Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit400
Overlayfs Privilege Escalation
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does no
50RIESGO
abrir ↗Metasploit600
Ruby on Rails Web Console (v2) Whitelist Bypass Code Execution
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-
50RIESGO
abrir ↗Metasploit300
D-Link Cookie Command Execution
D-Link DSP-W110A1 Cookie Command Injection
63RIESGO
abrir ↗Metasploit300
SysAid Help Desk Administrator Account Creation
SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers t
50RIESGO
abrir ↗Metasploit300
SysAid Help Desk Database Credentials Disclosure
Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrar
60RIESGO
abrir ↗Metasploit300
SysAid Help Desk Database Credentials Disclosure
SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensi
43RIESGO
abrir ↗Metasploit300
SysAid Help Desk Arbitrary File Download
Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrar
60RIESGO
abrir ↗Metasploit300
SysAid Help Desk Arbitrary File Download
SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the account
50RIESGO
abrir ↗Metasploit600
SysAid Help Desk Administrator Portal Arbitrary File Upload
Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators t
50RIESGO
abrir ↗Metasploit600
SysAid Help Desk 'rdslogs' Arbitrary File Upload
The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote at
50RIESGO
abrir ↗Metasploit300
PhoenixContact PLC Remote START/STOP Command
Phoenix Contact Software ProConOs and MultiProg Missing Authentication for Critical Function
85RIESGO
abrir ↗Metasploit500
Adobe Flash Player ShaderJob Buffer Overflow
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460
60RIESGO
abrir ↗Metasploit500
Adobe Flash Player Drawing Fill Shader Memory Corruption
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466
60RIESGO
abrir ↗Metasploit300
Windows ClientCopyImage Win32k Exploit
Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local
98RIESGO
abrir ↗Metasploit300
Realtek SDK Miniigd UPnP SOAP Command Execution
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClien
100RIESGO
abrir ↗Metasploit600
ProFTPD 1.3.5 Mod_Copy Command Execution
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and
60RIESGO
abrir ↗Metasploit600
GoAutoDial 3.3 Authentication Bypass / Command Injection
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arb
60RIESGO
abrir ↗Metasploit600
GoAutoDial 3.3 Authentication Bypass / Command Injection
Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute
50RIESGO
abrir ↗Metasploit600
ABRT raceabrt Privilege Escalation
Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impac
38RIESGO
abrir ↗Metasploit600
Lenovo System Update Privilege Escalation
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allo
38RIESGO
abrir ↗Metasploit600
Wordpress N-Media Website Contact Form Upload Vulnerability
Website Contact Form With File Upload <= 1.3.4 - Arbitrary File Upload
63RIESGO
abrir ↗Metasploit500
Apple OS X Rootpipe Privilege Escalation
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and o
86RIESGO
abrir ↗Metasploit300
Apple OSX/iOS/Windows Safari Non-HTTPOnly Cookie Theft
WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not
18RIESGO
abrir ↗Metasploit300
Archer C7 Directory Traversal Vulnerability
Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before
100RIESGO
abrir ↗Metasploit600
Novell ZENworks Configuration Management Arbitrary File Upload
Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11
60RIESGO
abrir ↗Metasploit600
Ceragon FibeAir IP-10 SSH Private Key Exposure
Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remot
60RIESGO
abrir ↗Metasploit300
Airties login-cgi Buffer Overflow
Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 502
60RIESGO
abrir ↗Metasploit0
Firefox PDF.js Privileged Javascript Injection
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource
50RIESGO
abrir ↗Metasploit0
Firefox PDF.js Privileged Javascript Injection
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl
50RIESGO
abrir ↗Metasploit600
Apport / ABRT chroot Privilege Escalation
The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a craf
38RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.