Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
4.187 exploits
Nucleihigh
Argus Surveillance DVR 4.0.0.0 - Local File Inclusion
Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F
60RISCO
abrir
Nucleihigh
DotNetNuke 9.2 - 9.2.1 - Weak Encryption & Cookie Deserialization
CVE-2018-15811HIGHsob ataque
DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.
100RISCO
abrir
Nucleimedium
Jorani Leave Management System 0.6.5 - Cross-Site Scripting
Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HT
38RISCO
abrir
Nucleicritical
Adobe ColdFusion - Unrestricted File Upload Remote Code Execution
CVE-2018-15961CRITICALsob ataque
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unr
100RISCO
abrir
Nucleimedium
WirelessHART Fieldgate SWG70 3.0 - Local File Inclusion
Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename par
43RISCO
abrir
Nucleimedium
Cybrotech CyBroHttpServer 1.0.3 - Local File Inclusion
Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI.
50RISCO
abrir
Nucleimedium
BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in BIBLIOsoft BIBLIOpac 2008 allows remote attackers to inject arbitrary web sc
18RISCO
abrir
Nucleicritical
WordPress Gift Voucher <4.1.8 - Blind SQL Injection
The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/ad
30RISCO
abrir
Nucleicritical
LogonTracer <=1.2.0 - Remote Command Injection
LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
60RISCO
abrir
Nucleicritical
WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion
The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter.
50RISCO
abrir
Nucleihigh
LG SuperSign EZ CMS 2.5 - Local File Inclusion
LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.
50RISCO
abrir
Nucleihigh
WordPress Localize My Post 1.0 - Local File Inclusion
The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter.
50RISCO
abrir
Nucleimedium
WordPress File Manager < 3.0 - Cross-Site Scripting
The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_f
18RISCO
abrir
Nucleimedium
CirCarLife <4.3 - Improper Authentication
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the l
18RISCO
abrir
Nucleimedium
CirCarLife <4.3 - Improper Authentication
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authenticatio
23RISCO
abrir
Nucleimedium
CirCarLife <4.3 - Improper Authentication
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is system software information disclosure due to lack
18RISCO
abrir
Nucleicritical
NCBI ToolBox - Directory Traversal
A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, whic
18RISCO
abrir
Nucleimedium
Eventum <3.4.0 - Open Redirect
Eventum before 3.4.0 has an open redirect vulnerability.
18RISCO
abrir
Nucleicritical
FUEL CMS 1.4.1 - Remote Code Execution
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This ca
60RISCO
abrir
Nucleicritical
Rubedo CMS <=3.4.0 - Directory Traversal
Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attac
50RISCO
abrir
Nucleimedium
Monstra CMS 3.0.4 - HTTP Header Injection
Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related i
18RISCO
abrir
Nucleimedium
Apache2 - Transfer-Encoding Chunked XSS
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS
18RISCO
abrir
Nucleicritical
Western Digital MyCloud NAS - Authentication Bypass
It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulne
40RISCO
abrir
Nucleicritical
LG Supersign EZ CMS - Remote Code Execution
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getT
50RISCO
abrir
Nucleicritical
WordPress Duplicator Plugin < 1.2.42 - Arbitrary Code Execution
An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and
30RISCO
abrir
Nucleicritical
Kibana - Local File Inclusion
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with
60RISCO
abrir
Nucleicritical
Joomla! JCK Editor SQL Injection
The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.
60RISCO
abrir
Nucleihigh
Zoho ManageEngine OpManager - SQL Injection
Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as de
30RISCO
abrir
Nucleimedium
DotCMS < 5.0.2 - Open Redirect
dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/
18RISCO
abrir
Nucleicritical
Comodo Unified Threat Management Web Console - Remote Code Execution
Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication
60RISCO
abrir
anteriorpágina 21 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.