Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit300
URGENT/11 Scanner, Based on Detection Tool by Armis
CVE-2019-1225809 ago 2019
Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: Do
23RIESGO
abrir
Metasploit600
Nagios XI Prior to 5.6.6 getprofile.sh Authenticated Remote Command Execution
CVE-2019-15949HIGHbajo ataque29 jul 2019
Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios
100RIESGO
abrir
Metasploit300
LibreOffice Macro Python Code Execution
CVE-2019-985116 jul 2019
LibreLogo global-event script execution
60RIESGO
abrir
Metasploit600
LibreNMS Collectd Command Injection
CVE-2019-1066915 jul 2019
An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/dev
60RIESGO
abrir
Metasploit600
D-Link Central WiFi Manager CWM(100) RCE
CVE-2019-1337209 jul 2019
/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote atta
40RIESGO
abrir
Metasploit300
D-Link Central WiFiManager SQL injection
CVE-2019-1337306 jul 2019
An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validate
30RIESGO
abrir
Metasploit0
Docker-Credential-Wincred.exe Privilege Escalation
CVE-2019-15752HIGHbajo ataque05 jul 2019
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c
91RIESGO
abrir
Metasploit600
Linux Polkit pkexec helper PTRACE_TRACEME local root exploit
CVE-2019-13272HIGHbajo ataque04 jul 2019
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a proce
98RIESGO
abrir
Metasploit300
Cisco Data Center Network Manager Unauthenticated File Download
CVE-2019-1621HIGH26 jun 2019
Cisco Data Center Network Manager Arbitrary File Download Vulnerability
41RIESGO
abrir
Metasploit600
Cisco Data Center Network Manager Unauthenticated Remote Code Execution
CVE-2019-1622MEDIUM26 jun 2019
Cisco Data Center Network Manager Information Disclosure Vulnerability
70RIESGO
abrir
Metasploit600
Cisco Data Center Network Manager Unauthenticated Remote Code Execution
CVE-2019-1619CRITICAL26 jun 2019
Cisco Data Center Network Manager Authentication Bypass Vulnerability
85RIESGO
abrir
Metasploit600
Cisco Data Center Network Manager Unauthenticated Remote Code Execution
CVE-2019-1620CRITICAL26 jun 2019
Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability
85RIESGO
abrir
Metasploit300
Cisco Data Center Network Manager Unauthenticated File Download
CVE-2019-1619CRITICAL26 jun 2019
Cisco Data Center Network Manager Authentication Bypass Vulnerability
85RIESGO
abrir
Metasploit600
FusionPBX Operator Panel exec.php Command Execution
CVE-2019-1140906 jun 2019
app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerabili
60RIESGO
abrir
Metasploit600
Serv-U FTP Server prepareinstallation Privilege Escalation
CVE-2019-1218105 jun 2019
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.
50RIESGO
abrir
Metasploit600
Exim 4.87 - 4.91 Local Privilege Escalation
CVE-2019-10149CRITICALbajo ataque05 jun 2019
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message(
100RIESGO
abrir
Metasploit300
Supra Smart Cloud TV Remote File Inclusion
CVE-2019-1247703 jun 2019
Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcas
43RIESGO
abrir
Metasploit600
Ahsay Backup v7.x-v8.1.1.50 (authenticated) file upload
CVE-2019-1026701 jun 2019
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to
60RIESGO
abrir
Metasploit600
Atlassian Crowd pdkinstall Unauthenticated Plugin Upload RCE
CVE-2019-11580CRITICALbajo ataqueransomware22 may 2019
Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attac
100RIESGO
abrir
Metasploit300
OpenEMR 5.0.1 Patch 6 SQLi Dump
CVE-2018-1717917 may 2019
An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL Injection in the make_task function in /interface/
23RIESGO
abrir
Metasploit600
ATutor 2.2.4 - Directory Traversal / Remote Code Execution,
CVE-2019-1216917 may 2019
ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathnam
40RIESGO
abrir
Metasploit600
Webmin Package Updates Remote Command Execution
CVE-2019-1284016 may 2019
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root pr
60RIESGO
abrir
Metasploit600
DLINK DWL-2600 Authenticated Remote Command Injection
CVE-2019-2049915 may 2019
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Config
60RIESGO
abrir
Metasploit600
Cisco Prime Infrastructure Health Monitor TarArchive Directory Traversal Vulnerability
CVE-2019-1821HIGH15 may 2019
Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities
78RIESGO
abrir
Metasploit600
IBM Websphere Application Server Network Deployment Untrusted Data Deserialization Remote Code Execution
CVE-2019-4279CRITICAL15 may 2019
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with
85RIESGO
abrir
Metasploit300
CVE-2019-0708 BlueKeep Microsoft Remote Desktop RCE Check
CVE-2019-0708CRITICALbajo ataqueransomware14 may 2019
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unau
100RIESGO
abrir
Metasploit0
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
CVE-2019-0708CRITICALbajo ataqueransomware14 may 2019
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unau
100RIESGO
abrir
Metasploit600
Shopware createInstanceFromNamedArguments PHP Object Instantiation RCE
CVE-2019-12799MEDIUM09 may 2019
In createInstanceFromNamedArguments in Shopware through 5.6.x, a crafted web request can trigger a PHP object instantiat
40RIESGO
abrir
Metasploit600
Shopware createInstanceFromNamedArguments PHP Object Instantiation RCE
CVE-2017-1835709 may 2019
Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of t
43RIESGO
abrir
Metasploit600
Barco WePresent file_transfer.cgi Command Injection
CVE-2019-3929CRITICALbajo ataque30 abr 2019
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Ba
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.