Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit300
Easy File Sharing HTTP Server 7.2 POST Buffer Overflow
Easy File Sharing HTTP Server 7.2 Buffer Overflow via POST to /sendemail.ghp
63RIESGO
abrir ↗Metasploit600
IPFire proxy.cgi RCE
IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a
30RIESGO
abrir ↗Metasploit300
Riverbed SteelHead VCX File Read
Riverbed SteelHead VCX Authenticated Arbitrary File Read via Log Filter Injection
36RIESGO
abrir ↗Metasploit600
IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system a
60RIESGO
abrir ↗Metasploit600
VICIdial user_authorization Unauthenticated Command Execution
VICIdial vicidial_sales_viewer.php Unauthenticated Command Injection via Basic Auth Password
63RIESGO
abrir ↗Metasploit600
VMware Workstation ALSA Config File Local Privilege Escalation
VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration fil
38RIESGO
abrir ↗Metasploit600
PlaySMS sendfromfile.php Authenticated "Filename" Field Code Execution
PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile
50RIESGO
abrir ↗Metasploit600
PlaySMS import.php Authenticated CSV File Upload Code Execution
import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User
60RIESGO
abrir ↗Metasploit600
Joomla Component Fields SQLi Remote Code Execution
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspeci
60RIESGO
abrir ↗Metasploit300
LabF nfsAxe 3.7 FTP Client Stack Buffer Overflow
Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long repl
23RIESGO
abrir ↗Metasploit600
HPE iMC dbman RestoreDBase Unauthenticated RCE
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
60RIESGO
abrir ↗Metasploit600
HPE iMC dbman RestartDB Unauthenticated RCE
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
60RIESGO
abrir ↗Metasploit600
Octopus Deploy Authenticated Code Execution
In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment
23RIESGO
abrir ↗Metasploit300
Veritas/Symantec Backup Exec SSL NDMP Connection Use-After-Free
In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a u
60RIESGO
abrir ↗Metasploit300
Intel AMT Digest Authentication Bypass Scanner
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Mana
100RIESGO
abrir ↗Metasploit200
WordPress PHPMailer Host Header Command Injection
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra para
100RIESGO
abrir ↗Metasploit600
Serviio Media Server checkStreamUrl Command Execution
Serviio Media Server Unauthenticated Command Injection via checkStreamUrl VIDEO Parameter
63RIESGO
abrir ↗Metasploit600
Crypttech CryptoLog Remote Code Execution
CryptoLog Unauthenticated RCE via SQL Injection and Command Injection
63RIESGO
abrir ↗Metasploit600
Ghostscript Type Confusion Arbitrary Command Execution
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion
100RIESGO
abrir ↗Metasploit600
Symantec Messaging Gateway Remote Code Execution
The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an i
60RIESGO
abrir ↗Metasploit600
Jenkins CLI Deserialization
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code exe
100RIESGO
abrir ↗Metasploit600
October CMS Upload Protection Bypass Code Execution
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise
50RIESGO
abrir ↗Metasploit600
Solaris 'EXTREMEPARR' dtappgather Privilege Escalation
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment (C
38RIESGO
abrir ↗Metasploit600
WePresent WiPG-1000 Command Injection
WePresent WiPG-1000 Unauthenticated Command Injection in via rdfs.cgi
63RIESGO
abrir ↗Metasploit600
Mercurial Custom hg-ssh Wrapper Remote Code Exec
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse
23RIESGO
abrir ↗Metasploit300
MantisBT password reset
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value
60RIESGO
abrir ↗Metasploit500
SMB DOUBLEPULSAR Remote Code Execution
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir ↗Metasploit500
SMB DOUBLEPULSAR Remote Code Execution
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir ↗Metasploit500
SMB DOUBLEPULSAR Remote Code Execution
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir ↗Metasploit500
SMB DOUBLEPULSAR Remote Code Execution
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.