Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit600
Firefox toString console.time Privileged Javascript Injection
CVE-2013-171014 may 2013
The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird befo
50RIESGO
abrir
Metasploit500
AdobeCollabSync Buffer Overflow Adobe Reader X Sandbox Bypass
CVE-2013-273014 may 2013
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attacke
60RIESGO
abrir
Metasploit500
Nginx HTTP Server 1.3.9-1.4.0 Chunked Encoding Stack Buffer Overflow
CVE-2013-202807 may 2013
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cau
60RIESGO
abrir
Metasploit300
ColdFusion 'password.properties' Hash Extraction
CVE-2013-333607 may 2013
Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files
60RIESGO
abrir
Metasploit400
MS13-038 Microsoft Internet Explorer CGenericElement Object Use-After-Free Vulnerability
CVE-2013-1347HIGHbajo ataque03 may 2013
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbit
100RIESGO
abrir
Metasploit300
AudioCoder .M3U Buffer Overflow
CVE-2017-887001 may 2013
Buffer overflow in AudioCoder 0.8.46 allows remote attackers to execute arbitrary code via a crafted .m3u file.
43RIESGO
abrir
Metasploit300
IBM SPSS SamplePower C1Tab ActiveX Heap Overflow
CVE-2012-594626 abr 2013
Buffer overflow in the c1sizer ActiveX control in C1sizer.ocx in IBM SPSS SamplePower 3.0 before FP1 allows remote attac
50RIESGO
abrir
Metasploit600
phpMyAdmin Authenticated Remote Code Execution via preg_replace()
CVE-2013-323825 abr 2013
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a
43RIESGO
abrir
Metasploit300
ERS Viewer 2011 ERS File Handling Buffer Overflow
CVE-2013-072623 abr 2013
Stack-based buffer overflow in the ERM_convert_to_correct_webpath function in ermapper_u.dll in ERDAS ER Viewer before 1
43RIESGO
abrir
Metasploit200
Tincd Post-Authentication Remote TCP Stack Buffer Overflow
CVE-2013-142822 abr 2013
Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pr
50RIESGO
abrir
Metasploit600
D-Link Devices Unauthenticated Remote Command Execution
CVE-2013-10050HIGH22 abr 2013
D-Link Devices tools_vct.xgi Authenticated RCE
36RIESGO
abrir
Metasploit600
WordPress W3 Total Cache PHP Code Execution
CVE-2013-201017 abr 2013
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
60RIESGO
abrir
Metasploit600
Oracle WebCenter Content CheckOutAndOpen.dll ActiveX Remote Code Execution
CVE-2013-155916 abr 2013
Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.
50RIESGO
abrir
Metasploit600
Ruby on Rails Known Secret Session Cookie Remote Code Execution
CVE-2013-015611 abr 2013
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, an
60RIESGO
abrir
Metasploit600
MiniWeb (Build 300) Arbitrary File Upload
CVE-2013-10047CRITICAL09 abr 2013
MiniWeb <= Build 300 Arbitrary File Upload
43RIESGO
abrir
Metasploit600
ABB MicroSCADA wserver.exe Remote Code Execution
CVE-2019-562005 abr 2013
ABB MicroSCADA Pro SYS600 Missing Authentication for Critical Function
40RIESGO
abrir
Metasploit300
Sophos Web Protection Appliance patience.cgi Directory Traversal
CVE-2013-264103 abr 2013
Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read
60RIESGO
abrir
Metasploit300
MiniUPnPd 1.4 Denial of Service (DoS) Exploit
CVE-2013-022927 mar 2013
The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attacke
60RIESGO
abrir
Metasploit300
MiniUPnPd 1.0 Stack Buffer Overflow Remote Code Execution
CVE-2013-023027 mar 2013
Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP
50RIESGO
abrir
Metasploit600
vTiger CRM SOAP AddEmailAttachment Arbitrary File Upload
CVE-2013-321526 mar 2013
vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in
50RIESGO
abrir
Metasploit600
vTiger CRM SOAP AddEmailAttachment Arbitrary File Upload
CVE-2013-321426 mar 2013
vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.
60RIESGO
abrir
Metasploit600
vBulletin index.php/ajax/api/reputation/vote nodeid Parameter SQL Injection
CVE-2013-352225 mar 2013
SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier
43RIESGO
abrir
Metasploit300
vBulletin Password Collector via nodeid SQL Injection
CVE-2013-352224 mar 2013
SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier
43RIESGO
abrir
Metasploit300
MongoDB nativeHelper.apply Remote Code Execution
CVE-2013-189224 mar 2013
MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMo
50RIESGO
abrir
Metasploit500
Novell ZENworks Configuration Management Remote Execution
CVE-2013-108022 mar 2013
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform a
60RIESGO
abrir
Metasploit300
Sysax Multi-Server 6.10 SSHD Key Exchange Denial of Service
CVE-2013-10065HIGH17 mar 2013
Sysax Multi-Server <= 6.10 SSHD Key Exchange DoS
36RIESGO
abrir
Metasploit600
Novell Zenworks Mobile Managment MDM.php Local File Inclusion Vulnerability
CVE-2013-108113 mar 2013
Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.7.0 allows remote at
50RIESGO
abrir
Metasploit300
MS13-022 Microsoft Silverlight ScriptObject Unsafe Memory Access
CVE-2013-3896MEDIUMbajo ataque12 mar 2013
Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, wh
90RIESGO
abrir
Metasploit300
MS13-022 Microsoft Silverlight ScriptObject Unsafe Memory Access
CVE-2013-0074HIGHbajo ataqueransomware12 mar 2013
Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML obj
100RIESGO
abrir
Metasploit600
GroundWork monarch_scan.cgi OS Command Injection
CVE-2013-350208 mar 2013
monarch_scan.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to ex
50RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.