Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit600
Cisco AnyConnect Privilege Escalations (CVE-2020-3153 and CVE-2020-3433)
CVE-2020-3153MEDIUMbajo ataqueransomware05 ago 2020
Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability
83RIESGO
abrir
Metasploit500
Aerospike Database UDF Lua Code Execution
CVE-2020-1315131 jul 2020
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs)
60RIESGO
abrir
Metasploit600
Mida Solutions eFramework ajaxreq.php Command Injection
CVE-2020-1592024 jul 2020
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Executi
60RIESGO
abrir
Metasploit400
Moodle Teacher Enrollment Privilege Escalation to RCE
CVE-2020-1432120 jul 2020
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role wi
23RIESGO
abrir
Metasploit600
SharePoint DataSet / DataTable Deserialization
CVE-2020-1147HIGHbajo ataque14 jul 2020
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the softwar
100RIESGO
abrir
Metasploit600
Apache Airflow 1.10.10 - Example DAG Remote Code Execution
CVE-2020-11978HIGHbajo ataque14 jul 2020
An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was disco
100RIESGO
abrir
Metasploit600
Apache Airflow 1.10.10 - Example DAG Remote Code Execution
CVE-2020-13927CRITICALbajo ataque14 jul 2020
The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but th
100RIESGO
abrir
Metasploit300
SAP Unauthenticated WebService User Creation
CVE-2020-6287CRITICALbajo ataque14 jul 2020
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication c
100RIESGO
abrir
Metasploit600
Apache OFBiz XML-RPC Java Deserialization
CVE-2023-5146713 jul 2020
Apache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerability
60RIESGO
abrir
Metasploit600
Apache OFBiz XML-RPC Java Deserialization
CVE-2020-949613 jul 2020
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
60RIESGO
abrir
Metasploit600
Apache OFBiz XML-RPC Java Deserialization
CVE-2023-4907013 jul 2020
Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present
60RIESGO
abrir
Metasploit500
FreeBSD ip6_setpktopt Use-After-Free Privilege Escalation
CVE-2020-745707 jul 2020
In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 1
30RIESGO
abrir
Metasploit600
openSIS Unauthenticated PHP Code Execution
CVE-2020-1338330 jun 2020
openSIS through 7.4 allows Directory Traversal.
30RIESGO
abrir
Metasploit200
F5 BIG-IP TMUI Directory Traversal and File Upload RCE
CVE-2020-5902CRITICALbajo ataqueransomware30 jun 2020
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic
100RIESGO
abrir
Metasploit600
openSIS Unauthenticated PHP Code Execution
CVE-2020-1338130 jun 2020
openSIS through 7.4 allows SQL Injection.
30RIESGO
abrir
Metasploit600
openSIS Unauthenticated PHP Code Execution
CVE-2020-1338230 jun 2020
openSIS through 7.4 has Incorrect Access Control.
30RIESGO
abrir
Metasploit600
Rockwell FactoryTalk View SE SCADA Unauthenticated Remote Code Execution
CVE-2020-12028HIGH22 jun 2020
Rockwell Automation FactoryTalk View SE
48RIESGO
abrir
Metasploit600
Rockwell FactoryTalk View SE SCADA Unauthenticated Remote Code Execution
CVE-2020-12029CRITICAL22 jun 2020
Rockwell Automation FactoryTalk View SE
75RIESGO
abrir
Metasploit600
Rockwell FactoryTalk View SE SCADA Unauthenticated Remote Code Execution
CVE-2020-12027MEDIUM22 jun 2020
Rockwell Automation FactoryTalk View SE
40RIESGO
abrir
Metasploit600
ZenTao Pro 8.8.2 Remote Code Execution
CVE-2020-7361CRITICAL20 jun 2020
ZenTao Pro Command Injection
48RIESGO
abrir
Metasploit600
Cacti color filter authenticated SQLi to RCE
CVE-2020-1429517 jun 2020
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead
60RIESGO
abrir
Metasploit300
AnyDesk GUI Format String Write
CVE-2020-1316016 jun 2020
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execut
60RIESGO
abrir
Metasploit300
Netgear R6700v3 Unauthenticated LAN Admin Password Reset
CVE-2020-10924HIGH15 jun 2020
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700
58RIESGO
abrir
Metasploit300
Netgear R6700v3 Unauthenticated LAN Admin Password Reset
CVE-2020-10923MEDIUM15 jun 2020
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700
50RIESGO
abrir
Metasploit600
Inductive Automation Ignition Remote Code Execution
CVE-2020-1200411 jun 2020
The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior
23RIESGO
abrir
Metasploit600
Inductive Automation Ignition Remote Code Execution
CVE-2020-1064411 jun 2020
The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted dat
23RIESGO
abrir
Metasploit600
Trend Micro Web Security (Virtual Appliance) Remote Code Execution
CVE-2020-860410 jun 2020
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensi
40RIESGO
abrir
Metasploit600
Trend Micro Web Security (Virtual Appliance) Remote Code Execution
CVE-2020-860510 jun 2020
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitr
60RIESGO
abrir
Metasploit600
Trend Micro Web Security (Virtual Appliance) Remote Code Execution
CVE-2020-860610 jun 2020
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authent
40RIESGO
abrir
Metasploit600
Cayin xPost wayfinder_seqid SQLi to RCE
CVE-2020-7356CRITICAL04 jun 2020
Cayin xPost SQL Injection
48RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.