Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.181exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4191Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit600
Wordpress Reflex Gallery Upload Vulnerability
Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 f
50RIESGO
abrir ↗Metasploit0
MoinMoin twikidraw Action Traversal File Upload
Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action
50RIESGO
abrir ↗Metasploit300
MS13-008 Microsoft Internet Explorer CButton Object Use-After-Free Vulnerability
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary cod
100RIESGO
abrir ↗Metasploit200
Nvidia (nvsvc) Display Driver Service Local Privilege Escalation
The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not
38RIESGO
abrir ↗Metasploit600
Android Browser and WebView addJavascriptInterface Code Execution
The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote atta
50RIESGO
abrir ↗Metasploit600
Android Browser and WebView addJavascriptInterface Code Execution
Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly imp
50RIESGO
abrir ↗Metasploit600
TWiki MAKETEXT Remote Command Execution
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly hand
50RIESGO
abrir ↗Metasploit300
RealPlayer RealMedia File Handling Buffer Overflow
Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers
50RIESGO
abrir ↗Metasploit300
Novell eDirectory 8 Buffer Overflow
Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote at
50RIESGO
abrir ↗Metasploit500
Nagios3 history.cgi Host Command Execution
Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga
50RIESGO
abrir ↗Metasploit600
FreeFloat FTP Server Arbitrary File Upload
FreeFloat FTP Server Arbitrary File Upload
63RIESGO
abrir ↗Metasploit400
Netwin SurgeFTP Remote Command Execution
Netwin SurgeFTP <= v23c8 Authenticated RCE
36RIESGO
abrir ↗Metasploit600
OpenSIS 'modname' PHP Code Execution
Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP cod
43RIESGO
abrir ↗Metasploit600
Foswiki MAKETEXT Remote Command Execution
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly hand
50RIESGO
abrir ↗Metasploit600
Oracle MySQL for Microsoft Windows MOF Execution
MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the
50RIESGO
abrir ↗Metasploit600
Oracle MySQL for Microsoft Windows FILE Privilege Abuse
MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the
50RIESGO
abrir ↗Metasploit300
Android Stock Browser Iframe DOS
The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a
18RIESGO
abrir ↗Metasploit600
Tectia SSH USERAUTH Change Request Password Reset Vulnerability
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6
50RIESGO
abrir ↗Metasploit300
Symantec Messaging Gateway 9.5 Log File Download Vulnerability
Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow r
50RIESGO
abrir ↗Metasploit600
Nagios XI Network Monitor Graph Explorer Component Command Injection
Nagios XI Network Monitor Graph Explorer Component < 1.3 Authenticated Command Injection
36RIESGO
abrir ↗Metasploit600
MS13-005 HWND_BROADCAST Low to Medium Integrity Privilege Escalation
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7
43RIESGO
abrir ↗Metasploit600
Maxthon3 about:history XCS Trusted Zone Code Execution
Maxthon3 about:history XCS Trusted Zone Code Execution
36RIESGO
abrir ↗Metasploit300
CUPS 1.6.1 Root File Read
CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator
18RIESGO
abrir ↗Metasploit300
KingView Log File Parsing Buffer Overflow
Buffer overflow in kingMess.exe 65.20.2003.10300 in WellinTech KingView 6.52, kingMess.exe 65.20.2003.10400 in KingView
50RIESGO
abrir ↗Metasploit500
NFR Agent FSFUI Record File Upload RCE
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and ex
60RIESGO
abrir ↗Metasploit300
NFR Agent SRS Record Arbitrary Remote File Access
Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbi
50RIESGO
abrir ↗Metasploit300
NFR Agent Heap Overflow Vulnerability
Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to execute arbitrary co
30RIESGO
abrir ↗Metasploit300
NFR Agent FSFUI Record Arbitrary Remote File Access
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrar
60RIESGO
abrir ↗Metasploit600
NetIQ Privileged User Manager 2.3.1 ldapagnt_eval() Remote Perl Code Execution
Eval injection vulnerability in the ldapagnt_eval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manage
50RIESGO
abrir ↗Metasploit600
Narcissus Image Configuration Passthru Vulnerability
Narcissus backend.php Image Configuration Command Injection
63RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.