Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit300
Firebird Relational Database CNCT Group Number Buffer Overflow
Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windo
50RIESGO
abrir ↗Metasploit300
Novell GroupWise Client gwcls1.dll ActiveX Remote Code Execution
An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows r
50RIESGO
abrir ↗Metasploit300
Portable UPnP SDK unique_service_name() Remote Code Execution
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable
60RIESGO
abrir ↗Metasploit600
DataLife Engine preview.php PHP Code Injection
DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/pr
50RIESGO
abrir ↗Metasploit600
Ruby on Rails JSON Processor YAML Deserialization Code Execution
lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly
60RIESGO
abrir ↗Metasploit300
Ruby on Rails Devise Authentication Password Reset
Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certa
23RIESGO
abrir ↗Metasploit300
GE Proficy Cimplicity WebView substitute.bcl Directory Traversal
Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy
23RIESGO
abrir ↗Metasploit600
ZoneMinder Video Server packageControl Command Execution
includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitra
50RIESGO
abrir ↗Metasploit600
Java Applet JMX Remote Code Execution
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and Ope
100RIESGO
abrir ↗Metasploit300
Cool PDF Image Stream Buffer Overflow
Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256 allows remote attackers to execute arbitrary code via a P
43RIESGO
abrir ↗Metasploit300
Polycom Command Shell Authorization Bypass
Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitra
23RIESGO
abrir ↗Metasploit600
EMC AlphaStor Device Manager Opcode 0x75 Command Injection
The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote
50RIESGO
abrir ↗Metasploit300
Linksys WRT54GL Remote Command Execution
There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attack
36RIESGO
abrir ↗Metasploit0
Linksys WRT54GL apply.cgi Command Execution
Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote
60RIESGO
abrir ↗Metasploit600
PHP-Charts v1.0 PHP Code Execution Vulnerability
PHP-Charts v1.0 PHP Code Execution
63RIESGO
abrir ↗Metasploit600
Java Applet Reflection Type Confusion Remote Code Execution
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and
95RIESGO
abrir ↗Metasploit600
Java Applet JMX Remote Code Execution
Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using
100RIESGO
abrir ↗Metasploit600
Java Applet Driver Manager Privileged toString() Remote Code Execution
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remo
60RIESGO
abrir ↗Metasploit300
BigAnt Server 2 SCH And DUPF Buffer Overflow
Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft BigAnt IM Message Server allow remote attackers to have
50RIESGO
abrir ↗Metasploit600
BigAnt Server DUPF Command Arbitrary File Upload
BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to
50RIESGO
abrir ↗Metasploit300
Firefox XMLSerializer Use After Free
Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox b
50RIESGO
abrir ↗Metasploit600
Firefox 17.0.1 Flash Privileged Code Injection
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderb
60RIESGO
abrir ↗Metasploit600
Firefox 17.0.1 Flash Privileged Code Injection
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbi
50RIESGO
abrir ↗Metasploit600
Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution
lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for reque
50RIESGO
abrir ↗Metasploit600
Ruby on Rails XML Processor YAML Deserialization Code Execution
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, an
60RIESGO
abrir ↗Metasploit300
Foxit Reader Plugin URL Processing Buffer Overflow
Foxit Reader <= 5.4.5.0114 Plugin URL Processing Buffer Overflow
43RIESGO
abrir ↗Metasploit300
Simple Web Server 2.3-RC1 Directory Traversal
Directory traversal vulnerability in Simple Web Server (SWS) 0.0.4 through 0.1.0 allows remote attackers to read arbitra
23RIESGO
abrir ↗Metasploit300
WordPress Plugin Google Document Embedder Arbitrary File Disclosure
Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers t
50RIESGO
abrir ↗Metasploit600
eXtplorer v2.1 Arbitrary File Upload Vulnerability
ext_find_user in eXtplorer through 2.1.2 allows remote attackers to bypass authentication via a password[]= (aka an empt
23RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.