Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit600
HP Intelligent Management Center BIMS UploadServlet Directory Traversal
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Soft
50RIESGO
abrir ↗Metasploit600
ClipBucket Remote Code Execution
ClipBucket <= 2.6 ofc_upload_image.php Arbitrary File Upload RCE
63RIESGO
abrir ↗Metasploit600
ibstat $PATH Privilege Escalation
Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, a
38RIESGO
abrir ↗Metasploit600
Zabbix 2.0.8 SQL Injection and Remote Code Execution
Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.
60RIESGO
abrir ↗Metasploit600
ZeroShell Remote Code Execution
cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell meta
60RIESGO
abrir ↗Metasploit600
Cisco Prime Data Center Network Manager Arbitrary File Upload
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager
60RIESGO
abrir ↗Metasploit300
MS13-080 Microsoft Internet Explorer SetMouseCapture Use-After-Free
Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 throug
100RIESGO
abrir ↗Metasploit600
F5 iControl Remote Root Command Execution
The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5
50RIESGO
abrir ↗Metasploit0
Astium Remote Code Execution
Astium VOIP PBX <= 2.1 SQL Injection File Upload RCE
63RIESGO
abrir ↗Metasploit600
OpenEMR 4.1.1 Patch 14 SQLi Privilege Escalation Remote Code Execution
OpenEMR ≤ 4.1.1 SQL Injection Privilege Escalation and RCE
36RIESGO
abrir ↗Metasploit0
GLPI install.php Remote Command Execution
inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installati
38RIESGO
abrir ↗Metasploit600
MS13-071 Microsoft Windows Theme File Handling Arbitrary Code Execution
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote a
68RIESGO
abrir ↗Metasploit300
MS13-069 Microsoft Internet Explorer CCaret Use-After-Free
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (
50RIESGO
abrir ↗Metasploit600
HP ProCurve Manager SNAC UpdateCertificatesServlet File Upload
UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0,
50RIESGO
abrir ↗Metasploit600
HP ProCurve Manager SNAC UpdateDomainControllerServlet File Upload
UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4
60RIESGO
abrir ↗Metasploit600
Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1
38RIESGO
abrir ↗Metasploit600
Sophos Web Protection Appliance sblistpack Arbitrary Command Execution
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows
60RIESGO
abrir ↗Metasploit600
Android get_user/put_user Exploit
The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not
98RIESGO
abrir ↗Metasploit300
HTTP Client LAN IP Address Gather
In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather complete client informati
50RIESGO
abrir ↗Metasploit600
Red Hat CloudForms Management Engine 5.1 agent/linuxpkgs Path Traversal
Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow re
50RIESGO
abrir ↗Metasploit600
VMWare Setuid vmware-mount Unsafe popen(3)
vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allo
38RIESGO
abrir ↗Metasploit600
Graphite Web Unsafe Pickle Handling
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python
50RIESGO
abrir ↗Metasploit300
freeFTPd PASS Command Buffer Overflow
freeFTPd <= 1.0.10 PASS Command Stack-Based Buffer Overflow
63RIESGO
abrir ↗Metasploit500
Java storeImageArray() Invalid Array Indexing Vulnerability
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 U
100RIESGO
abrir ↗Metasploit300
Adobe Reader ToolButton Use After Free
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitr
100RIESGO
abrir ↗Metasploit500
Adobe ColdFusion RDS Authentication Bypass
administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and pos
100RIESGO
abrir ↗Metasploit300
Adobe Reader ToolButton Use After Free
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitr
100RIESGO
abrir ↗Metasploit600
OpenX Backdoor PHP Code Execution
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, wh
60RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.