Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
4.187 exploits
Nucleimedium
Google Maps by BestWebSoft < 1.3.6 - Cross-Site Scripting
The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS issues.
18RISCO
abrir
Nucleimedium
Testimonials by BestWebSoft < 0.1.9 - Cross-Site Scripting
The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS issues.
18RISCO
abrir
Nucleimedium
Error Log Viewer by BestWebSoft < 1.0.6 - Cross-Site Scripting
The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS issues.
18RISCO
abrir
Nucleimedium
Sender by BestWebSoft < 1.2.1 - Cross-Site Scripting
The sender plugin before 1.2.1 for WordPress has multiple XSS issues.
18RISCO
abrir
Nucleimedium
Updater by BestWebSoft < 1.35 - Cross-Site Scripting
The updater plugin before 1.35 for WordPress has multiple XSS issues.
18RISCO
abrir
Nucleimedium
User Role by BestWebSoft < 1.5.6 - Cross-Site Scripting
The user-role plugin before 1.5.6 for WordPress has multiple XSS issues.
18RISCO
abrir
Nucleicritical
WordPress Shortcodes Ultimate <= 5.0.0 - Authenticated Remote Code Execution
The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or use
23RISCO
abrir
Nucleimedium
Timesheet Plugin < 0.1.5 - Cross-Site Scripting
The timesheet plugin before 0.1.5 for WordPress has multiple XSS issues.
18RISCO
abrir
Nucleimedium
WordPress Qards - Cross-Site Scripting
The Qards plugin through 2017-10-11 for WordPress has XSS via a remote document specified in the url parameter to html2c
18RISCO
abrir
Nucleihigh
Graphite <=1.1.5 - Server-Side Request Forgery
send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulner
23RISCO
abrir
Nucleimedium
Formidable Forms < 2.05.02 - Cross-Site Scripting
Formidable Form Builder < 2.05.03 - Unauthenticated Stored Cross-Site Scripting
56RISCO
abrir
Nucleimedium
Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure
Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure
28RISCO
abrir
Nucleimedium
FortiOS 5.4.0 to 5.6.0 - Cross-Site Scripting
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to exec
38RISCO
abrir
Nucleimedium
Fortinet FortiOS < 5.6.0 - Cross-Site Scripting
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthor
38RISCO
abrir
Nucleimedium
Fortinet FortiOS < 5.6.0 - Cross-Site Scripting
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthor
43RISCO
abrir
Nucleihigh
Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution
CVE-2017-3506HIGHsob ataque
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supporte
100RISCO
abrir
Nucleimedium
Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect
Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (li
43RISCO
abrir
Nucleimedium
McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting
Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x a
18RISCO
abrir
Nucleihigh
NETGEAR Routers - Authentication Bypass
CVE-2017-5521HIGHsob ataque
An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R
100RISCO
abrir
Nucleimedium
KMCIS CaseAware - Cross-Site Scripting
An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., "usr"
38RISCO
abrir
Nucleicritical
Apache Struts 2 - Remote Command Execution
CVE-2017-5638CRITICALsob ataqueransomware
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception ha
100RISCO
abrir
Nucleicritical
Intel Active Management - Authentication Bypass
CVE-2017-5689CRITICALsob ataque
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Mana
100RISCO
abrir
Nucleimedium
OpenVPN Access Server 2.1.4 - CRLF Injection
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbit
18RISCO
abrir
Nucleimedium
Odoo <= 8.0-20160726 & 9.0 - Open Redirect
Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: Open redirection. The impact is: obtain sensitive in
18RISCO
abrir
Nucleihigh
Kodi 17.1 - Local File Inclusion
Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files v
40RISCO
abrir
Nucleicritical
JIRA Workflow Designer Plugin in Atlassian JIRA Server > 6.3.0 - Remote Code Execution (XXE)
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer,
23RISCO
abrir
Nucleihigh
PhpColl 2.5.1 Arbitrary File Upload
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authentica
60RISCO
abrir
Nucleimedium
MaNGOSWebV4 < 4.0.8 - Cross-Site Scripting
paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected XSS in install/index.php (step parameter).
38RISCO
abrir
Nucleicritical
Windows Server 2003 & IIS 6.0 - Remote Code Execution
CVE-2017-7269CRITICALsob ataque
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in
100RISCO
abrir
Nucleimedium
Magmi 0.7.22 - Cross-Site Scripting
A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration o
18RISCO
abrir
anteriorpágina 17 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.