Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit300
Path Traversal in Oracle GlassFish Server Open Source Edition
CVE-2017-100002808 ago 2015
Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Trave
60RIESGO
abrir
Metasploit300
PCMAN FTP Server Buffer Overflow - PUT Command
CVE-2013-473007 ago 2015
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USE
50RIESGO
abrir
Metasploit600
Hak5 WiFi Pineapple Preconfiguration Command Injection
CVE-2015-462401 ago 2015
Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.
50RIESGO
abrir
Metasploit600
Hak5 WiFi Pineapple Preconfiguration Command Injection
CVE-2015-462401 ago 2015
Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.
50RIESGO
abrir
Metasploit600
Symantec Endpoint Protection Manager Authentication Bypass and Code Execution
CVE-2015-148631 jul 2015
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers t
50RIESGO
abrir
Metasploit600
Symantec Endpoint Protection Manager Authentication Bypass and Code Execution
CVE-2015-148731 jul 2015
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticat
50RIESGO
abrir
Metasploit600
Symantec Endpoint Protection Manager Authentication Bypass and Code Execution
CVE-2015-148931 jul 2015
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticat
43RIESGO
abrir
Metasploit300
Heroes of Might and Magic III .h3m Map file Buffer Overflow
CVE-2025-34124HIGH29 jul 2015
Heroes of Might and Magic III .h3m Map File Buffer Overflow
36RIESGO
abrir
Metasploit300
BIND TKEY Query Denial of Service
CVE-2015-547728 jul 2015
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (
60RIESGO
abrir
Metasploit300
Moxa Device Credential Retrieval
CVE-2016-9361CRITICAL28 jul 2015
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 52
48RIESGO
abrir
Metasploit500
Libuser roothelper Privilege Escalation
CVE-2015-324624 jul 2015
libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly mod
38RIESGO
abrir
Metasploit500
Libuser roothelper Privilege Escalation
CVE-2015-324524 jul 2015
Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in t
38RIESGO
abrir
Metasploit500
Apple OS X DYLD_PRINT_TO_FILE Privilege Escalation
CVE-2015-376021 jul 2015
dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to g
18RIESGO
abrir
Metasploit0
ManageEngine EventLog Analyzer Remote Code Execution
CVE-2015-738711 jul 2015
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions
60RIESGO
abrir
Metasploit0
MS15-078 Microsoft Windows Font Driver Buffer Overflow
CVE-2015-2426HIGHbajo ataque11 jul 2015
Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2
100RIESGO
abrir
Metasploit0
MS15-078 Microsoft Windows Font Driver Buffer Overflow
CVE-2015-243311 jul 2015
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Wi
43RIESGO
abrir
Metasploit600
Accellion FTA getStatus verify_oauth_token Command Execution
CVE-2015-285710 jul 2015
Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metach
60RIESGO
abrir
Metasploit300
Accellion FTA 'statecode' Cookie Arbitrary File Read
CVE-2015-285610 jul 2015
Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices
30RIESGO
abrir
Metasploit600
X11 Keyboard Command Injection
CVE-1999-052610 jul 2015
An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server.
23RIESGO
abrir
Metasploit500
Western Digital Arkeia Remote Code Execution
CVE-2015-770910 jul 2015
The arkeiad daemon in the Arkeia Backup Agent in Western Digital Arkeia 11.0.12 and earlier allows remote attackers to b
60RIESGO
abrir
Metasploit300
OpenSSL Alternative Chains Certificate Forgery MITM Proxy
CVE-2015-179309 jul 2015
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly
50RIESGO
abrir
Metasploit500
Adobe Flash Player ByteArray Use After Free
CVE-2015-5119HIGHbajo ataque06 jul 2015
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.
100RIESGO
abrir
Metasploit500
Adobe Flash opaqueBackground Use After Free
CVE-2015-5122HIGHbajo ataque06 jul 2015
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player
100RIESGO
abrir
Metasploit500
Apple OS X Entitlements Rootpipe Privilege Escalation
CVE-2015-367301 jul 2015
Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allow
38RIESGO
abrir
Metasploit600
Watchguard XCS Remote Command Execution
CVE-2015-545329 jun 2015
Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell
50RIESGO
abrir
Metasploit400
Pallete Projects Werkzeug Debugger Remote Code Execution
CVE-2024-34069HIGH28 jun 2015
Werkzeug's improper usage of a pathname and improper CSRF protection results in the remote command execution
36RIESGO
abrir
Metasploit600
Endian Firewall Proxy Password Change Command Injection
CVE-2015-508228 jun 2015
Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) NEW
50RIESGO
abrir
Metasploit500
Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow
CVE-2015-3113HIGHbajo ataque23 jun 2015
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows an
100RIESGO
abrir
Metasploit500
Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow
CVE-2015-3043HIGHbajo ataque23 jun 2015
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457
100RIESGO
abrir
Metasploit600
Ruby on Rails Web Console (v2) Whitelist Bypass Code Execution
CVE-2015-322416 jun 2015
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-
50RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.