Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit0
Google Chrome 72 and 73 Array.map exploit
CVE-2019-5825MEDIUMbajo ataque07 mar 2019
Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploi
90RIESGO
abrir
Metasploit400
Cisco RV110W/RV130(W)/RV215W Routers Management Interface Remote Command Execution
CVE-2019-1663CRITICAL27 feb 2019
Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability
85RIESGO
abrir
Metasploit600
elFinder PHP Connector exiftran Command Injection
CVE-2019-919426 feb 2019
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
60RIESGO
abrir
Metasploit300
Drupal RESTful Web Services unserialize() RCE
CVE-2019-6340HIGHbajo ataque20 feb 2019
Drupal core - Highly critical - Remote Code Execution
100RIESGO
abrir
Metasploit600
WordPress Crop-image Shell Upload
CVE-2019-894219 feb 2019
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry ca
60RIESGO
abrir
Metasploit600
WordPress Crop-image Shell Upload
CVE-2019-894319 feb 2019
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can
60RIESGO
abrir
Metasploit300
Total.js prior to 3.2.4 Directory Traversal
CVE-2019-890318 feb 2019
index.js in Total.js Platform before 3.2.3 allows path traversal.
40RIESGO
abrir
Metasploit600
RARLAB WinRAR ACE Format Input Validation Remote Code Execution
CVE-2018-20250HIGHbajo ataqueransomware05 feb 2019
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field o
100RIESGO
abrir
Metasploit300
OpenMRS Java Deserialization RCE
CVE-2018-19276CRITICAL04 feb 2019
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated use
85RIESGO
abrir
Metasploit600
Schneider Electric Pelco Endura NET55XX Encoder
CVE-2019-681425 ene 2019
A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 wh
50RIESGO
abrir
Metasploit300
Cisco RV320/RV326 Configuration Disclosure
CVE-2019-1653HIGHbajo ataque24 ene 2019
Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
100RIESGO
abrir
Metasploit300
Microsoft Exchange Privilege Escalation Exploit
CVE-2019-072421 ene 2019
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of
23RIESGO
abrir
Metasploit600
Webmin Upload Authenticated RCE
CVE-2019-962417 ene 2019
Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Dow
43RIESGO
abrir
Metasploit600
BMC Patrol Agent Privilege Escalation Cmd Execution
CVE-2018-2073517 ene 2019
An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for l
38RIESGO
abrir
Metasploit300
ES File Explorer Open Port
CVE-2019-644716 ene 2019
The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary fi
50RIESGO
abrir
Metasploit600
Jenkins ACL Bypass and Metaprogramming RCE
CVE-2019-100300108 ene 2019
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins
60RIESGO
abrir
Metasploit600
Jenkins ACL Bypass and Metaprogramming RCE
CVE-2019-100300508 ene 2019
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/
23RIESGO
abrir
Metasploit600
Jenkins ACL Bypass and Metaprogramming RCE
CVE-2019-1003029CRITICALbajo ataque08 ene 2019
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/
100RIESGO
abrir
Metasploit600
Jenkins ACL Bypass and Metaprogramming RCE
CVE-2019-100300208 ene 2019
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src
60RIESGO
abrir
Metasploit600
Jenkins ACL Bypass and Metaprogramming RCE
CVE-2018-1000861CRITICALbajo ataque08 ene 2019
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and ea
100RIESGO
abrir
Metasploit600
Jenkins ACL Bypass and Metaprogramming RCE
CVE-2019-100300008 ene 2019
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/
60RIESGO
abrir
Metasploit0
Docker Container Escape Via runC Overwrite
CVE-2019-573601 ene 2019
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc b
60RIESGO
abrir
Metasploit600
Mailcleaner Remote Code Execution
CVE-2018-2032319 dic 2018
www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitra
30RIESGO
abrir
Metasploit600
LibreNMS addhost Command Injection
CVE-2018-2043416 dic 2018
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to htm
60RIESGO
abrir
Metasploit600
ThinkPHP Multiple PHP Injection RCEs
CVE-2019-9082HIGHbajo ataque10 dic 2018
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public/
100RIESGO
abrir
Metasploit600
ThinkPHP Multiple PHP Injection RCEs
CVE-2018-20062CRITICALbajo ataque10 dic 2018
An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP
100RIESGO
abrir
Metasploit600
Cisco Prime Infrastructure Runrshell Privilege Escalation
CVE-2018-15439CRITICAL08 dic 2018
Cisco Small Business Switches Privileged Access Vulnerability
55RIESGO
abrir
Metasploit500
Linux Nested User Namespace idmap Limit Local Privilege Escalation
CVE-2018-1895515 nov 2018
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalat
38RIESGO
abrir
Metasploit600
Nagios XI Magpie_debug.php Root Remote Code Execution
CVE-2018-1571014 nov 2018
Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.
50RIESGO
abrir
Metasploit600
Nagios XI Magpie_debug.php Root Remote Code Execution
CVE-2018-1570814 nov 2018
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP r
60RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.