Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.044exploits catalogados
31.616CVEs com exploração pública
0testados em laboratório
4.187 exploits
Nucleimedium
Microsoft FrontPage Extensions - Information Disclosure
Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST reque
30RISCO
abrir
Nucleimedium
Jakarta Tomcat 3.1 and 3.0 - Information Disclosure
The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker
50RISCO
abrir
Nucleicritical
Cisco IOS HTTP Configuration - Authentication Bypass
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when lo
50RISCO
abrir
Nucleihigh
SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting
Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as othe
43RISCO
abrir
Nucleimedium
SquirrelMail 1.4.x - Folder Name Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary sc
43RISCO
abrir
Nucleimedium
Open Bulletin Board (OpenBB) v1.0.6 - Open Redirect/XSS
Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote atta
38RISCO
abrir
Nucleimedium
Lotus Domino R5 and R6 WebMail - Information Disclosure
Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hid
60RISCO
abrir
Nucleimedium
SquirrelMail Address Add 1.4.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote att
38RISCO
abrir
Nucleicritical
Horde Groupware Unauthenticated Admin Access
The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote at
18RISCO
abrir
Nucleimedium
SAP Web Application Server 6.x/7.0 - Open Redirect
frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log use
43RISCO
abrir
Nucleimedium
Cofax <=2.0RC3 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in search.htm in Cofax 2.0 RC3 and earlier allows remote attackers to inject ar
38RISCO
abrir
Nucleimedium
Cherokee HTTPD <=0.5 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary w
18RISCO
abrir
Nucleihigh
Squirrelmail <=1.4.6 - Local File Inclusion
PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals i
50RISCO
abrir
Nucleimedium
Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote
60RISCO
abrir
Nucleimedium
Jira Rainbow.Zen - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extensi
38RISCO
abrir
Nucleimedium
Apache Tomcat 4.x-7.x - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomca
60RISCO
abrir
Nucleicritical
Alcatel-Lucent OmniPCX - Remote Command Execution
CVE-2007-3010CRITICALsob ataque
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows rem
100RISCO
abrir
Nucleimedium
Joomla! RSfiles <=1.0.2 - Local File Inclusion
Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allo
38RISCO
abrir
Nucleimedium
OpenSymphony XWork/Apache Struts2 - Remote Code Execution
Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursive
23RISCO
abrir
Nucleimedium
phpPgAdmin <=4.1.1 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inje
43RISCO
abrir
Nucleihigh
WordPress Sniplets 1.1.2 - Local File Inclusion
PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordP
50RISCO
abrir
Nucleimedium
WordPress Sniplets <=1.2.2 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote at
38RISCO
abrir
Nucleimedium
Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection
Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2
50RISCO
abrir
Nucleimedium
Bitrix Site Management 2.x - Open Redirect
Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbi
18RISCO
abrir
Nucleimedium
AppServ Open Project <=2.5.10 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers
38RISCO
abrir
Nucleimedium
CMSimple 3.1 - Local File Inclusion
Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote a
43RISCO
abrir
Nucleicritical
Joomla! Image Browser 0.1.5 rc2 - Local File Inclusion
Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote atta
43RISCO
abrir
Nucleimedium
Joomla! <=2.0.0 RC2 - Local File Inclusion
Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote
43RISCO
abrir
Nucleimedium
phpPgAdmin <=4.2.1 - Local File Inclusion
Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is ena
43RISCO
abrir
Nucleimedium
Joomla! ionFiles 4.4.2 - Local File Inclusion
Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remo
43RISCO
abrir
página 1 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.