Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.181exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit600
Wordpress Reflex Gallery Upload Vulnerability
CVE-2015-413330 dic 2012
Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 f
50RIESGO
abrir
Metasploit0
MoinMoin twikidraw Action Traversal File Upload
CVE-2012-608130 dic 2012
Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action
50RIESGO
abrir
Metasploit300
MS13-008 Microsoft Internet Explorer CButton Object Use-After-Free Vulnerability
CVE-2012-4792HIGHbajo ataque27 dic 2012
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary cod
100RIESGO
abrir
Metasploit200
Nvidia (nvsvc) Display Driver Service Local Privilege Escalation
CVE-2013-010925 dic 2012
The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not
38RIESGO
abrir
Metasploit600
Android Browser and WebView addJavascriptInterface Code Execution
CVE-2012-663621 dic 2012
The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote atta
50RIESGO
abrir
Metasploit600
Android Browser and WebView addJavascriptInterface Code Execution
CVE-2013-471021 dic 2012
Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly imp
50RIESGO
abrir
Metasploit600
TWiki MAKETEXT Remote Command Execution
CVE-2012-632915 dic 2012
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly hand
50RIESGO
abrir
Metasploit300
RealPlayer RealMedia File Handling Buffer Overflow
CVE-2012-569114 dic 2012
Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers
50RIESGO
abrir
Metasploit300
Novell eDirectory 8 Buffer Overflow
CVE-2012-043212 dic 2012
Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote at
50RIESGO
abrir
Metasploit500
Nagios3 history.cgi Host Command Execution
CVE-2012-609609 dic 2012
Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga
50RIESGO
abrir
Metasploit600
FreeFloat FTP Server Arbitrary File Upload
CVE-2012-10030CRITICAL07 dic 2012
FreeFloat FTP Server Arbitrary File Upload
63RIESGO
abrir
Metasploit400
Netwin SurgeFTP Remote Command Execution
CVE-2012-10028HIGH06 dic 2012
Netwin SurgeFTP <= v23c8 Authenticated RCE
36RIESGO
abrir
Metasploit600
OpenSIS 'modname' PHP Code Execution
CVE-2013-134904 dic 2012
Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP cod
43RIESGO
abrir
Metasploit600
Foswiki MAKETEXT Remote Command Execution
CVE-2012-632903 dic 2012
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly hand
50RIESGO
abrir
Metasploit600
Oracle MySQL for Microsoft Windows MOF Execution
CVE-2012-561301 dic 2012
MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the
50RIESGO
abrir
Metasploit600
Oracle MySQL for Microsoft Windows FILE Privilege Abuse
CVE-2012-561301 dic 2012
MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the
50RIESGO
abrir
Metasploit300
Android Stock Browser Iframe DOS
CVE-2012-630101 dic 2012
The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a
18RIESGO
abrir
Metasploit600
Tectia SSH USERAUTH Change Request Password Reset Vulnerability
CVE-2012-597501 dic 2012
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6
50RIESGO
abrir
Metasploit300
Symantec Messaging Gateway 9.5 Log File Download Vulnerability
CVE-2012-434730 nov 2012
Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow r
50RIESGO
abrir
Metasploit600
Nagios XI Network Monitor Graph Explorer Component Command Injection
CVE-2012-10029HIGH30 nov 2012
Nagios XI Network Monitor Graph Explorer Component < 1.3 Authenticated Command Injection
36RIESGO
abrir
Metasploit600
MS13-005 HWND_BROADCAST Low to Medium Integrity Privilege Escalation
CVE-2013-000827 nov 2012
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7
43RIESGO
abrir
Metasploit600
Maxthon3 about:history XCS Trusted Zone Code Execution
CVE-2012-10032HIGH26 nov 2012
Maxthon3 about:history XCS Trusted Zone Code Execution
36RIESGO
abrir
Metasploit300
CUPS 1.6.1 Root File Read
CVE-2012-551920 nov 2012
CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator
18RIESGO
abrir
Metasploit300
KingView Log File Parsing Buffer Overflow
CVE-2012-471120 nov 2012
Buffer overflow in kingMess.exe 65.20.2003.10300 in WellinTech KingView 6.52, kingMess.exe 65.20.2003.10400 in KingView
50RIESGO
abrir
Metasploit500
NFR Agent FSFUI Record File Upload RCE
CVE-2012-495916 nov 2012
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and ex
60RIESGO
abrir
Metasploit300
NFR Agent SRS Record Arbitrary Remote File Access
CVE-2012-495716 nov 2012
Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbi
50RIESGO
abrir
Metasploit300
NFR Agent Heap Overflow Vulnerability
CVE-2012-495616 nov 2012
Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to execute arbitrary co
30RIESGO
abrir
Metasploit300
NFR Agent FSFUI Record Arbitrary Remote File Access
CVE-2012-495816 nov 2012
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrar
60RIESGO
abrir
Metasploit600
NetIQ Privileged User Manager 2.3.1 ldapagnt_eval() Remote Perl Code Execution
CVE-2012-593215 nov 2012
Eval injection vulnerability in the ldapagnt_eval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manage
50RIESGO
abrir
Metasploit600
Narcissus Image Configuration Passthru Vulnerability
CVE-2012-10033CRITICAL14 nov 2012
Narcissus backend.php Image Configuration Command Injection
63RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.