Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit300
AlienVault Authenticated SQL Injection Arbitrary File Read
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier
43RIESGO
abrir ↗Metasploit300
Katello (Red Hat Satellite) users/update_roles Missing Authorization
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update
50RIESGO
abrir ↗Metasploit600
FreePBX config.php Remote Code Execution
admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12
50RIESGO
abrir ↗Metasploit400
Wireshark wiretap/mpeg.c Stack Buffer Overflow
Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10
50RIESGO
abrir ↗Metasploit600
SePortal SQLi Remote Code Execution
Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the
43RIESGO
abrir ↗Metasploit600
Firefox WebIDL Privileged Javascript Injection
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and Se
60RIESGO
abrir ↗Metasploit600
Firefox WebIDL Privileged Javascript Injection
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remo
60RIESGO
abrir ↗Metasploit300
MS14-012 Microsoft Internet Explorer TextRange Use-After-Free
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause
60RIESGO
abrir ↗Metasploit200
VirtualBox 3D Acceleration Virtual Machine Escape
Multiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/s
38RIESGO
abrir ↗Metasploit300
Yokogawa CS3000 BKESimmgr.exe Buffer Overflow
Yokogawa CENTUM CS 3000 Stack-based Buffer Overflow
68RIESGO
abrir ↗Metasploit300
Yokogawa CENTUM CS 3000 BKBCopyD.exe Buffer Overflow
Yokogawa CENTUM CS 3000 Stack-based Buffer Overflow
68RIESGO
abrir ↗Metasploit200
Yokogawa CENTUM CS 3000 BKHOdeq.exe Buffer Overflow
Yokogawa CENTUM CS 3000 Stack-based Buffer Overflow
75RIESGO
abrir ↗Metasploit300
Yokogawa CENTUM CS 3000 BKCLogSvr.exe Heap Buffer Overflow
Yokogawa CENTUM CS 3000 Heap-based Buffer Overflow
48RIESGO
abrir ↗Metasploit600
ifwatchd Privilege Escalation
/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arb
38RIESGO
abrir ↗Metasploit300
GetGo Download Manager HTTP Response Buffer Overflow
Stack-based buffer overflow in GetGo Download Manager 4.9.0.1982, 4.8.2.1346, 4.4.5.502, and earlier allows remote attac
50RIESGO
abrir ↗Metasploit600
Dell KACE K1000 File Upload
Dell/Quest KACE K1000 Unauthenticated File Upload RCE
43RIESGO
abrir ↗Metasploit0
Apache Struts ClassLoader Manipulation Remote Code Execution
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in o
60RIESGO
abrir ↗Metasploit0
Apache Struts ClassLoader Manipulation Remote Code Execution
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via t
60RIESGO
abrir ↗Metasploit0
Apache Struts ClassLoader Manipulation Remote Code Execution
ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which all
60RIESGO
abrir ↗Metasploit0
Vtiger Install Unauthenticated Remote Command Execution
views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which all
50RIESGO
abrir ↗Metasploit300
Joomla weblinks-categories Unauthenticated SQL Injection Arbitrary File Read
SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL
18RIESGO
abrir ↗Metasploit300
MantisBT Admin SQL Injection Arbitrary File Read
SQL injection vulnerability in the manage configuration page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.16 a
23RIESGO
abrir ↗Metasploit300
Oracle Demantra Database Credentials Leak
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 12.2.
50RIESGO
abrir ↗Metasploit300
Oracle Demantra Database Credentials Leak
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0
50RIESGO
abrir ↗Metasploit300
Oracle Demantra Arbitrary File Retrieval with Authentication Bypass
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 12.2.
50RIESGO
abrir ↗Metasploit300
Oracle Demantra Arbitrary File Retrieval with Authentication Bypass
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0
50RIESGO
abrir ↗Metasploit300
JIRA Issues Collector Directory Traversal
Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers t
43RIESGO
abrir ↗Metasploit600
Symantec Endpoint Protection Manager /servlet/ConsoleServlet Remote Command Execution
The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.40
50RIESGO
abrir ↗Metasploit600
Symantec Endpoint Protection Manager /servlet/ConsoleServlet Remote Command Execution
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.74
43RIESGO
abrir ↗Metasploit400
SolidWorks Workgroup PDM 2014 pdmwService.exe Arbitrary File Write
Directory traversal vulnerability in pdmwService.exe in SolidWorks Workgroup PDM 2014 allows remote attackers to write t
50RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.