Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
4187 exploits
Nucleimedium
Elasticsearch - Local File Inclusion
Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, a
50RIESGO
abrir
Nucleihigh
ResourceSpace - Local File inclusion
Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote atta
18RIESGO
abrir
Nucleimedium
Bonita BPM Portal <6.5.3 - Local File Inclusion
Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via
43RIESGO
abrir
Nucleimedium
Symfony - Authentication Bypass
FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.1
18RIESGO
abrir
Nucleimedium
WordPress NewStatPress 0.9.8 - SQL Injection
SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remo
38RIESGO
abrir
Nucleilow
NewStatPress <0.9.9 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPres
38RIESGO
abrir
Nucleihigh
Joomla! Helpdesk Pro plugin <1.4.0 - Local File Inclusion
Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read ar
50RIESGO
abrir
Nucleimedium
WordPress Church Admin <0.810 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers t
38RIESGO
abrir
Nucleimedium
WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal
Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player)
43RIESGO
abrir
Nucleicritical
WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload
Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin
50RIESGO
abrir
Nucleihigh
Koha 3.20.1 - Directory Traversal
Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08
50RIESGO
abrir
Nucleimedium
Xceedium Xsuite <=2.4.4.5 - Local File Inclusion
Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attack
43RIESGO
abrir
Nucleimedium
Xsuite <=2.4.4.5 - Open Redirect
Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sit
38RIESGO
abrir
Nucleihigh
WordPress Zip Attachments <= 1.1.4 - Arbitrary File Retrieval
Directory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote
23RIESGO
abrir
Nucleimedium
Novius OS 5.0.1-elche - Open Redirect
Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites
43RIESGO
abrir
Nucleimedium
WordPress StageShow <5.0.9 - Open Redirect
Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for
18RIESGO
abrir
Nucleihigh
WordPress MDC YouTube Downloader 2.1.0 - Local File Inclusion
Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers t
23RIESGO
abrir
Nucleimedium
Swim Team <= v1.44.10777 - Local File Inclusion
Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allo
50RIESGO
abrir
Nucleimedium
ElasticSearch <1.6.1 - Local File Inclusion
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unsp
60RIESGO
abrir
Nucleimedium
Geddy <13.0.8 - Local File Inclusion
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read
18RIESGO
abrir
Nucleimedium
Nordex NC2 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in the Wind Farm Portal application in Nordex Control 2 (NC2) SCADA
33RIESGO
abrir
Nucleimedium
Combodo iTop <2.2.0-2459 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows
18RIESGO
abrir
Nucleimedium
WordPress sourceAFRICA <=0.1.3 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in js/window.php in the sourceAFRICA plugin 0.1.3 for WordPress allows remote a
18RIESGO
abrir
Nucleihigh
D-Link DVG-N5402SP - Local File Inclusion
Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remot
50RIESGO
abrir
Nucleihigh
Joomla! Core SQL Injection
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via un
60RIESGO
abrir
Nucleimedium
WordPress Pie-Register <2.0.19 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for W
18RIESGO
abrir
Nucleicritical
IBM WebSphere Java Object Deserialization - Remote Code Execution
CVE-2015-7450CRITICALbajo ataque
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and
100RIESGO
abrir
Nucleimedium
ManageEngine Firewall Analyzer <8.0 - Local File Inclusion
Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0.
23RIESGO
abrir
Nucleimedium
Kentico CMS 8.2 - Open Redirect
Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS 8.2 through 8.2.41 allows remote attackers to red
18RIESGO
abrir
Nucleimedium
SourceBans <2.0 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary
18RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.