Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit300
Path Traversal in Oracle GlassFish Server Open Source Edition
Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Trave
60RIESGO
abrir ↗Metasploit300
PCMAN FTP Server Buffer Overflow - PUT Command
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USE
50RIESGO
abrir ↗Metasploit600
Hak5 WiFi Pineapple Preconfiguration Command Injection
Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.
50RIESGO
abrir ↗Metasploit600
Hak5 WiFi Pineapple Preconfiguration Command Injection
Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.
50RIESGO
abrir ↗Metasploit600
Symantec Endpoint Protection Manager Authentication Bypass and Code Execution
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers t
50RIESGO
abrir ↗Metasploit600
Symantec Endpoint Protection Manager Authentication Bypass and Code Execution
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticat
50RIESGO
abrir ↗Metasploit600
Symantec Endpoint Protection Manager Authentication Bypass and Code Execution
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticat
43RIESGO
abrir ↗Metasploit300
Heroes of Might and Magic III .h3m Map file Buffer Overflow
Heroes of Might and Magic III .h3m Map File Buffer Overflow
36RIESGO
abrir ↗Metasploit300
BIND TKEY Query Denial of Service
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (
60RIESGO
abrir ↗Metasploit300
Moxa Device Credential Retrieval
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 52
48RIESGO
abrir ↗Metasploit500
Libuser roothelper Privilege Escalation
libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly mod
38RIESGO
abrir ↗Metasploit500
Libuser roothelper Privilege Escalation
Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in t
38RIESGO
abrir ↗Metasploit500
Apple OS X DYLD_PRINT_TO_FILE Privilege Escalation
dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to g
18RIESGO
abrir ↗Metasploit0
ManageEngine EventLog Analyzer Remote Code Execution
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions
60RIESGO
abrir ↗Metasploit0
MS15-078 Microsoft Windows Font Driver Buffer Overflow
Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2
100RIESGO
abrir ↗Metasploit0
MS15-078 Microsoft Windows Font Driver Buffer Overflow
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Wi
43RIESGO
abrir ↗Metasploit600
Accellion FTA getStatus verify_oauth_token Command Execution
Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metach
60RIESGO
abrir ↗Metasploit300
Accellion FTA 'statecode' Cookie Arbitrary File Read
Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices
30RIESGO
abrir ↗Metasploit600
X11 Keyboard Command Injection
An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server.
23RIESGO
abrir ↗Metasploit500
Western Digital Arkeia Remote Code Execution
The arkeiad daemon in the Arkeia Backup Agent in Western Digital Arkeia 11.0.12 and earlier allows remote attackers to b
60RIESGO
abrir ↗Metasploit300
OpenSSL Alternative Chains Certificate Forgery MITM Proxy
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly
50RIESGO
abrir ↗Metasploit500
Adobe Flash Player ByteArray Use After Free
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.
100RIESGO
abrir ↗Metasploit500
Adobe Flash opaqueBackground Use After Free
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player
100RIESGO
abrir ↗Metasploit500
Apple OS X Entitlements Rootpipe Privilege Escalation
Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allow
38RIESGO
abrir ↗Metasploit600
Watchguard XCS Remote Command Execution
Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell
50RIESGO
abrir ↗Metasploit400
Pallete Projects Werkzeug Debugger Remote Code Execution
Werkzeug's improper usage of a pathname and improper CSRF protection results in the remote command execution
36RIESGO
abrir ↗Metasploit600
Endian Firewall Proxy Password Change Command Injection
Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) NEW
50RIESGO
abrir ↗Metasploit500
Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows an
100RIESGO
abrir ↗Metasploit500
Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457
100RIESGO
abrir ↗Metasploit600
Ruby on Rails Web Console (v2) Whitelist Bypass Code Execution
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-
50RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.