Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
22.469 exploits
Exploit-DB
Trixbox 2.8.0.4 - 'lang' Path Traversal
CVE-2017-1453728 mai 2021
trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter
50RISCO
abrir
Exploit-DB
Trixbox 2.8.0.4 - 'lang' Remote Code Execution (Unauthenticated)
CVE-2017-1453528 mai 2021
trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php
50RISCO
abrir
Exploit-DB
WordPress Plugin LifterLMS 4.21.0 - Stored Cross-Site Scripting (XSS)
CVE-2021-2430828 mai 2021
LifterLMS < 4.21.1 - Authenticated Stored XSS in Edit Profile
23RISCO
abrir
Exploit-DB
Pluck CMS 4.7.13 - File Upload Remote Code Execution (Authenticated)
CVE-2020-2960726 mai 2021
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access
35RISCO
abrir
Exploit-DB
ProFTPd 1.3.5 - 'mod_copy' Remote Command Execution (2)
CVE-2015-330626 mai 2021
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and
60RISCO
abrir
Exploit-DB
Codiad 2.8.4 - Remote Code Execution (Authenticated) (3)
CVE-2018-1942326 mai 2021
Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file.
28RISCO
abrir
Exploit-DB
WordPress Plugin ReDi Restaurant Reservation 21.0307 - 'Comment' Stored Cross-Site Scripting (XSS)
CVE-2021-2429924 mai 2021
ReDi Restaurant Reservations < 21.0426 - Unauthenticated Stored Cross-Site Scripting (XSS)
23RISCO
abrir
Exploit-DB
Solaris SunSSH 11.0 x86 - libpam Remote Root (2)
CVE-2020-14871CRITICALsob ataque21 mai 2021
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported ve
100RISCO
abrir
Exploit-DB
DELL dbutil_2_3.sys 2.3 - Arbitrary Write to Local Privilege Escalation (LPE)
CVE-2021-21551HIGHsob ataque21 mai 2021
Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privile
98RISCO
abrir
Exploit-DB
Microsoft Exchange 2019 - Unauthenticated Email Download (Metasploit)
CVE-2021-26855CRITICALsob ataqueransomware21 mai 2021
Microsoft Exchange Server Remote Code Execution Vulnerability
100RISCO
abrir
Exploit-DB
WordPress Plugin Stop Spammers 2021.8 - 'log' Reflected Cross-site Scripting (XSS)
CVE-2021-2424519 mai 2021
Stop Spammers < 2021.9 - Reflected Cross-Site Scripting (XSS)
38RISCO
abrir
Exploit-DB
Microsoft Exchange 2019 - Unauthenticated Email Download
CVE-2021-26855CRITICALsob ataqueransomware18 mai 2021
Microsoft Exchange Server Remote Code Execution Vulnerability
100RISCO
abrir
Exploit-DB
Subrion CMS 4.2.1 - Arbitrary File Upload
CVE-2018-1942217 mai 2021
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, beca
50RISCO
abrir
Exploit-DB
Microsoft Internet Explorer 8 - 'SetMouseCapture ' Use After Free
CVE-2013-3893HIGHsob ataque17 mai 2021
Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 throug
100RISCO
abrir
Exploit-DB
IPFire 2.25 - Remote Code Execution (Authenticated)
CVE-2021-3339317 mai 2021
lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It
50RISCO
abrir
Exploit-DB
Chamilo LMS 1.11.14 - Remote Code Execution (Authenticated)
CVE-2021-31933HIGH14 mai 2021
A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a paramete
46RISCO
abrir
Exploit-DB
ZeroShell 3.9.0 - Remote Command Execution
CVE-2019-1272513 mai 2021
Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web ap
60RISCO
abrir
Exploit-DB
Microsoft Internet Explorer 11 and WPAD service 'Jscript.dll' - Use-After-Free
CVE-2020-0674HIGHsob ataque13 mai 2021
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet
93RISCO
abrir
Exploit-DB
Firefox 72 IonMonkey - JIT Type Confusion
CVE-2019-17026HIGHsob ataque13 mai 2021
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are
83RISCO
abrir
Exploit-DB
Microweber CMS 1.1.20 - Remote Code Execution (Authenticated)
CVE-2020-2833710 mai 2021
A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to g
28RISCO
abrir
Exploit-DB
b2evolution 7-2-2 - 'cf_name' SQL Injection
CVE-2021-2824206 mai 2021
SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive dat
23RISCO
abrir
Exploit-DB
Piwigo 11.3.0 - 'language' SQL
CVE-2021-2797303 mai 2021
SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages.
28RISCO
abrir
Exploit-DB
Moodle 3.6.1 - Persistent Cross-Site Scripting (XSS)
CVE-2019-3810MEDIUM30 abr 2021
A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported vers
38RISCO
abrir
Exploit-DB
GNU Wget < 1.18 - Arbitrary File Upload (2)
CVE-2016-497130 abr 2021
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted F
35RISCO
abrir
Exploit-DB
Cacti 1.2.12 - 'filter' SQL Injection
CVE-2020-1429529 abr 2021
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead
60RISCO
abrir
Exploit-DB
Kirby CMS 3.5.3.1 - 'file' Cross-Site Scripting (XSS)
CVE-2021-29460HIGH28 abr 2021
Cross-site scripting (XSS) from unsanitized uploaded SVG files
41RISCO
abrir
Exploit-DB
SEO Panel 4.8.0 - 'order_col' Blind SQL Injection (2)
CVE-2021-2841926 abr 2021
The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads
28RISCO
abrir
Exploit-DB
DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting (XSS)
CVE-2021-331823 abr 2021
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.
23RISCO
abrir
Exploit-DB
RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
CVE-2021-3003922 abr 2021
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Fever" or "Blood Pressure" field on the patients/register-repo
23RISCO
abrir
Exploit-DB
RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
CVE-2021-3004222 abr 2021
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Clinic Name", "Clinic Address", "Clinic City", or "Clinic Cont
23RISCO
abrir
anteriorpágina 35 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.