Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
22.469 exploits
Exploit-DB
RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
CVE-2021-3003022 abr 2021
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name field on register-patient.php.
23RIESGO
abrir
Exploit-DB
RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
CVE-2021-3003422 abr 2021
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons field on patients/register-report.php.
23RIESGO
abrir
Exploit-DB
RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
CVE-2021-3003922 abr 2021
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Fever" or "Blood Pressure" field on the patients/register-repo
23RIESGO
abrir
Exploit-DB
RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
CVE-2021-3132722 abr 2021
Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Field.
23RIESGO
abrir
Exploit-DB
RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
CVE-2021-3132922 abr 2021
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Chat" and "Personal Address" field on staff/register.php
23RIESGO
abrir
Exploit-DB
Adtran Personal Phone Manager 10.8.1 - 'Multiple' Reflected Cross-Site Scripting (XSS)
CVE-2021-2568021 abr 2021
The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These
23RIESGO
abrir
Exploit-DB
Multilaser Router RE018 AC1200 - Cross-Site Request Forgery (Enable Remote Access)
CVE-2021-3115221 abr 2021
Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can ena
23RIESGO
abrir
Exploit-DB
Adtran Personal Phone Manager 10.8.1 - 'emailAddress' Stored Cross-Site Scripting (XSS)
CVE-2021-2567921 abr 2021
The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. T
23RIESGO
abrir
Exploit-DB
Adtran Personal Phone Manager 10.8.1 - DNS Exfiltration
CVE-2021-2568121 abr 2021
AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. T
28RIESGO
abrir
Exploit-DB
RemoteClinic 2 - 'Multiple' Cross-Site Scripting (XSS)
CVE-2021-3004421 abr 2021
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or Last Name field on staff/register.php.
23RIESGO
abrir
Exploit-DB
GravCMS 1.10.7 - Unauthenticated Arbitrary File Write (Metasploit)
CVE-2021-21425CRITICAL21 abr 2021
Unauthenticated Arbitrary YAML Write/Update leads to Code Execution
85RIESGO
abrir
Exploit-DB
Horde Groupware Webmail 5.2.22 - Stored XSS
CVE-2021-2692915 abr 2021
An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library befor
23RIESGO
abrir
Exploit-DB
htmly 2.8.0 - 'description' Stored Cross-Site Scripting (XSS)
CVE-2021-3063715 abr 2021
htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Description to config.html.php.
23RIESGO
abrir
Exploit-DB
Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting (XSS)
CVE-2020-1550015 abr 2021
An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected u
43RIESGO
abrir
Exploit-DB
jQuery 1.0.3 - Cross-Site Scripting (XSS)
CVE-2020-11023MEDIUMbajo ataque14 abr 2021
Potential XSS vulnerability in jQuery
85RIESGO
abrir
Exploit-DB
MariaDB 10.2 - 'wsrep_provider' OS Command Execution
CVE-2021-2792814 abr 2021
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, a
35RIESGO
abrir
Exploit-DB
Genexis PLATINUM 4410 2.1 P4410-V2-1.28 - RCE
CVE-2021-2900314 abr 2021
Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacter
35RIESGO
abrir
Exploit-DB
CITSmart ITSM 9.1.2.22 - LDAP Injection
CVE-2020-3577514 abr 2021
CITSmart before 9.1.2.23 allows LDAP Injection.
28RIESGO
abrir
Exploit-DB
CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection (Authenticated)
CVE-2021-2814214 abr 2021
CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete."
23RIESGO
abrir
Exploit-DB
jQuery 1.2 - Cross-Site Scripting (XSS)
CVE-2020-11022MEDIUM14 abr 2021
jQuery has a potential XSS vulnerability
55RIESGO
abrir
Exploit-DB
ExpressVPN VPN Router 1.0 - Router Login Panel's Integer Overflow
CVE-2020-2923813 abr 2021
An integer buffer overflow in the Nginx webserver of ExpressVPN Router version 1 allows remote attackers to obtain sensi
28RIESGO
abrir
Exploit-DB
vsftpd 2.3.4 - Backdoor Command Execution
CVE-2011-252312 abr 2021
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RIESGO
abrir
Exploit-DB
PrestaShop 1.7.6.7 - 'location' Blind Sql Injection
CVE-2020-1516009 abr 2021
Blind SQL Injection in PrestaShop
28RIESGO
abrir
Exploit-DB
DMA Radius Manager 4.4.0 - Cross-Site Request Forgery (CSRF)
CVE-2021-3014708 abr 2021
DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php.
23RIESGO
abrir
Exploit-DB
Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution
CVE-2020-1235208 abr 2021
Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adja
23RIESGO
abrir
Exploit-DB
Composr 10.0.36 - Remote Code Execution
CVE-2021-3014908 abr 2021
Composr 10.0.36 allows upload and execution of PHP files.
28RIESGO
abrir
Exploit-DB
Linux Kernel 5.4 - 'BleedingTooth' Bluetooth Zero-Click Remote Code Execution
CVE-2020-1235108 abr 2021
Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via a
23RIESGO
abrir
Exploit-DB
Dell OpenManage Server Administrator 9.4.0.0 - Arbitrary File Read
CVE-2020-5377CRITICAL07 abr 2021
Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities.
60RIESGO
abrir
Exploit-DB
Composr CMS 10.0.36 - Cross Site Scripting
CVE-2021-3015007 abr 2021
Composr 10.0.36 allows XSS in an XML script.
23RIESGO
abrir
Exploit-DB
Google Chrome 86.0.4240 V8 - Remote Code Execution
CVE-2020-1604006 abr 2021
Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially explo
60RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.