Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit200
MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
CVE-2017-0147HIGHbajo ataqueransomware14 mar 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir
Metasploit300
MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution
CVE-2017-0143HIGHbajo ataqueransomware14 mar 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir
Metasploit200
MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
CVE-2017-0148HIGHbajo ataqueransomware14 mar 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir
Metasploit200
MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
CVE-2017-0146HIGHbajo ataqueransomware14 mar 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir
Metasploit200
MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
CVE-2017-0143HIGHbajo ataqueransomware14 mar 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir
Metasploit300
MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution
CVE-2017-0143HIGHbajo ataqueransomware14 mar 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir
Metasploit400
Samsung SRN-1670D Web Viewer Version 1.0.0.193 Arbitrary File Read and Upload
CVE-2017-1652414 mar 2017
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_u
50RIESGO
abrir
Metasploit400
Samsung SRN-1670D Web Viewer Version 1.0.0.193 Arbitrary File Read and Upload
CVE-2015-827914 mar 2017
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an un
30RIESGO
abrir
Metasploit300
DnaLIMS Directory Traversal
CVE-2017-652708 mar 2017
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal att
50RIESGO
abrir
Metasploit600
dnaLIMS Admin Module Command Execution
CVE-2017-652608 mar 2017
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution throug
50RIESGO
abrir
Metasploit600
Apache Struts Jakarta Multipart Parser OGNL Injection
CVE-2017-5638CRITICALbajo ataqueransomware07 mar 2017
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception ha
100RIESGO
abrir
Metasploit300
Easy File Sharing FTP Server 3.6 Directory Traversal
CVE-2017-651007 mar 2017
Easy File Sharing FTP Server version 3.6 is vulnerable to a directory traversal vulnerability which allows an attacker t
23RIESGO
abrir
Metasploit300
FTPShell client 6.70 (Enterprise edition) Stack Buffer Overflow
CVE-2018-757304 mar 2017
An issue was discovered in FTPShell Client 6.7. A remote FTP server can send 400 characters of 'F' in conjunction with t
50RIESGO
abrir
Metasploit600
DC/OS Marathon UI Docker Exploit
CVE-2017-20198CRITICAL03 mar 2017
DC/OS Marathon UI < 1.9.0 Unauthenticated RCE via Docker Mount Abuse
43RIESGO
abrir
Metasploit300
SysGauge 1.5.18 SMTP Validation Buffer Overflow
CVE-2017-641628 feb 2017
An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arb
23RIESGO
abrir
Metasploit600
Logsign Remote Command Injection
CVE-2024-5721HIGH26 feb 2017
Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability
36RIESGO
abrir
Metasploit600
Netgear DGN2200 dnslookup.cgi Command Injection
CVE-2017-6334HIGHbajo ataque25 feb 2017
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute ar
100RIESGO
abrir
Metasploit300
Kodi 17.0 Local File Inclusion Vulnerability
CVE-2017-598212 feb 2017
Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files v
40RIESGO
abrir
Metasploit600
Piwik Superuser Plugin Upload
CVE-2025-34104CRITICAL05 feb 2017
Piwik Authenticated RCE via Custom Plugin Upload
43RIESGO
abrir
Metasploit300
Postfixadmin Protected Alias Deletion Vulnerability
CVE-2017-593003 feb 2017
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected al
23RIESGO
abrir
Metasploit300
WordPress REST API Content Injection
CVE-2017-100100001 feb 2017
The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in Wor
40RIESGO
abrir
Metasploit600
AlienVault OSSIM/USM Remote Code Execution
CVE-2016-858231 ene 2017
A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbit
50RIESGO
abrir
Metasploit600
Haraka SMTP Command Injection
CVE-2016-100028226 ene 2017
Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlie
23RIESGO
abrir
Metasploit600
Oracle Weblogic Server Deserialization RCE - RMI UnicastRef
CVE-2017-324825 ene 2017
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Suppo
60RIESGO
abrir
Metasploit300
Geutebrueck GCore - GCoreServer.exe Buffer Overflow RCE
CVE-2017-1151724 ene 2017
Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote at
43RIESGO
abrir
Metasploit300
Advantech WebAccess 8.1 Post Authentication Credential Collector
CVE-2016-581021 ene 2017
upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive
23RIESGO
abrir
Metasploit500
Cisco WebEx Chrome Extension RCE (CVE-2017-3823)
CVE-2017-382321 ene 2017
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Conta
23RIESGO
abrir
Metasploit600
Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution
CVE-2017-639815 ene 2017
An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user
30RIESGO
abrir
Metasploit400
Debian/Ubuntu ntfs-3g Local Privilege Escalation
CVE-2017-0358HIGH05 ene 2017
ntfs-3g: Modprobe influence vulnerability via environment variables
56RIESGO
abrir
Metasploit600
TrueOnline / ZyXEL P660HN-T v2 Router Authenticated Command Injection
CVE-2017-1837026 dic 2016
The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in t
23RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.