Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit300
IBM Notes Denial Of Service
IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it woul
43RIESGO
abrir ↗Metasploit300
Open WAN-to-LAN proxy on AT&T routers
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, conf
18RIESGO
abrir ↗Metasploit600
Disk Pulse Enterprise GET Buffer Overflow
A buffer overflow vulnerability lies in the web server component of Dup Scout Enterprise 9.9.14, Disk Savvy Enterprise 9
40RIESGO
abrir ↗Metasploit300
HP iLO 4 1.00-2.50 Authentication Bypass Administrator Account Creation
A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53
60RIESGO
abrir ↗Metasploit400
Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation
Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE
43RIESGO
abrir ↗Metasploit600
Malicious Git HTTP Server For CVE-2017-1000117
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL ca
60RIESGO
abrir ↗Metasploit600
DIR-850L (Un)authenticated OS Command Exec
On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SER
23RIESGO
abrir ↗Metasploit600
Unitrends UEB bpserverd authentication bypass RCE
It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xin
50RIESGO
abrir ↗Metasploit600
Unitrends UEB http api remote code execution
It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, w
50RIESGO
abrir ↗Metasploit600
Unitrends UEB http api remote code execution
It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of
60RIESGO
abrir ↗Metasploit600
QNAP Transcode Server Command Execution
QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.
23RIESGO
abrir ↗Metasploit0
Android Janus APK Signature bypass
An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0,
43RIESGO
abrir ↗Metasploit600
Western Digital MyCloud multi_uploadify File Upload Vulnerability
An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquer
60RIESGO
abrir ↗Metasploit600
Nitro Pro PDF Reader 11.0.3.173 Javascript API Remote Code Execution
Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory tra
50RIESGO
abrir ↗Metasploit600
DotNetNuke Cookie Deserialization Remote Code Excecution
DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.
100RIESGO
abrir ↗Metasploit600
DotNetNuke Cookie Deserialization Remote Code Excecution
DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code e
100RIESGO
abrir ↗Metasploit600
DotNetNuke Cookie Deserialization Remote Code Excecution
DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expect
50RIESGO
abrir ↗Metasploit600
DotNetNuke Cookie Deserialization Remote Code Excecution
DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue ex
100RIESGO
abrir ↗Metasploit600
DotNetNuke Cookie Deserialization Remote Code Excecution
DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expect
50RIESGO
abrir ↗Metasploit600
Supervisor XML-RPC Authenticated Remote Code Execution
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows rem
60RIESGO
abrir ↗Metasploit400
OrientDB 2.2.x Remote Code Execution
OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which a
60RIESGO
abrir ↗Metasploit600
Evince CBT File Command Injection
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to e
50RIESGO
abrir ↗Metasploit600
Apache Struts 2 Struts 1 Plugin Showcase OGNL Code Execution
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passe
100RIESGO
abrir ↗Metasploit400
Solaris RSH Stack Clash Privilege Escalation
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions t
38RIESGO
abrir ↗Metasploit400
Solaris RSH Stack Clash Privilege Escalation
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions t
38RIESGO
abrir ↗Metasploit400
Solaris RSH Stack Clash Privilege Escalation
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported versio
38RIESGO
abrir ↗Metasploit400
Solaris RSH Stack Clash Privilege Escalation
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficie
38RIESGO
abrir ↗Metasploit200
Microsoft Windows RRAS Service MIBEntryGet Overflow
Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute c
23RIESGO
abrir ↗Metasploit500
LNK Code Execution Vulnerability
Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 201
100RIESGO
abrir ↗Metasploit500
LNK Code Execution Vulnerability
Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 201
100RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.