Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
22.469 exploits
Exploit-DB
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated Configuration Download
CVE-2019-1492712 ago 2019
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3
35RIESGO
abrir
Exploit-DB
Ghidra (Linux) 9.0.4 - .gar Arbitrary Code Execution
CVE-2019-1362312 ago 2019
In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive)
23RIESGO
abrir
Exploit-DB
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell
CVE-2019-1493112 ago 2019
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3
35RIESGO
abrir
Exploit-DB
WebKit - UXSS via XSLT and Nested Document Replacements
CVE-2019-869012 ago 2019
A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This i
23RIESGO
abrir
Exploit-DB
UNA 10.0.0 RC1 - 'polyglot.php' Persistent Cross-Site Scripting
CVE-2019-1480412 ago 2019
studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template
23RIESGO
abrir
Exploit-DB
Adive Framework 2.0.7 - Cross-Site Request Forgery
CVE-2019-1434608 ago 2019
Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password.
23RIESGO
abrir
Exploit-DB
Open-School 3.0 / Community Edition 2.3 - Cross-Site Scripting
CVE-2019-1469608 ago 2019
Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/index.php?r=students/guardians/create id parameter.
43RIESGO
abrir
Exploit-DB
Aptana Jaxer 1.0.3.4547 - Local File inclusion
CVE-2019-1431208 ago 2019
Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This v
43RIESGO
abrir
Exploit-DB
WordPress Plugin JoomSport 3.3 - SQL Injection
CVE-2019-1434807 ago 2019
The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via
28RIESGO
abrir
Exploit-DB
Apache Tika 1.15 - 1.17 - Header Command Injection (Metasploit)
CVE-2018-133505 ago 2019
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to
60RIESGO
abrir
Exploit-DB
macOS iMessage - Heap Overflow when Deserializing
CVE-2019-866105 ago 2019
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.6. A rem
28RIESGO
abrir
Exploit-DB
SilverSHielD 6.x - Local Privilege Escalation
CVE-2019-1306901 ago 2019
extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The
23RIESGO
abrir
Exploit-DB
Oracle Hyperion Planning 11.1.2.3 - XML External Entity
CVE-2019-286131 jul 2019
Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion (subcomponent: Security). The supported versi
23RIESGO
abrir
Exploit-DB
macOS / iOS JavaScriptCore - JSValue Use-After-Free in ValueProfiles
CVE-2019-867230 jul 2019
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS M
28RIESGO
abrir
Exploit-DB
macOS / iOS JavaScriptCore - Loop-Invariant Code Motion (LICM) Leaves Object Property Access Unguarded
CVE-2019-867130 jul 2019
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS M
23RIESGO
abrir
Exploit-DB
iMessage - NSKeyedUnarchiver Deserialization Allows file Backed NSData Objects
CVE-2019-864630 jul 2019
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.
28RIESGO
abrir
Exploit-DB
iMessage - NSArray Deserialization can Invoke Subclass that does not Retain References
CVE-2019-864730 jul 2019
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.4, tvOS 12.4, watchO
28RIESGO
abrir
Exploit-DB
iMessage - Memory Corruption when Decoding NSKnownKeysDictionary1
CVE-2019-866030 jul 2019
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10
28RIESGO
abrir
Exploit-DB
Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming
CVE-2019-394830 jul 2019
The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0
28RIESGO
abrir
Exploit-DB
macOS / iOS NSKeyedUnarchiver - Use-After-Free of ObjC Objects when Unarchiving OITSUIntDictionary Instances
CVE-2019-866230 jul 2019
This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS
23RIESGO
abrir
Exploit-DB
Schneider Electric Pelco Endura NET55XX Encoder - Authentication Bypass (Metasploit)
CVE-2019-681429 jul 2019
A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 wh
50RIESGO
abrir
Exploit-DB
WordPress Plugin Simple Membership 3.8.4 - Cross-Site Request Forgery
CVE-2019-1432829 jul 2019
The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section.
23RIESGO
abrir
Exploit-DB
Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation
CVE-2019-1132HIGHbajo ataque26 jul 2019
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
71RIESGO
abrir
Exploit-DB
Ahsay Backup 8.1.1.50 - Insecure File Upload and Code Execution (Authenticated)
CVE-2019-1026726 jul 2019
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to
60RIESGO
abrir
Exploit-DB
Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution (Metasploit)
CVE-2019-1026726 jul 2019
An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to
60RIESGO
abrir
Exploit-DB
Moodle Filepicker 3.5.2 - Server Side Request Forgery
CVE-2018-104226 jul 2019
Moodle 3.x has Server Side Request Forgery in the filepicker.
28RIESGO
abrir
Exploit-DB
pdfresurrect 0.15 - Buffer Overflow
CVE-2019-1426726 jul 2019
PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is misha
23RIESGO
abrir
Exploit-DB
Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection
CVE-2019-1026626 jul 2019
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of-bounds XML document to a URL
28RIESGO
abrir
Exploit-DB
WebKit - Universal Cross-Site Scripting due to Synchronous Page Loads
CVE-2019-864925 jul 2019
A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management
23RIESGO
abrir
Exploit-DB
Ovidentia 8.4.3 - Cross-Site Scripting
CVE-2019-1397725 jul 2019
index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=crea
23RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.