Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit600
BMC Server Automation RSCD Agent NSH Remote Command Execution
The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux a
60RIESGO
abrir ↗Metasploit600
BMC Server Automation RSCD Agent NSH Remote Command Execution
The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and U
60RIESGO
abrir ↗Metasploit600
Kaltura Remote PHP Code Execution
Kaltura < 11.1.0-2 PHP Object Injection RCE
63RIESGO
abrir ↗Metasploit600
Exim "perl_startup" Privilege Escalation
Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
38RIESGO
abrir ↗Metasploit600
Nagios XI Chained Remote Code Execution
Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an
43RIESGO
abrir ↗Metasploit0
Apache Jetspeed Arbitrary File Upload
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attacker
50RIESGO
abrir ↗Metasploit0
Apache Jetspeed Arbitrary File Upload
Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3
60RIESGO
abrir ↗Metasploit600
Nagios XI Chained Remote Code Execution
Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execut
50RIESGO
abrir ↗Metasploit600
Nagios XI Chained Remote Code Execution
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker
50RIESGO
abrir ↗Metasploit600
Nagios XI Chained Remote Code Execution
A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RC
50RIESGO
abrir ↗Metasploit600
Ruby on Rails ActionPack Inline ERB Code Execution
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to e
60RIESGO
abrir ↗Metasploit600
ATutor 2.2.1 Directory Traversal / Remote Code Execution
SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbi
60RIESGO
abrir ↗Metasploit600
ATutor 2.2.1 Directory Traversal / Remote Code Execution
ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course
30RIESGO
abrir ↗Metasploit600
ATutor 2.2.1 SQL Injection / Remote Code Execution
SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbi
60RIESGO
abrir ↗Metasploit600
Netgear Devices Unauthenticated Remote Command Execution
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear
100RIESGO
abrir ↗Metasploit600
Jenkins XStream Groovy classpath Deserialization Vulnerability
Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to ex
60RIESGO
abrir ↗Metasploit600
Primefaces Remote Code Execution Exploit
Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution
100RIESGO
abrir ↗Metasploit600
Xymon useradm Command Execution
xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via
50RIESGO
abrir ↗Metasploit600
Ubiquiti airOS Arbitrary File Upload
Ubiquiti airOS HTTP(S) unauthenticated arbitrary file upload
85RIESGO
abrir ↗Metasploit600
MS16-016 mrxdav.sys WebDav Local Privilege Escalation
The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Window
43RIESGO
abrir ↗Metasploit600
Advantech WebAccess Dashboard Viewer uploadImageCommon Arbitrary File Upload
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess
60RIESGO
abrir ↗Metasploit500
D-Link DSL-2750B OS Command Injection
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as
100RIESGO
abrir ↗Metasploit600
NETGEAR ProSafe Network Management System 300 Arbitrary File Upload
NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability
41RIESGO
abrir ↗Metasploit600
NETGEAR ProSafe Network Management System 300 Arbitrary File Upload
Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allow
60RIESGO
abrir ↗Metasploit600
NETGEAR ProSafe Network Management System 300 Arbitrary File Upload
NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability
65RIESGO
abrir ↗Metasploit300
NETGEAR ProSafe Network Management System 300 Authenticated File Download
Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote
60RIESGO
abrir ↗Metasploit600
lastore-daemon D-Bus Privilege Escalation
Deepin lastore-daemon Privilege Escalation via Unsigned .deb Installation
36RIESGO
abrir ↗Metasploit600
Oracle ATS Arbitrary File Upload
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12
60RIESGO
abrir ↗Metasploit600
Oracle ATS Arbitrary File Upload
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12
60RIESGO
abrir ↗Metasploit500
Windows Net-NTLMv2 Reflection DCOM/RPC (Juicy)
The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1,
50RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.