Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit600
Cisco AnyConnect Privilege Escalations (CVE-2020-3153 and CVE-2020-3433)
CVE-2020-3153MEDIUMsob ataqueransomware05 ago 2020
Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability
83RISCO
abrir
Metasploit500
Aerospike Database UDF Lua Code Execution
CVE-2020-1315131 jul 2020
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs)
60RISCO
abrir
Metasploit600
Mida Solutions eFramework ajaxreq.php Command Injection
CVE-2020-1592024 jul 2020
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Executi
60RISCO
abrir
Metasploit400
Moodle Teacher Enrollment Privilege Escalation to RCE
CVE-2020-1432120 jul 2020
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role wi
23RISCO
abrir
Metasploit600
SharePoint DataSet / DataTable Deserialization
CVE-2020-1147HIGHsob ataque14 jul 2020
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the softwar
100RISCO
abrir
Metasploit600
Apache Airflow 1.10.10 - Example DAG Remote Code Execution
CVE-2020-11978HIGHsob ataque14 jul 2020
An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was disco
100RISCO
abrir
Metasploit600
Apache Airflow 1.10.10 - Example DAG Remote Code Execution
CVE-2020-13927CRITICALsob ataque14 jul 2020
The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but th
100RISCO
abrir
Metasploit300
SAP Unauthenticated WebService User Creation
CVE-2020-6287CRITICALsob ataque14 jul 2020
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication c
100RISCO
abrir
Metasploit600
Apache OFBiz XML-RPC Java Deserialization
CVE-2023-5146713 jul 2020
Apache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerability
60RISCO
abrir
Metasploit600
Apache OFBiz XML-RPC Java Deserialization
CVE-2020-949613 jul 2020
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
60RISCO
abrir
Metasploit600
Apache OFBiz XML-RPC Java Deserialization
CVE-2023-4907013 jul 2020
Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present
60RISCO
abrir
Metasploit500
FreeBSD ip6_setpktopt Use-After-Free Privilege Escalation
CVE-2020-745707 jul 2020
In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 1
30RISCO
abrir
Metasploit600
openSIS Unauthenticated PHP Code Execution
CVE-2020-1338330 jun 2020
openSIS through 7.4 allows Directory Traversal.
30RISCO
abrir
Metasploit200
F5 BIG-IP TMUI Directory Traversal and File Upload RCE
CVE-2020-5902CRITICALsob ataqueransomware30 jun 2020
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic
100RISCO
abrir
Metasploit600
openSIS Unauthenticated PHP Code Execution
CVE-2020-1338130 jun 2020
openSIS through 7.4 allows SQL Injection.
30RISCO
abrir
Metasploit600
openSIS Unauthenticated PHP Code Execution
CVE-2020-1338230 jun 2020
openSIS through 7.4 has Incorrect Access Control.
30RISCO
abrir
Metasploit600
Rockwell FactoryTalk View SE SCADA Unauthenticated Remote Code Execution
CVE-2020-12028HIGH22 jun 2020
Rockwell Automation FactoryTalk View SE
48RISCO
abrir
Metasploit600
Rockwell FactoryTalk View SE SCADA Unauthenticated Remote Code Execution
CVE-2020-12029CRITICAL22 jun 2020
Rockwell Automation FactoryTalk View SE
75RISCO
abrir
Metasploit600
Rockwell FactoryTalk View SE SCADA Unauthenticated Remote Code Execution
CVE-2020-12027MEDIUM22 jun 2020
Rockwell Automation FactoryTalk View SE
40RISCO
abrir
Metasploit600
ZenTao Pro 8.8.2 Remote Code Execution
CVE-2020-7361CRITICAL20 jun 2020
ZenTao Pro Command Injection
48RISCO
abrir
Metasploit600
Cacti color filter authenticated SQLi to RCE
CVE-2020-1429517 jun 2020
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead
60RISCO
abrir
Metasploit300
AnyDesk GUI Format String Write
CVE-2020-1316016 jun 2020
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execut
60RISCO
abrir
Metasploit300
Netgear R6700v3 Unauthenticated LAN Admin Password Reset
CVE-2020-10924HIGH15 jun 2020
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700
58RISCO
abrir
Metasploit300
Netgear R6700v3 Unauthenticated LAN Admin Password Reset
CVE-2020-10923MEDIUM15 jun 2020
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700
50RISCO
abrir
Metasploit600
Inductive Automation Ignition Remote Code Execution
CVE-2020-1200411 jun 2020
The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior
23RISCO
abrir
Metasploit600
Inductive Automation Ignition Remote Code Execution
CVE-2020-1064411 jun 2020
The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted dat
23RISCO
abrir
Metasploit600
Trend Micro Web Security (Virtual Appliance) Remote Code Execution
CVE-2020-860410 jun 2020
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensi
40RISCO
abrir
Metasploit600
Trend Micro Web Security (Virtual Appliance) Remote Code Execution
CVE-2020-860510 jun 2020
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitr
60RISCO
abrir
Metasploit600
Trend Micro Web Security (Virtual Appliance) Remote Code Execution
CVE-2020-860610 jun 2020
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authent
40RISCO
abrir
Metasploit600
Cayin xPost wayfinder_seqid SQLi to RCE
CVE-2020-7356CRITICAL04 jun 2020
Cayin xPost SQL Injection
48RISCO
abrir
anteriorpágina 26 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.