Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit0
Safari Proxy Object Type Confusion
CVE-2018-4233HIGH15 mar 2018
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud
68RIESGO
abrir
Metasploit300
SAP Internet Graphics Server (IGS) XMLCHART XXE
CVE-2018-239314 mar 2018
Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML Exter
23RIESGO
abrir
Metasploit300
SAP Internet Graphics Server (IGS) XMLCHART XXE
CVE-2018-239214 mar 2018
Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML Exter
50RIESGO
abrir
Metasploit600
Unitrends Enterprise Backup bpserverd Privilege Escalation
CVE-2018-632914 mar 2018
It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL i
50RIESGO
abrir
Metasploit300
Flexense HTTP Server Denial Of Service
CVE-2018-806509 mar 2018
An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access v
60RIESGO
abrir
Metasploit300
HTTP SickRage Password Leak
CVE-2018-916008 mar 2018
SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses.
60RIESGO
abrir
Metasploit600
ManageEngine Applications Manager Remote Code Execution
CVE-2018-789007 mar 2018
A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The pu
60RIESGO
abrir
Metasploit600
ClipBucket beats_uploader Unauthenticated Arbitrary File Upload
CVE-2018-766503 mar 2018
An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter
23RIESGO
abrir
Metasploit300
Memcached Stats Amplification Scanner
CVE-2018-100011527 feb 2018
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vuln
60RIESGO
abrir
Metasploit600
Nanopool Claymore Dual Miner APIs RCE
CVE-2018-100004909 feb 2018
Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner
60RIESGO
abrir
Metasploit300
Claymore Dual GPU Miner Format String dos attack
CVE-2018-631706 feb 2018
The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format strin
50RIESGO
abrir
Metasploit0
Exodus Wallet (ElectronJS Framework) remote Code Execution
CVE-2018-100000625 ene 2018
GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the pro
60RIESGO
abrir
Metasploit600
AsusWRT LAN Unauthenticated Remote Code Execution
CVE-2018-600022 ene 2018
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpn
60RIESGO
abrir
Metasploit600
AsusWRT LAN Unauthenticated Remote Code Execution
CVE-2018-599922 ene 2018
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, pro
60RIESGO
abrir
Metasploit500
CloudMe Sync v1.10.9
CVE-2018-689217 ene 2018
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sy
60RIESGO
abrir
Metasploit300
glibc 'realpath()' Privilege Escalation
CVE-2018-100000116 ene 2018
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before th
43RIESGO
abrir
Metasploit300
GitStack Unauthenticated REST API Requests
CVE-2018-595515 ene 2018
An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unau
60RIESGO
abrir
Metasploit500
GitStack Unsanitized Argument RCE
CVE-2018-595515 ene 2018
An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unau
60RIESGO
abrir
Metasploit600
Monstra CMS Authenticated Arbitrary File Upload
CVE-2017-1804818 dic 2017
Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for exa
30RIESGO
abrir
Metasploit600
Cambium ePMP1000 'get_chart' Shell via Command Injection (v3.1-3.5-RC7)
CVE-2017-525518 dic 2017
In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web
60RIESGO
abrir
Metasploit600
GoAhead Web Server LD_PRELOAD Arbitrary Module Load
CVE-2017-17562HIGHbajo ataque18 dic 2017
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. T
100RIESGO
abrir
Metasploit600
Linksys WVBR0-25 User-Agent Command Execution
CVE-2017-1741113 dic 2017
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authe
60RIESGO
abrir
Metasploit600
Apache Spark Unauthenticated Command Execution
CVE-2018-1177012 dic 2017
From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the su
50RIESGO
abrir
Metasploit400
Commvault Communications Service (cvd) Command Injection
CVE-2017-1804412 dic 2017
A Command Injection issue was discovered in ContentStore/Base/CVDataPipe.dll in Commvault before v11 SP6. A certain mess
30RIESGO
abrir
Metasploit600
Palo Alto Networks readSessionVarsFromFile() Session Corruption
CVE-2017-15944CRITICALbajo ataque11 dic 2017
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote
100RIESGO
abrir
Metasploit600
Mac OS X Root Privilege Escalation
CVE-2017-1387229 nov 2017
An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The is
50RIESGO
abrir
Metasploit300
Clickjacking Vulnerability In CSRF Error Page pfSense
CVE-2017-100047921 nov 2017
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged e
30RIESGO
abrir
Metasploit0
Microsoft Office CVE-2017-11882
CVE-2017-11882HIGHbajo ataqueransomware15 nov 2017
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Mi
100RIESGO
abrir
Metasploit500
Dup Scout Enterprise Login Buffer Overflow
CVE-2017-1369614 nov 2017
A buffer overflow vulnerability lies in the web server component of Dup Scout Enterprise 9.9.14, Disk Savvy Enterprise 9
40RIESGO
abrir
Metasploit500
Linux BPF Sign Extension Local Privilege Escalation
CVE-2017-1699512 nov 2017
The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial
50RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.