Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit300
Windows Net-NTLMv2 Reflection DCOM/RPC
CVE-2016-322516 ene 2016
The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1,
50RIESGO
abrir
Metasploit300
Fortinet SSH Backdoor Scanner
CVE-2016-190909 ene 2016
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0
60RIESGO
abrir
Metasploit300
Juniper SSH Backdoor Scanner
CVE-2015-7755CRITICALbajo ataque20 dic 2015
Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r
100RIESGO
abrir
Metasploit600
D-Link DCS-930L Authenticated Remote Command Execution
CVE-2016-11021HIGHbajo ataque20 dic 2015
setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in th
98RIESGO
abrir
Metasploit600
TP-Link SC2020n Authenticated Telnet Injection
CVE-2013-257820 dic 2015
cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models be
60RIESGO
abrir
Metasploit600
blueman set_dhcp_handler D-Bus Privilege Escalation
CVE-2015-861218 dic 2015
The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users
38RIESGO
abrir
Metasploit300
Symantec Messaging Gateway 10 Exposure of Stored AD Password Vulnerability
CVE-2016-220317 dic 2015
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discove
38RIESGO
abrir
Metasploit300
IBM Tivoli Storage Manager FastBack Server Opcode 0x534 Denial of Service
CVE-2015-193015 dic 2015
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attacke
18RIESGO
abrir
Metasploit600
Joomla HTTP Header Unauthenticated Remote Code Execution
CVE-2015-856214 dic 2015
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbi
60RIESGO
abrir
Metasploit600
ManageEngine Desktop Central 9 FileUploadServlet ConnectionId Vulnerability
CVE-2015-824914 dic 2015
The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and e
60RIESGO
abrir
Metasploit300
MS15-134 Microsoft Windows Media Center MCL Information Disclosure
CVE-2015-612708 dic 2015
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows remote attackers t
50RIESGO
abrir
Metasploit300
Office OLE Multiple DLL Side Loading Vulnerabilities
CVE-2015-612808 dic 2015
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle library loading, which allo
60RIESGO
abrir
Metasploit300
Office OLE Multiple DLL Side Loading Vulnerabilities
CVE-2015-613308 dic 2015
Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511
50RIESGO
abrir
Metasploit300
Office OLE Multiple DLL Side Loading Vulnerabilities
CVE-2016-3235HIGHbajo ataque08 dic 2015
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 misha
98RIESGO
abrir
Metasploit300
Office OLE Multiple DLL Side Loading Vulnerabilities
CVE-2016-010008 dic 2015
Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle library loading, which allows local users to gain privileges v
50RIESGO
abrir
Metasploit300
Office OLE Multiple DLL Side Loading Vulnerabilities
CVE-2016-004108 dic 2015
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold an
60RIESGO
abrir
Metasploit300
Office OLE Multiple DLL Side Loading Vulnerabilities
CVE-2015-613208 dic 2015
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2
60RIESGO
abrir
Metasploit300
Windows WMI Receive Notification Exploit
CVE-2016-0040HIGHbajo ataque04 dic 2015
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to g
91RIESGO
abrir
Metasploit300
Easy File Sharing HTTP Server 7.2 SEH Overflow
CVE-2018-905902 dic 2015
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows remote attackers to execute arbitrary code
60RIESGO
abrir
Metasploit600
Advantech Switch Bash Environment Variable Code Injection (Shellshock)
CVE-2014-6271CRITICALbajo ataque01 dic 2015
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir
Metasploit600
Cambium ePMP1000 'ping' Shell via Command Injection (up to v2.5)
CVE-2017-525528 nov 2015
In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web
60RIESGO
abrir
Metasploit600
ABRT sosreport Privilege Escalation
CVE-2015-528723 nov 2015
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain perm
38RIESGO
abrir
Metasploit600
Jenkins CLI RMI Java Deserialization Vulnerability
CVE-2015-810318 nov 2015
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary co
60RIESGO
abrir
Metasploit300
OpenNMS Java Object Unserialization Remote Code Execution
CVE-2015-810306 nov 2015
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary co
60RIESGO
abrir
Metasploit600
IBM WebSphere RCE Java Deserialization Vulnerability
CVE-2015-7450CRITICALbajo ataque06 nov 2015
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and
100RIESGO
abrir
Metasploit600
vBulletin 5.1.2 Unserialize Code Execution
CVE-2015-780804 nov 2015
The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PH
60RIESGO
abrir
Metasploit600
Atlassian HipChat for Jira Plugin Velocity Template Injection
CVE-2015-560328 oct 2015
The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java
50RIESGO
abrir
Metasploit600
Joomla Content History SQLi Remote Code Execution
CVE-2015-785823 oct 2015
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via un
60RIESGO
abrir
Metasploit600
Joomla Content History SQLi Remote Code Execution
CVE-2015-729723 oct 2015
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via un
60RIESGO
abrir
Metasploit600
Joomla Content History SQLi Remote Code Execution
CVE-2015-785723 oct 2015
SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.p
60RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.