Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit500
SMB DOUBLEPULSAR Remote Code Execution
CVE-2017-0148HIGHbajo ataqueransomware14 abr 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir
Metasploit500
SMB DOUBLEPULSAR Remote Code Execution
CVE-2017-0144HIGHbajo ataqueransomware14 abr 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir
Metasploit600
Microsoft Office Word Malicious Hta Execution
CVE-2017-0199HIGHbajo ataqueransomware14 abr 2017
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Window
100RIESGO
abrir
Metasploit600
Juju-run Agent Privilege Escalation
CVE-2017-923213 abr 2017
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate pe
50RIESGO
abrir
Metasploit600
Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution
CVE-2016-754710 abr 2017
A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in
40RIESGO
abrir
Metasploit600
Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution
CVE-2016-755210 abr 2017
On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows
40RIESGO
abrir
Metasploit300
Quest Privilege Manager pmmasterd Buffer Overflow
CVE-2017-655309 abr 2017
Buffer Overflow in Quest One Identity Privilege Manager for Unix before 6.0.0.061 allows remote attackers to obtain full
50RIESGO
abrir
Metasploit300
Satel Iberia SenNet Data Logger and Electricity Meters Command Injection Vulnerability
CVE-2017-604807 abr 2017
A Command Injection issue was discovered in Satel Iberia SenNet Data Logger and Electricity Meters: SenNet Optimal DataL
23RIESGO
abrir
Metasploit400
MediaWiki SyntaxHighlight extension option injection vulnerability
CVE-2017-037206 abr 2017
Parameters injection in SyntaxHighlight results in multiple vulnerabilities
23RIESGO
abrir
Metasploit300
TYPO3 News Module SQL Injection
CVE-2017-758106 abr 2017
SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated
30RIESGO
abrir
Metasploit300
HP Jetdirect Path Traversal Arbitrary Code Execution
CVE-2017-274105 abr 2017
A potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmwa
60RIESGO
abrir
Metasploit300
Dup Scout Enterprise v10.4.16 - Import Command Buffer Overflow
CVE-2017-731029 mar 2017
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9
50RIESGO
abrir
Metasploit300
Sync Breeze Enterprise 9.5.16 - Import Command Buffer Overflow
CVE-2017-731029 mar 2017
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9
50RIESGO
abrir
Metasploit400
AF_PACKET packet_set_ring Privilege Escalation
CVE-2017-730829 mar 2017
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate cer
43RIESGO
abrir
Metasploit0
Microsoft IIS WebDav ScStoragePathFromUrl Overflow
CVE-2017-7269CRITICALbajo ataque26 mar 2017
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in
100RIESGO
abrir
Metasploit600
Samba is_known_pipename() Arbitrary Module Load
CVE-2017-7494CRITICALbajo ataqueransomware24 mar 2017
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allo
100RIESGO
abrir
Metasploit300
Razer Synapse rzpnk.sys ZwOpenProcess
CVE-2017-976922 mar 2017
A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpe
60RIESGO
abrir
Metasploit600
SolarWinds LEM Default SSH Password Remote Code Execution
CVE-2017-772217 mar 2017
In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is acce
23RIESGO
abrir
Metasploit300
Cisco IOS Telnet Denial of Service
CVE-2017-3881CRITICALbajo ataque17 mar 2017
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software co
100RIESGO
abrir
Metasploit500
Dup Scout Enterprise GET Buffer Overflow
CVE-2017-1369615 mar 2017
A buffer overflow vulnerability lies in the web server component of Dup Scout Enterprise 9.9.14, Disk Savvy Enterprise 9
40RIESGO
abrir
Metasploit500
Sync Breeze Enterprise GET Buffer Overflow
CVE-2017-1498015 mar 2017
Buffer overflow in Sync Breeze Enterprise 10.0.28 allows remote attackers to have unspecified impact via a long username
23RIESGO
abrir
Metasploit600
Github Enterprise Default Session Secret And Deserialization Vulnerability
CVE-2017-1836515 mar 2017
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated r
23RIESGO
abrir
Metasploit500
Disk Sorter Enterprise GET Buffer Overflow
CVE-2017-723015 mar 2017
A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and earlier allows remote attackers to execute arbitrar
23RIESGO
abrir
Metasploit500
VX Search Enterprise GET Buffer Overflow
CVE-2017-1370815 mar 2017
Buffer overflow in the web server service in VX Search Enterprise 10.0.14 allows remote attackers to execute arbitrary c
23RIESGO
abrir
Metasploit300
MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution
CVE-2017-0146HIGHbajo ataqueransomware14 mar 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir
Metasploit200
MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
CVE-2017-0145HIGHbajo ataqueransomware14 mar 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir
Metasploit300
MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution
CVE-2017-0147HIGHbajo ataqueransomware14 mar 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir
Metasploit300
MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution
CVE-2017-0147HIGHbajo ataqueransomware14 mar 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir
Metasploit300
MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution
CVE-2017-0146HIGHbajo ataqueransomware14 mar 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir
Metasploit200
MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
CVE-2017-0144HIGHbajo ataqueransomware14 mar 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.