Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
22.469 exploits
Exploit-DB
Google Chrome 86.0.4240 V8 - Remote Code Execution
CVE-2020-1604006 abr 2021
Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially explo
60RIESGO
abrir
Exploit-DB
F5 BIG-IP 16.0.x - iControl REST Remote Code Execution (Unauthenticated)
CVE-2021-22986CRITICALbajo ataqueransomware02 abr 2021
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.
100RIESGO
abrir
Exploit-DB
Concrete5 8.5.4 - 'name' Stored XSS
CVE-2021-311129 mar 2021
The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.p
23RIESGO
abrir
Exploit-DB
SyncBreeze 10.1.16 - XML Parsing Stack-based Buffer Overflow
CVE-2017-1595029 mar 2021
Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buffer overflow that can be exploited for arbitrary co
23RIESGO
abrir
Exploit-DB
Dolibarr ERP 11.0.4 - File Upload Restrictions Bypass (Authenticated RCE)
CVE-2020-1420925 mar 2021
Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code executio
28RIESGO
abrir
Exploit-DB
Linksys EA7500 2.0.8.194281 - Cross-Site Scripting
CVE-2012-670825 mar 2021
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differen
23RIESGO
abrir
Exploit-DB
Codiad 2.8.4 - Remote Code Execution (Authenticated)
CVE-2018-1400923 mar 2021
Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.
35RIESGO
abrir
Exploit-DB
MyBB 1.8.25 - Poll Vote Count SQL Injection
CVE-2021-2794623 mar 2021
SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3).
23RIESGO
abrir
Exploit-DB
WordPress Plugin Delightful Downloads Jquery File Tree 1.6.6 - Path Traversal
CVE-2017-100017022 mar 2021
jqueryFileTree 2.1.5 and older Directory Traversal
50RIESGO
abrir
Exploit-DB
MyBB 1.8.25 - Chained Remote Command Execution
CVE-2021-2788922 mar 2021
Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages.
23RIESGO
abrir
Exploit-DB
MyBB 1.8.25 - Chained Remote Command Execution
CVE-2021-2789022 mar 2021
SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.
28RIESGO
abrir
Exploit-DB
LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS
CVE-2019-1296219 mar 2021
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header.
38RIESGO
abrir
Exploit-DB
VestaCP 0.9.8 - File Upload CSRF
CVE-2021-2837917 mar 2021
web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allow
23RIESGO
abrir
Exploit-DB
SonLogger 4.2.3.3 - Unauthenticated Arbitrary File Upload (Metasploit)
CVE-2021-2796415 mar 2021
SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Con
50RIESGO
abrir
Exploit-DB
Zenario CMS 8.8.53370 - 'id' Blind SQL Injection
CVE-2021-2683015 mar 2021
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin
23RIESGO
abrir
Exploit-DB
Microsoft Exchange 2019 - Server-Side Request Forgery
CVE-2021-26855CRITICALbajo ataqueransomware14 mar 2021
Microsoft Exchange Server Remote Code Execution Vulnerability
100RIESGO
abrir
Exploit-DB
Microsoft Exchange 2019 - Server-Side Request Forgery (Proxylogon) (PoC)
CVE-2021-26855CRITICALbajo ataqueransomware11 mar 2021
Microsoft Exchange Server Remote Code Execution Vulnerability
100RIESGO
abrir
Exploit-DB
Microsoft Exchange 2019 - Server-Side Request Forgery (Proxylogon) (PoC)
CVE-2021-27065HIGHbajo ataqueransomware11 mar 2021
Microsoft Exchange Server Remote Code Execution Vulnerability
100RIESGO
abrir
Exploit-DB
Atlassian JIRA 8.11.1 - User Enumeration
CVE-2020-1418110 mar 2021
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Infor
60RIESGO
abrir
Exploit-DB
Golden FTP Server 4.70 - 'PASS' Buffer Overflow (2)
CVE-2006-657609 mar 2021
Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 allows remote attackers to cause a denial of service (
50RIESGO
abrir
Exploit-DB
Joomla JCK Editor 6.4.4 - 'parent' SQL Injection (2)
CVE-2018-1725408 mar 2021
The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.
60RIESGO
abrir
Exploit-DB
e107 CMS 2.3.0 - CSRF
CVE-2021-2788504 mar 2021
usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.
23RIESGO
abrir
Exploit-DB
AnyDesk 5.5.2 - Remote Code Execution
CVE-2020-1316003 mar 2021
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execut
60RIESGO
abrir
Exploit-DB
Zen Cart 1.5.7b - Remote Code Execution (Authenticated)
CVE-2021-329102 mar 2021
Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the mod
28RIESGO
abrir
Exploit-DB
Tiny Tiny RSS - Remote Code Execution
CVE-2020-2578702 mar 2021
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting
28RIESGO
abrir
Exploit-DB
VMware vCenter Server 7.0 - Unauthenticated File Upload
CVE-2021-21972CRITICALbajo ataqueransomware01 mar 2021
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor
100RIESGO
abrir
Exploit-DB
FortiLogger 4.4.2.2 - Unauthenticated Arbitrary File Upload (Metasploit)
CVE-2021-337801 mar 2021
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUpl
60RIESGO
abrir
Exploit-DB
Monica 2.19.1 - 'last_name' Stored XSS
CVE-2021-2737023 feb 2021
The Contact page in Monica 2.19.1 allows stored XSS via the Last Name field.
23RIESGO
abrir
Exploit-DB
TestLink 1.9.20 - Unrestricted File Upload (Authenticated)
CVE-2020-863915 feb 2021
An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute ar
28RIESGO
abrir
Exploit-DB
Node.JS - 'node-serialize' Remote Code Execution (2)
CVE-2017-594110 feb 2021
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() fu
35RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.