Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit600
TrueOnline / ZyXEL P660HN-T v1 Router Unauthenticated Command Injection
CVE-2017-18368CRITICALbajo ataque26 dic 2016
The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command inject
100RIESGO
abrir
Metasploit600
TrueOnline / ZyXEL P660HN-T v2 Router Authenticated Command Injection
CVE-2017-1837126 dic 2016
The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has three user accounts with default passw
23RIESGO
abrir
Metasploit0
PHPMailer Sendmail Argument Injection
CVE-2016-10033CRITICALbajo ataque26 dic 2016
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra para
100RIESGO
abrir
Metasploit600
TrueOnline / Billion 5200W-T Router Unauthenticated Command Injection
CVE-2017-1837226 dic 2016
The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has a command injection vulnerabili
23RIESGO
abrir
Metasploit0
PHPMailer Sendmail Argument Injection
CVE-2016-1004526 dic 2016
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail comman
60RIESGO
abrir
Metasploit600
TrueOnline / ZyXEL P660HN-T v2 Router Authenticated Command Injection
CVE-2017-1837026 dic 2016
The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in t
23RIESGO
abrir
Metasploit600
VMware VDP Known SSH Key
CVE-2016-745620 dic 2016
VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which mak
30RIESGO
abrir
Metasploit600
NETGEAR WNR2000v5 (Un)authenticated hidden_lang_avi Stack Buffer Overflow
CVE-2016-10174CRITICALbajo ataque20 dic 2016
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cg
100RIESGO
abrir
Metasploit300
NETGEAR WNR2000v5 Administrator Password Recovery
CVE-2016-1017520 dic 2016
The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. Thi
50RIESGO
abrir
Metasploit300
NETGEAR WNR2000v5 Administrator Password Recovery
CVE-2016-1017620 dic 2016
The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the w
60RIESGO
abrir
Metasploit600
Western Digital MyCloud unauthenticated command injection
CVE-2016-1010814 dic 2016
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytic
40RIESGO
abrir
Metasploit600
Western Digital MyCloud unauthenticated command injection
CVE-2018-1715314 dic 2016
It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulne
40RIESGO
abrir
Metasploit600
Netgear R7000 and R6400 cgi-bin Command Injection
CVE-2016-6277HIGHbajo ataque06 dic 2016
NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.B
100RIESGO
abrir
Metasploit600
DiskBoss Enterprise GET Buffer Overflow
CVE-2025-34105CRITICAL05 dic 2016
DiskBoss Enterprise Stack-Based Buffer Overflow RCE
43RIESGO
abrir
Metasploit600
DiskSavvy Enterprise GET Buffer Overflow
CVE-2017-618701 dic 2016
Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4.18 allows remote attackers to execute arbitrary c
50RIESGO
abrir
Metasploit300
Firefox nsSMILTimeContainer::NotifyTimeChange() RCE
CVE-2016-9079HIGHbajo ataque30 nov 2016
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been dis
100RIESGO
abrir
Metasploit600
Jenkins CLI HTTP Java Deserialization Vulnerability
CVE-2016-929916 nov 2016
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a
60RIESGO
abrir
Metasploit300
Zyxel/Eir D1000 DSL Modem NewNTPServer Command Injection Over TR-064
CVE-2016-1037207 nov 2016
The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary c
40RIESGO
abrir
Metasploit600
Dlink DIR Routers Unauthenticated HNAP Login Stack Buffer Overflow
CVE-2016-656307 nov 2016
D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action
60RIESGO
abrir
Metasploit400
WinaXe 7.7 FTP Client Remote Buffer Overflow
CVE-2025-34107HIGH03 nov 2016
WinaXe 7.7 FTP Client Remote Buffer Overflow
36RIESGO
abrir
Metasploit600
Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution
CVE-2014-720501 nov 2016
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for t
60RIESGO
abrir
Metasploit300
Joomla Account Creation and Privilege Escalation
CVE-2016-886925 oct 2016
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before
60RIESGO
abrir
Metasploit300
Joomla Account Creation and Privilege Escalation
CVE-2016-887025 oct 2016
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before
60RIESGO
abrir
Metasploit600
Ruby on Rails Dynamic Render File Upload Remote Code Execution
CVE-2016-0752HIGHbajo ataque16 oct 2016
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.
100RIESGO
abrir
Metasploit600
PowerShellEmpire Arbitrary File Upload (Skywalker)
CVE-2024-6127CRITICAL15 oct 2016
BC Security Empire Path Traversal RCE
68RIESGO
abrir
Metasploit300
Cisco Firepower Management Console 6.0 Post Auth Report Download Directory Traversal
CVE-2016-643510 oct 2016
The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via
50RIESGO
abrir
Metasploit600
Cisco Firepower Management Console 6.0 Post Authentication UserAdd Vulnerability
CVE-2016-643310 oct 2016
The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users
60RIESGO
abrir
Metasploit0
Apache Tomcat on RedHat Based Systems Insecure Temp Config Privilege Escalation
CVE-2016-542510 oct 2016
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distribu
38RIESGO
abrir
Metasploit600
Disk Pulse Enterprise Login Buffer Overflow
CVE-2025-34108HIGH03 oct 2016
Disk Pulse Enterprise 9.0.34 Login Stack Buffer Overflow
36RIESGO
abrir
Metasploit0
Apache Tomcat on Ubuntu Log Init Privilege Escalation
CVE-2016-124030 sep 2016
The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debia
38RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.