Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
4.188 exploits
Nucleicritical
Sonatype Nexus Repository Manager <3.15.0 - Remote Code Execution
CVE-2019-7238CRITICALsob ataque
Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.
100RISCO
abrir
Nucleihigh
eMerge E3 1.00-06 - Local File Inclusion
Linear eMerge E3-Series devices allow File Inclusion.
60RISCO
abrir
Nucleimedium
Linear eMerge E3 - Cross-Site Scripting
Linear eMerge E3-Series devices allow XSS.
50RISCO
abrir
Nucleicritical
eMerge E3 1.00-06 - Remote Code Execution
CVE-2019-7256CRITICALsob ataque
Linear eMerge E3-Series devices allow Command Injections.
100RISCO
abrir
Nucleimedium
Optergy Proton/Enterprise Building Management System - Open Redirect
Optergy Proton/Enterprise devices allow Open Redirect.
18RISCO
abrir
Nucleicritical
Optergy Proton/Enterprise - Unauthenticated RCE via Backdoor Console
Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console.
60RISCO
abrir
Nucleihigh
Genie Access WIP3BVAF IP Camera - Local File Inclusion
Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices through 3.x are vulnerable to directory traversal
23RISCO
abrir
Nucleihigh
SonicWall SRA 4600 VPN - SQL Injection
CVE-2019-7481HIGHsob ataqueransomware
Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vu
88RISCO
abrir
Nucleimedium
KindEditor 4.1.11 - Cross-Site Scripting
In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability.
18RISCO
abrir
Nucleicritical
Kibana Timelion - Arbitrary Code Execution
CVE-2019-7609CRITICALsob ataque
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker
100RISCO
abrir
Nucleihigh
Adobe Experience Manager - XML External Entity Injection
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful e
23RISCO
abrir
Nucleimedium
qdPM 9.1 - Cross-site Scripting
qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keywords] parameter.
38RISCO
abrir
Nucleihigh
Jira - Local File Inclusion
The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4,
30RISCO
abrir
Nucleimedium
Jira Improper Authorization
The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via
23RISCO
abrir
Nucleimedium
Jira <8.4.0 - Information Disclosure
The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate username
60RISCO
abrir
Nucleimedium
Jira <8.4.0 - Server-Side Request Forgery
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the con
60RISCO
abrir
Nucleihigh
Totaljs <3.2.3 - Local File Inclusion
index.js in Total.js Platform before 3.2.3 allows path traversal.
40RISCO
abrir
Nucleimedium
HotelDruid 2.3.0 - Cross-Site Scripting
HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabel
43RISCO
abrir
Nucleimedium
WordPress Core 5.0.0 - Crop-image Shell Upload
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can
60RISCO
abrir
Nucleicritical
Wavemaker Studio 6.6 - Local File Inclusion/Server-Side Request Forgery
com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&
43RISCO
abrir
Nucleihigh
ZZZCMS 1.6.1 - Remote Code Execution
An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filter
50RISCO
abrir
Nucleihigh
ThinkPHP < 3.2.4 - Remote Code Execution
CVE-2019-9082HIGHsob ataque
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public/
100RISCO
abrir
Nucleicritical
elFinder <= 2.1.47 - Command Injection
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
60RISCO
abrir
Nucleicritical
WordPress GraceMedia Media Player 1.0 - Local File Inclusion
The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the "cfg" parameter.
50RISCO
abrir
Nucleihigh
Zimbra Collaboration Suite - SSRF
CVE-2019-9621HIGHsob ataque
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x b
100RISCO
abrir
Nucleihigh
ESAFENET CDG - Arbitrary File Download
ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because t
30RISCO
abrir
Nucleicritical
Synacor Zimbra Collaboration <8.7.11p10 - XML External Entity Injection
CVE-2019-9670CRITICALsob ataque
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XX
100RISCO
abrir
Nucleihigh
Homematic CCU3 - Local File Inclusion
Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read
23RISCO
abrir
Nucleicritical
JFrog Artifactory 6.7.3 - Admin Login Bypass
An issue was discovered in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password o
30RISCO
abrir
Nucleihigh
LabKey Server 19.1.0 - XML External Entity (XXE)
An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-
30RISCO
abrir
anteriorpágina 31 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.