Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit300
Easy File Sharing HTTP Server 7.2 POST Buffer Overflow
CVE-2025-34096CRITICAL12 jun 2017
Easy File Sharing HTTP Server 7.2 Buffer Overflow via POST to /sendemail.ghp
63RIESGO
abrir
Metasploit600
IPFire proxy.cgi RCE
CVE-2017-975709 jun 2017
IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a
30RIESGO
abrir
Metasploit300
Riverbed SteelHead VCX File Read
CVE-2025-34098HIGH01 jun 2017
Riverbed SteelHead VCX Authenticated Arbitrary File Read via Log Filter Injection
36RIESGO
abrir
Metasploit600
IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution
CVE-2017-109230 may 2017
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system a
60RIESGO
abrir
Metasploit600
VICIdial user_authorization Unauthenticated Command Execution
CVE-2025-34099CRITICAL26 may 2017
VICIdial vicidial_sales_viewer.php Unauthenticated Command Injection via Basic Auth Password
63RIESGO
abrir
Metasploit600
VMware Workstation ALSA Config File Local Privilege Escalation
CVE-2017-491522 may 2017
VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration fil
38RIESGO
abrir
Metasploit600
PlaySMS sendfromfile.php Authenticated "Filename" Field Code Execution
CVE-2017-908021 may 2017
PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile
50RIESGO
abrir
Metasploit600
PlaySMS import.php Authenticated CSV File Upload Code Execution
CVE-2017-910121 may 2017
import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User
60RIESGO
abrir
Metasploit600
Joomla Component Fields SQLi Remote Code Execution
CVE-2017-891717 may 2017
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspeci
60RIESGO
abrir
Metasploit300
LabF nfsAxe 3.7 FTP Client Stack Buffer Overflow
CVE-2017-1804715 may 2017
Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long repl
23RIESGO
abrir
Metasploit600
HPE iMC dbman RestoreDBase Unauthenticated RCE
CVE-2017-581715 may 2017
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
60RIESGO
abrir
Metasploit600
HPE iMC dbman RestartDB Unauthenticated RCE
CVE-2017-581615 may 2017
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
60RIESGO
abrir
Metasploit600
Octopus Deploy Authenticated Code Execution
CVE-2018-1885015 may 2017
In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment
23RIESGO
abrir
Metasploit300
Veritas/Symantec Backup Exec SSL NDMP Connection Use-After-Free
CVE-2017-889510 may 2017
In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a u
60RIESGO
abrir
Metasploit300
Intel AMT Digest Authentication Bypass Scanner
CVE-2017-5689CRITICALbajo ataque05 may 2017
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Mana
100RIESGO
abrir
Metasploit200
WordPress PHPMailer Host Header Command Injection
CVE-2016-10033CRITICALbajo ataque03 may 2017
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra para
100RIESGO
abrir
Metasploit600
Serviio Media Server checkStreamUrl Command Execution
CVE-2025-34101CRITICAL03 may 2017
Serviio Media Server Unauthenticated Command Injection via checkStreamUrl VIDEO Parameter
63RIESGO
abrir
Metasploit600
Crypttech CryptoLog Remote Code Execution
CVE-2025-34102CRITICAL03 may 2017
CryptoLog Unauthenticated RCE via SQL Injection and Command Injection
63RIESGO
abrir
Metasploit600
Ghostscript Type Confusion Arbitrary Command Execution
CVE-2017-8291HIGHbajo ataque27 abr 2017
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion
100RIESGO
abrir
Metasploit600
Symantec Messaging Gateway Remote Code Execution
CVE-2017-632626 abr 2017
The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an i
60RIESGO
abrir
Metasploit600
Jenkins CLI Deserialization
CVE-2017-1000353CRITICALbajo ataque26 abr 2017
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code exe
100RIESGO
abrir
Metasploit600
October CMS Upload Protection Bypass Code Execution
CVE-2017-100011925 abr 2017
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise
50RIESGO
abrir
Metasploit600
Solaris 'EXTREMEPARR' dtappgather Privilege Escalation
CVE-2017-362224 abr 2017
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment (C
38RIESGO
abrir
Metasploit600
WePresent WiPG-1000 Command Injection
CVE-2025-34103CRITICAL20 abr 2017
WePresent WiPG-1000 Unauthenticated Command Injection in via rdfs.cgi
63RIESGO
abrir
Metasploit600
Mercurial Custom hg-ssh Wrapper Remote Code Exec
CVE-2017-946218 abr 2017
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse
23RIESGO
abrir
Metasploit300
MantisBT password reset
CVE-2017-761516 abr 2017
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value
60RIESGO
abrir
Metasploit500
SMB DOUBLEPULSAR Remote Code Execution
CVE-2017-0146HIGHbajo ataqueransomware14 abr 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir
Metasploit500
SMB DOUBLEPULSAR Remote Code Execution
CVE-2017-0147HIGHbajo ataqueransomware14 abr 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir
Metasploit500
SMB DOUBLEPULSAR Remote Code Execution
CVE-2017-0143HIGHbajo ataqueransomware14 abr 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir
Metasploit500
SMB DOUBLEPULSAR Remote Code Execution
CVE-2017-0145HIGHbajo ataqueransomware14 abr 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.