Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit300
Firebird Relational Database CNCT Group Number Buffer Overflow
CVE-2013-249231 Jan 2013
Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windo
50RISK
open
Metasploit300
Novell GroupWise Client gwcls1.dll ActiveX Remote Code Execution
CVE-2012-043930 Jan 2013
An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows r
50RISK
open
Metasploit300
Portable UPnP SDK unique_service_name() Remote Code Execution
CVE-2012-595829 Jan 2013
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable
60RISK
open
Metasploit600
Ruby on Rails JSON Processor YAML Deserialization Code Execution
CVE-2013-033328 Jan 2013
lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly
60RISK
open
Metasploit300
Ruby on Rails Devise Authentication Password Reset
CVE-2013-023328 Jan 2013
Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certa
23RISK
open
Metasploit600
DataLife Engine preview.php PHP Code Injection
CVE-2013-141228 Jan 2013
DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/pr
50RISK
open
Metasploit600
ZoneMinder Video Server packageControl Command Execution
CVE-2013-023222 Jan 2013
includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitra
50RISK
open
Metasploit300
GE Proficy Cimplicity WebView substitute.bcl Directory Traversal
CVE-2013-065322 Jan 2013
Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy
23RISK
open
Metasploit600
Java Applet JMX Remote Code Execution
CVE-2013-0431MEDIUMunder attackransomware19 Jan 2013
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and Ope
100RISK
open
Metasploit0
Linksys WRT54GL apply.cgi Command Execution
CVE-2005-279918 Jan 2013
Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote
60RISK
open
Metasploit600
EMC AlphaStor Device Manager Opcode 0x75 Command Injection
CVE-2013-092818 Jan 2013
The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote
50RISK
open
Metasploit300
Cool PDF Image Stream Buffer Overflow
CVE-2012-491418 Jan 2013
Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256 allows remote attackers to execute arbitrary code via a P
43RISK
open
Metasploit300
Polycom Command Shell Authorization Bypass
CVE-2012-661018 Jan 2013
Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitra
23RISK
open
Metasploit300
Linksys WRT54GL Remote Command Execution
CVE-2023-31742HIGH18 Jan 2013
There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attack
36RISK
open
Metasploit600
PHP-Charts v1.0 PHP Code Execution Vulnerability
CVE-2013-10070CRITICAL16 Jan 2013
PHP-Charts v1.0 PHP Code Execution
63RISK
open
Metasploit600
Java Applet JMX Remote Code Execution
CVE-2013-0422CRITICALunder attackransomware10 Jan 2013
Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using
100RISK
open
Metasploit600
Java Applet Reflection Type Confusion Remote Code Execution
CVE-2013-2423LOWunder attack10 Jan 2013
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and
95RISK
open
Metasploit600
Java Applet Driver Manager Privileged toString() Remote Code Execution
CVE-2013-148810 Jan 2013
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remo
60RISK
open
Metasploit300
BigAnt Server 2 SCH And DUPF Buffer Overflow
CVE-2012-627509 Jan 2013
Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft BigAnt IM Message Server allow remote attackers to have
50RISK
open
Metasploit600
BigAnt Server DUPF Command Arbitrary File Upload
CVE-2012-627409 Jan 2013
BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to
50RISK
open
Metasploit300
Firefox XMLSerializer Use After Free
CVE-2013-075308 Jan 2013
Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox b
50RISK
open
Metasploit600
Firefox 17.0.1 Flash Privileged Code Injection
CVE-2013-075708 Jan 2013
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbi
50RISK
open
Metasploit600
Firefox 17.0.1 Flash Privileged Code Injection
CVE-2013-075808 Jan 2013
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderb
60RISK
open
Metasploit300
Foxit Reader Plugin URL Processing Buffer Overflow
CVE-2013-10068CRITICAL07 Jan 2013
Foxit Reader <= 5.4.5.0114 Plugin URL Processing Buffer Overflow
43RISK
open
Metasploit600
Ruby on Rails XML Processor YAML Deserialization Code Execution
CVE-2013-015607 Jan 2013
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, an
60RISK
open
Metasploit600
Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution
CVE-2013-020907 Jan 2013
lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for reque
50RISK
open
Metasploit600
Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution
CVE-2012-631507 Jan 2013
15RISK
open
Metasploit300
WordPress Plugin Google Document Embedder Arbitrary File Disclosure
CVE-2012-491503 Jan 2013
Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers t
50RISK
open
Metasploit300
Simple Web Server 2.3-RC1 Directory Traversal
CVE-2002-186403 Jan 2013
Directory traversal vulnerability in Simple Web Server (SWS) 0.0.4 through 0.1.0 allows remote attackers to read arbitra
23RISK
open
Metasploit600
eXtplorer v2.1 Arbitrary File Upload Vulnerability
CVE-2012-671031 Dec 2012
ext_find_user in eXtplorer through 2.1.2 allows remote attackers to bypass authentication via a password[]= (aka an empt
23RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.