Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit600
GetSimpleCMS Unauthenticated RCE
CVE-2019-1123128 abr 2019
An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows
60RIESGO
abrir
Metasploit600
Moodle Admin Shell Upload
CVE-2019-1163128 abr 2019
15RIESGO
abrir
Metasploit600
WP Database Backup RCE
CVE-2019-25224CRITICAL24 abr 2019
WP Database Backup < 5.2 - Unauthenticated OS Command Injection
68RIESGO
abrir
Metasploit600
Pulse Secure VPN Arbitrary Command Execution
CVE-2019-11539HIGHbajo ataqueransomware24 abr 2019
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1R
100RIESGO
abrir
Metasploit300
Pulse Secure VPN Arbitrary File Disclosure
CVE-2019-11510CRITICALbajo ataqueransomware24 abr 2019
In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthent
100RIESGO
abrir
Metasploit600
Oracle Weblogic Server Deserialization RCE - AsyncResponseService
CVE-2019-2725HIGHbajo ataqueransomware23 abr 2019
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supporte
100RIESGO
abrir
Metasploit600
SmarterTools SmarterMail less than build 6985 - .NET Deserialization Remote Code Execution
CVE-2019-721417 abr 2019
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker co
60RIESGO
abrir
Metasploit300
Spring Cloud Config Server Directory Traversal
CVE-2019-379917 abr 2019
Directory Traversal with spring-cloud-config-server
60RIESGO
abrir
Metasploit300
Oracle Application Testing Suite Post-Auth DownloadServlet Directory Traversal
CVE-2019-255716 abr 2019
Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponen
18RIESGO
abrir
Metasploit300
Remote Mouse RCE
CVE-2022-3365CRITICAL15 abr 2019
Emote Interactive Remote Mouse Server command injection due to weak encoding
63RIESGO
abrir
Metasploit600
Kentico CMS Staging SyncServer Unserialize Remote Command Execution
CVE-2019-10068CRITICALbajo ataque15 abr 2019
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions
100RIESGO
abrir
Metasploit600
Mac OS X TimeMachine (tmdiagnose) Command Injection Privilege Escalation
CVE-2019-851313 abr 2019
This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to
38RIESGO
abrir
Metasploit600
Mac OS X Feedback Assistant Race Condition
CVE-2019-856513 abr 2019
A race condition was addressed with additional validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A mali
43RIESGO
abrir
Metasploit600
Apache Tomcat CGIServlet enableCmdLineArguments Vulnerability
CVE-2019-023210 abr 2019
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0
60RIESGO
abrir
Metasploit300
AppXSvc Hard Link Privilege Escalation
CVE-2019-0841HIGHbajo ataqueransomware09 abr 2019
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard li
98RIESGO
abrir
Metasploit300
WordPress Google Maps Plugin SQL Injection
CVE-2019-1069202 abr 2019
In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize
40RIESGO
abrir
Metasploit600
AwindInc SNMP Service Command Injection
CVE-2017-1670927 mar 2019
Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote
60RIESGO
abrir
Metasploit600
AIS logistics ESEL-Server Unauth SQL Injection RCE
CVE-2019-1012327 mar 2019
SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which is the backend for the AIS logistics mobile app)
50RIESGO
abrir
Metasploit300
CMS Made Simple Authenticated RCE via object injection
CVE-2019-905526 mar 2019
An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php an
23RIESGO
abrir
Metasploit600
Atlassian Confluence Widget Connector Macro Velocity Template Injection
CVE-2019-3396CRITICALbajo ataqueransomware25 mar 2019
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from vers
100RIESGO
abrir
Metasploit600
Horde Form File Upload Vulnerability
CVE-2019-985824 mar 2019
Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulner
23RIESGO
abrir
Metasploit0
Chrome 72.0.3626.119 FileReader UaF exploit for Windows 7 x86
CVE-2019-5786MEDIUMbajo ataque21 mar 2019
Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform
90RIESGO
abrir
Metasploit600
PostgreSQL COPY FROM PROGRAM Command Execution
CVE-2019-919320 mar 2019
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_serve
60RIESGO
abrir
Metasploit300
IBM BigFix Relay Server Sites and Package Enum
CVE-2019-4061MEDIUM18 mar 2019
IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the upd
33RIESGO
abrir
Metasploit600
Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability
CVE-2019-542013 mar 2019
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess th
60RIESGO
abrir
Metasploit600
Zimbra Collaboration Autodiscover Servlet XXE and ProxyServlet SSRF
CVE-2019-9621HIGHbajo ataque13 mar 2019
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x b
100RIESGO
abrir
Metasploit600
Zimbra Collaboration Autodiscover Servlet XXE and ProxyServlet SSRF
CVE-2019-9670CRITICALbajo ataque13 mar 2019
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XX
100RIESGO
abrir
Metasploit300
Microsoft Windows NtUserMNDragOver Local Privilege Elevation
CVE-2019-0808HIGHbajo ataque12 mar 2019
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
98RIESGO
abrir
Metasploit300
CMS Made Simple (CMSMS) Showtime2 File Upload RCE
CVE-2019-969211 mar 2019
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard
50RIESGO
abrir
Metasploit300
Pimcore Unserialize RCE
CVE-2019-1086711 mar 2019
An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/c
50RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.