Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
4.187 exploits
Nucleimedium
DokuWiki - Cross-Site Scripting
DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php.
18RISCO
abrir
Nucleicritical
Apache Struts2 S2-053 - Remote Code Execution
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag in
60RISCO
abrir
Nucleihigh
Apache Tomcat Servers - Remote Code Execution
CVE-2017-12615HIGHsob ataqueransomware
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisati
100RISCO
abrir
Nucleihigh
Apache Tomcat - Remote Code Execution
CVE-2017-12617HIGHsob ataque
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTT
100RISCO
abrir
Nucleicritical
Apache Solr <= 7.1 - XML Entity Injection
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction wi
60RISCO
abrir
Nucleicritical
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB be
60RISCO
abrir
Nucleihigh
SAP NetWeaver Application Server Java 7.5 - Local File Inclusion
CVE-2017-12637HIGHsob ataque
Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Se
100RISCO
abrir
Nucleimedium
Django Debug Page - Cross-Site Scripting
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for
23RISCO
abrir
Nucleicritical
OpenDreambox 2.0.0 - Remote Code Execution
enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote
23RISCO
abrir
Nucleimedium
FortiGate FortiOS SSL VPN Web Portal - Cross-Site Scripting
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions un
18RISCO
abrir
Nucleimedium
OpenText Documentum Administrator 7.2.0180.0055 - Open Redirect
Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redi
18RISCO
abrir
Nucleihigh
Trixbox - 2.8.0.4 OS Command Injection
trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php
50RISCO
abrir
Nucleimedium
Trixbox 2.8.0 - Path Traversal
trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter
50RISCO
abrir
Nucleimedium
WordPress 2kb Amazon Affiliates Store <2.1.1 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress
18RISCO
abrir
Nucleimedium
WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting
WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or
18RISCO
abrir
Nucleimedium
WordPress < 4.8.2 - Authenticated Open Redirect
Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/us
18RISCO
abrir
Nucleihigh
Node.js <8.6.0 - Directory Traversal
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was inc
30RISCO
abrir
Nucleicritical
Intelbras WRN 150 - Authentication Bypass
Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication,
30RISCO
abrir
Nucleimedium
Dreambox WebControl 2.0.0 - Cross-Site Scripting
There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouq
38RISCO
abrir
Nucleihigh
Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local File Inclusion
Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used
23RISCO
abrir
Nucleihigh
FiberHome Routers - Local File Inclusion
On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a cra
43RISCO
abrir
Nucleihigh
Apache httpd <=2.4.29 - Arbitrary File Upload
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a ma
60RISCO
abrir
Nucleicritical
Palo Alto Network PAN-OS - Remote Code Execution
CVE-2017-15944CRITICALsob ataque
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote
100RISCO
abrir
Nucleihigh
Ulterius Server < 1.9.5.0 - Directory Traversal
The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory
60RISCO
abrir
Nucleihigh
Nextjs <2.4.1 - Local File Inclusion
ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to
23RISCO
abrir
Nucleihigh
Laravel <5.5.21 - Information Disclosure
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwo
60RISCO
abrir
Nucleimedium
WordPress Emag Marketplace Connector 1.0 - Cross-Site Scripting
The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/
18RISCO
abrir
Nucleimedium
WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting
XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via
18RISCO
abrir
Nucleimedium
WordPress < 4.9.1 - Authenticated JavaScript File Upload
wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js fi
18RISCO
abrir
Nucleimedium
WordPress Mailster <=1.5.4 - Cross-Site Scripting
The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subsc
18RISCO
abrir
anteriorpágina 15 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.