Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit300
Firebird Relational Database CNCT Group Number Buffer Overflow
CVE-2013-249231 ene 2013
Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windo
50RIESGO
abrir
Metasploit300
Novell GroupWise Client gwcls1.dll ActiveX Remote Code Execution
CVE-2012-043930 ene 2013
An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows r
50RIESGO
abrir
Metasploit300
Portable UPnP SDK unique_service_name() Remote Code Execution
CVE-2012-595829 ene 2013
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable
60RIESGO
abrir
Metasploit600
DataLife Engine preview.php PHP Code Injection
CVE-2013-141228 ene 2013
DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/pr
50RIESGO
abrir
Metasploit600
Ruby on Rails JSON Processor YAML Deserialization Code Execution
CVE-2013-033328 ene 2013
lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly
60RIESGO
abrir
Metasploit300
Ruby on Rails Devise Authentication Password Reset
CVE-2013-023328 ene 2013
Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certa
23RIESGO
abrir
Metasploit300
GE Proficy Cimplicity WebView substitute.bcl Directory Traversal
CVE-2013-065322 ene 2013
Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy
23RIESGO
abrir
Metasploit600
ZoneMinder Video Server packageControl Command Execution
CVE-2013-023222 ene 2013
includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitra
50RIESGO
abrir
Metasploit600
Java Applet JMX Remote Code Execution
CVE-2013-0431MEDIUMbajo ataqueransomware19 ene 2013
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and Ope
100RIESGO
abrir
Metasploit300
Cool PDF Image Stream Buffer Overflow
CVE-2012-491418 ene 2013
Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256 allows remote attackers to execute arbitrary code via a P
43RIESGO
abrir
Metasploit300
Polycom Command Shell Authorization Bypass
CVE-2012-661018 ene 2013
Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitra
23RIESGO
abrir
Metasploit600
EMC AlphaStor Device Manager Opcode 0x75 Command Injection
CVE-2013-092818 ene 2013
The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote
50RIESGO
abrir
Metasploit300
Linksys WRT54GL Remote Command Execution
CVE-2023-31742HIGH18 ene 2013
There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attack
36RIESGO
abrir
Metasploit0
Linksys WRT54GL apply.cgi Command Execution
CVE-2005-279918 ene 2013
Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote
60RIESGO
abrir
Metasploit600
PHP-Charts v1.0 PHP Code Execution Vulnerability
CVE-2013-10070CRITICAL16 ene 2013
PHP-Charts v1.0 PHP Code Execution
63RIESGO
abrir
Metasploit600
Java Applet Reflection Type Confusion Remote Code Execution
CVE-2013-2423LOWbajo ataque10 ene 2013
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and
95RIESGO
abrir
Metasploit600
Java Applet JMX Remote Code Execution
CVE-2013-0422CRITICALbajo ataqueransomware10 ene 2013
Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using
100RIESGO
abrir
Metasploit600
Java Applet Driver Manager Privileged toString() Remote Code Execution
CVE-2013-148810 ene 2013
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remo
60RIESGO
abrir
Metasploit300
BigAnt Server 2 SCH And DUPF Buffer Overflow
CVE-2012-627509 ene 2013
Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft BigAnt IM Message Server allow remote attackers to have
50RIESGO
abrir
Metasploit600
BigAnt Server DUPF Command Arbitrary File Upload
CVE-2012-627409 ene 2013
BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to
50RIESGO
abrir
Metasploit300
Firefox XMLSerializer Use After Free
CVE-2013-075308 ene 2013
Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox b
50RIESGO
abrir
Metasploit600
Firefox 17.0.1 Flash Privileged Code Injection
CVE-2013-075808 ene 2013
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderb
60RIESGO
abrir
Metasploit600
Firefox 17.0.1 Flash Privileged Code Injection
CVE-2013-075708 ene 2013
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbi
50RIESGO
abrir
Metasploit600
Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution
CVE-2013-020907 ene 2013
lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for reque
50RIESGO
abrir
Metasploit600
Ruby on Rails XML Processor YAML Deserialization Code Execution
CVE-2013-015607 ene 2013
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, an
60RIESGO
abrir
Metasploit600
Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution
CVE-2012-631507 ene 2013
15RIESGO
abrir
Metasploit300
Foxit Reader Plugin URL Processing Buffer Overflow
CVE-2013-10068CRITICAL07 ene 2013
Foxit Reader <= 5.4.5.0114 Plugin URL Processing Buffer Overflow
43RIESGO
abrir
Metasploit300
Simple Web Server 2.3-RC1 Directory Traversal
CVE-2002-186403 ene 2013
Directory traversal vulnerability in Simple Web Server (SWS) 0.0.4 through 0.1.0 allows remote attackers to read arbitra
23RIESGO
abrir
Metasploit300
WordPress Plugin Google Document Embedder Arbitrary File Disclosure
CVE-2012-491503 ene 2013
Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers t
50RIESGO
abrir
Metasploit600
eXtplorer v2.1 Arbitrary File Upload Vulnerability
CVE-2012-671031 dic 2012
ext_find_user in eXtplorer through 2.1.2 allows remote attackers to bypass authentication via a password[]= (aka an empt
23RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.