Metasploit600
tnftp "savefile" Arbitrary Command Execution
CVE-2014-851728 Oct 2014
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 thro
50RISK
open
Metasploit600
X7 Chat 2.0.5 lib/message.php preg_replace() PHP Code Execution
CVE-2014-899827 Oct 2014
lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a c
50RISK
open
Metasploit300
GNU Wget FTP Symlink Arbitrary Filesystem Access
CVE-2014-487727 Oct 2014
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to w
30RISK
open
Metasploit300
WildFly Directory Traversal
CVE-2014-781622 Oct 2014
Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.
23RISK
open
Metasploit600
Wordpress Creative Contact Form Upload Vulnerability
CVE-2014-873922 Oct 2014
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery
60RISK
open
Metasploit600
MS14-064 Microsoft Windows OLE Package Manager Code Execution
CVE-2014-6352HIGHunder attack21 Oct 2014
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2
100RISK
open
Metasploit600
Drupal HTTP Parameter Key/Value SQL Injection
CVE-2014-370415 Oct 2014
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct
60RISK
open
Metasploit600
Centreon SQL and Command Injection
CVE-2014-382815 Oct 2014
Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3
60RISK
open
Metasploit600
Centreon SQL and Command Injection
CVE-2014-382915 Oct 2014
displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remot
60RISK
open
Metasploit300
SSL/TLS Version Detection
CVE-2011-338914 Oct 2014
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefo
40RISK
open
Metasploit300
SSL/TLS Version Detection
CVE-2014-3566LOW14 Oct 2014
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which mak
45RISK
open
Metasploit500
Adobe Flash Player casi32 Integer Overflow
CVE-2014-056914 Oct 2014
Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and bef
60RISK
open
Metasploit300
SSL/TLS Version Detection
CVE-2022-335814 Oct 2014
Using a Custom Cipher with NID_undef may lead to NULL encryption
18RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.