Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit300
Linksys WRT120N tmUnblock Stack Buffer Overflow
CVE-2014-125122MEDIUM19 feb 2014
Linksys WRT120N tmUnblock.cgi Stack-Based Buffer Overflow Admin Password Reset
28RIESGO
abrir
Metasploit600
Linksys E-Series TheMoon Remote Command Injection
CVE-2025-34037CRITICAL13 feb 2014
Linksys Routers E/WAG/WAP/WES/WET/WRT-Series
85RIESGO
abrir
Metasploit300
MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free
CVE-2014-0322HIGHbajo ataque13 feb 2014
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code v
100RIESGO
abrir
Metasploit600
Fritz!Box Webcm Unauthenticated Command Injection
CVE-2014-972711 feb 2014
AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter t
60RIESGO
abrir
Metasploit500
MS14-009 .NET Deployment Service IE Sandbox Escape
CVE-2014-025711 feb 2014
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it
50RIESGO
abrir
Metasploit300
Apache Commons FileUpload and Apache Tomcat DoS
CVE-2014-005006 feb 2014
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products,
60RIESGO
abrir
Metasploit300
Publish-It PUI Buffer Overflow (SEH)
CVE-2014-098005 feb 2014
Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI f
50RIESGO
abrir
Metasploit300
Adobe Flash Player Integer Underflow Remote Code Execution
CVE-2014-0497HIGHbajo ataque05 feb 2014
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Ma
100RIESGO
abrir
Metasploit600
Array Networks vAPV and vxAG Private Key Privilege Escalation Code Execution
CVE-2014-125121CRITICAL03 feb 2014
Array Networks vAPV and vxAG Default Credential Privilege Escalation
43RIESGO
abrir
Metasploit400
Linux Kernel recvmmsg Privilege Escalation
CVE-2014-003802 feb 2014
The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allo
50RIESGO
abrir
Metasploit600
Pandora FMS Default Credential / SQLi Remote Code Execution
CVE-2014-125115CRITICAL01 feb 2014
Pandora FMS ≤ 5.0 SP2 Default Credential SQL Injection RCE
63RIESGO
abrir
Metasploit600
Zpanel Remote Unauthenticated RCE
CVE-2013-209730 ene 2014
ZPanel through 10.1.0 has Remote Command Execution
43RIESGO
abrir
Metasploit600
Pandora FMS Remote Code Execution
CVE-2014-125124CRITICAL29 ene 2014
Pandora FMS <= 5.0RC1 Anyterm Unauthenticated Command Injection
63RIESGO
abrir
Metasploit600
MediaWiki Thumb.php Remote Command Execution
CVE-2014-161028 ene 2014
MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is
50RIESGO
abrir
Metasploit0
Kloxo SQL Injection and Remote Code Execution
CVE-2014-125123CRITICAL28 ene 2014
Kloxo < 6.1.12 Unauthenticated SQL Injection RCE
43RIESGO
abrir
Metasploit300
A10 Networks AX Loadbalancer Directory Traversal
CVE-2014-125125HIGH28 ene 2014
A10 Networks AX Loadbalancer Path Traversal
36RIESGO
abrir
Metasploit600
SkyBlueCanvas CMS Remote Code Execution
CVE-2014-168328 ene 2014
The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248
50RIESGO
abrir
Metasploit300
ManageEngine Support Center Plus Directory Traversal
CVE-2014-10000228 ene 2014
Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arb
50RIESGO
abrir
Metasploit600
Simple E-Document Arbitrary File Upload
CVE-2014-125126CRITICAL23 ene 2014
Simple E-Document Arbitrary File Upload RCE
63RIESGO
abrir
Metasploit600
GE Proficy CIMPLICITY gefebt.exe Remote Code Execution
CVE-2014-075023 ene 2014
GE Proficy HMI/SCADA Path Traversal
78RIESGO
abrir
Metasploit0
Firefox Proxy Prototype Privileged Javascript Injection
CVE-2014-863620 ene 2014
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with
50RIESGO
abrir
Metasploit0
Firefox Proxy Prototype Privileged Javascript Injection
CVE-2015-080220 ene 2014
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl
50RIESGO
abrir
Metasploit300
Mac OS X Safari file:// Redirection Sandbox Escape
CVE-2015-115516 ene 2014
The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allo
23RIESGO
abrir
Metasploit500
Oracle Forms and Reports Remote Code Execution
CVE-2012-315315 ene 2014
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and
60RIESGO
abrir
Metasploit500
Oracle Forms and Reports Remote Code Execution
CVE-2012-3152CRITICALbajo ataque15 ene 2014
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and
100RIESGO
abrir
Metasploit400
KingScada kxClientDownload.ocx ActiveX Remote Code Execution
CVE-2013-282714 ene 2014
An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before
50RIESGO
abrir
Metasploit500
HP AutoPass License Server File Upload
CVE-2013-622110 ene 2014
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoP
60RIESGO
abrir
Metasploit600
GetSimpleCMS PHP File Upload Vulnerability
CVE-2013-10032HIGH04 ene 2014
GetSimple CMS 3.2.1 Authenticated RCE via Arbitrary PHP File Upload
36RIESGO
abrir
Metasploit600
HP Data Protector Backup Client Service Remote Code Execution
CVE-2013-234702 ene 2014
The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary
50RIESGO
abrir
Metasploit500
HP Data Protector Backup Client Service Directory Traversal
CVE-2013-619402 ene 2014
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a
50RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.