Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit300
OpenSSL DTLS Fragment Buffer Overflow DoS
CVE-2014-019505 Jun 2014
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0
40RISK
open
Metasploit0
Chkrootkit Local Privilege Escalation
CVE-2014-047604 Jun 2014
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute a
38RISK
open
Metasploit300
Ericom AccessNow Server Buffer Overflow
CVE-2014-391302 Jun 2014
Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrar
50RISK
open
Metasploit300
Yokogawa CS3000 BKFSim_vhfd.exe Buffer Overflow
CVE-2014-388823 May 2014
Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM V
50RISK
open
Metasploit300
D-Link info.cgi POST Request Buffer Overflow
CVE-2014-125117CRITICAL22 May 2014
D-Link info.cgi POST Request Stack-Based Buffer Overflow RCE
63RISK
open
Metasploit300
Easy File Management Web Server Stack Buffer Overflow
CVE-2014-379120 May 2014
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code
60RISK
open
Metasploit300
D-Link HNAP Request Remote Buffer Overflow
CVE-2014-393615 May 2014
Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06
60RISK
open
Metasploit600
Symantec Workspace Streaming ManagementAgentServer.putFile XMLRPC Request Arbitrary File Upload
CVE-2014-164912 May 2014
The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functional
50RISK
open
Metasploit300
Belkin Play N750 login.cgi Buffer Overflow
CVE-2014-163509 May 2014
Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote a
50RISK
open
Metasploit300
AlienVault Authenticated SQL Injection Arbitrary File Read
CVE-2014-538309 May 2014
SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL
43RISK
open
Metasploit600
AlienVault OSSIM av-centerd Command Injection
CVE-2014-380405 May 2014
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a
60RISK
open
Metasploit600
Android 'Towelroot' Futex Requeue Kernel Exploit
CVE-2014-3153HIGHunder attack03 May 2014
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two diff
98RISK
open
Metasploit0
Cogent DataHub Command Injection
CVE-2014-378929 Apr 2014
GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary
50RISK
open
Metasploit300
Wireshark CAPWAP Dissector DoS
CVE-2013-407428 Apr 2014
The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.
50RISK
open
Metasploit500
Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free
CVE-2015-0311HIGHunder attack28 Apr 2014
Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Window
100RISK
open
Metasploit500
Adobe Flash Player Shader Buffer Overflow
CVE-2014-051528 Apr 2014
Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS
60RISK
open
Metasploit600
AlienVault OSSIM SQL Injection and Remote Code Execution
CVE-2016-858124 Apr 2014
A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5
43RISK
open
Metasploit600
Oracle Event Processing FileUploadServlet Arbitrary File Upload
CVE-2014-242421 Apr 2014
Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7.0 allows remote
50RISK
open
Metasploit500
Adobe Flash Player domainMemory ByteArray Use After Free
CVE-2015-035914 Apr 2014
Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and
60RISK
open
Metasploit400
Adobe Reader for Android addJavascriptInterface Exploit
CVE-2014-051413 Apr 2014
The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows r
60RISK
open
Metasploit300
Cisco ASA SSL VPN Privilege Escalation Vulnerability
CVE-2014-212709 Apr 2014
Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 be
23RISK
open
Metasploit600
Sophos Web Protection Appliance Interface Authenticated Arbitrary Command Execution
CVE-2014-285008 Apr 2014
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrator
50RISK
open
Metasploit600
Sophos Web Protection Appliance Interface Authenticated Arbitrary Command Execution
CVE-2014-284908 Apr 2014
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users
50RISK
open
Metasploit300
Advantech WebAccess DBVisitor.dll ChartThemeConfig SQL Injection
CVE-2014-076308 Apr 2014
Advantech WebAccess SQL Injection
41RISK
open
Metasploit300
OpenSSL Heartbeat (Heartbleed) Information Leak
CVE-2014-0160HIGHunder attack07 Apr 2014
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe
100RISK
open
Metasploit300
OpenSSL Heartbeat (Heartbleed) Client Memory Exposure
CVE-2014-0160HIGHunder attack07 Apr 2014
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe
100RISK
open
Metasploit600
eScan Web Management Console Command Injection
CVE-2014-125118CRITICAL04 Apr 2014
eScan 5.5-2 Web Management Console Command Injection
63RISK
open
Metasploit600
Belkin Wemo UPnP Remote Code Execution
CVE-2019-1278004 Apr 2014
The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetS
40RISK
open
Metasploit300
MS14-017 Microsoft Word RTF Object Confusion
CVE-2014-1761HIGHunder attack01 Apr 2014
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Offi
100RISK
open
Metasploit300
EMC CTA v10.0 Unauthenticated XXE Arbitrary File Read
CVE-2014-064431 Mar 2014
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login reques
50RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.