Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,622cataloged exploits
32,030CVEs with public exploitation
1,932lab-tested
3,462 exploits
Metasploit600
Openfiler v2.x NetworkCard Command Execution
CVE-2012-10040CRITICAL04 Sep 2012
Openfiler v2.x NetworkCard Command Execution
63RISK
open
Metasploit400
HP SiteScope Remote Code Execution
CVE-2012-326029 Aug 2012
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbit
30RISK
open
Metasploit300
HP Intelligent Management Center UAM Buffer Overflow
CVE-2012-327429 Aug 2012
Stack-based buffer overflow in uam.exe in the User Access Manager (UAM) component in HP Intelligent Management Center (I
50RISK
open
Metasploit400
HP SiteScope Remote Code Execution
CVE-2012-326129 Aug 2012
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbit
30RISK
open
Metasploit300
EMC Networker Format String
CVE-2012-228829 Aug 2012
Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.
50RISK
open
Metasploit300
ActiveFax (ActFax) 4.3 Client Importer Buffer Overflow
CVE-2012-10043CRITICAL28 Aug 2012
ActFax 4.32 Client Importer Buffer Overflow
43RISK
open
Metasploit600
Symantec Messaging Gateway 9.5 Default SSH Password Vulnerability
CVE-2012-357927 Aug 2012
Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier fo
50RISK
open
Metasploit600
Java 7 Applet Remote Code Execution
CVE-2012-4681CRITICALunder attackransomware26 Aug 2012
Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow
100RISK
open
Metasploit600
XODA 0.4.5 Arbitrary PHP File Upload Vulnerability
CVE-2012-10045CRITICAL21 Aug 2012
XODA 0.4.5 Arbitrary PHP File Upload
63RISK
open
Metasploit600
E-Mail Security Virtual Appliance learn-msg.cgi Command Injection
CVE-2012-10046CRITICAL16 Aug 2012
E-Mail Security Virtual Appliance learn-msg.cgi Command Injection
63RISK
open
Metasploit600
TestLink v1.9.3 Arbitrary File Upload Vulnerability
CVE-2012-093813 Aug 2012
Multiple SQL injection vulnerabilities in TestLink 1.9.3, 1.8.5b, and earlier allow remote authenticated users with cert
18RISK
open
Metasploit600
Viscosity setuid-set ViscosityHelper Privilege Escalation
CVE-2012-428412 Aug 2012
A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the se
50RISK
open
Metasploit600
WAN Emulator v2.3 Command Execution
CVE-2012-10041CRITICAL12 Aug 2012
WAN Emulator v2.3 Command Execution
63RISK
open
Metasploit600
Setuid Tunnelblick Privilege Escalation
CVE-2012-348511 Aug 2012
Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname o
38RISK
open
Metasploit600
MobileCartly 1.0 Arbitrary File Creation Vulnerability
CVE-2012-10044CRITICAL10 Aug 2012
MobileCartly 1.0 savepage.php Arbitrary File Creation
63RISK
open
Metasploit300
Adobe Flash Player 11.3 Kern Table Parsing Integer Overflow
CVE-2012-1535HIGHunder attack09 Aug 2012
Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on L
100RISK
open
Metasploit600
Cyclope Employee Surveillance Solution v6 SQL Injection
CVE-2012-10047CRITICAL08 Aug 2012
Cyclope Employee Surveillance Solution v6.x SQL Injection
43RISK
open
Metasploit400
Zenoss 3 showDaemonXMLConfig Command Execution
CVE-2012-10048HIGH30 Jul 2012
Zenoss 3.x showDaemonXMLConfig Command Execution
36RISK
open
Metasploit300
Ubisoft uplay 2.0.3 ActiveX Control Arbitrary Code Execution
CVE-2012-417729 Jul 2012
The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote attackers to execute arbitrary programs via the -
50RISK
open
Metasploit300
Sysax Multi Server 5.64 Create Folder Buffer Overflow
CVE-2012-653029 Jul 2012
Stack-based buffer overflow in Sysax Multi Server before 5.52, when HTTP is enabled, allows remote authenticated users w
50RISK
open
Metasploit600
Plixer Scrutinizer NetFlow and sFlow Analyzer 9 Default MySQL Credential
CVE-2012-395127 Jul 2012
The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default passwor
50RISK
open
Metasploit300
Plixer Scrutinizer NetFlow and sFlow Analyzer HTTP Authentication Bypass
CVE-2012-262627 Jul 2012
cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not requir
50RISK
open
Metasploit600
CuteFlow v2.11.2 Arbitrary File Upload Vulnerability
CVE-2012-10050CRITICAL27 Jul 2012
CuteFlow <= 2.11.2 Arbitrary File Upload RCE
63RISK
open
Metasploit600
Symantec Web Gateway 5.0.2.18 pbcontrol.php Command Injection
CVE-2012-295323 Jul 2012
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary comman
50RISK
open
Metasploit600
Dell SonicWALL (Plixer) Scrutinizer 9 SQL Injection
CVE-2012-296222 Jul 2012
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2
50RISK
open
Metasploit300
Simple Web Server Connection Header Buffer Overflow
CVE-2012-10053CRITICAL20 Jul 2012
Simple Web Server Connection Header Buffer Overflow
63RISK
open
Metasploit300
Cisco Linksys PlayerPT ActiveX Control SetSource sURL Argument Buffer Overflow
CVE-2012-028417 Jul 2012
Stack-based buffer overflow in the SetSource method in the Cisco Linksys PlayerPT ActiveX control 1.0.0.15 in PlayerPT.o
50RISK
open
Metasploit600
WebPageTest Arbitrary PHP File Upload
CVE-2012-10049CRITICAL13 Jul 2012
WebPageTest Arbitrary PHP File Upload RCE
63RISK
open
Metasploit300
WebPageTest Directory Traversal
CVE-2019-1719913 Jul 2012
www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of
18RISK
open
Metasploit300
HP Operations Agent Opcode coda.exe 0x34 Buffer Overflow
CVE-2012-201909 Jul 2012
Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via u
50RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.