Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit300
Cisco RV320 and RV325 Unauthenticated Remote Code Execution
CVE-2019-1652HIGHsob ataque09 set 2018
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
100RISCO
abrir
Metasploit0
Snap Creek Duplicator WordPress plugin code injection
CVE-2018-1720729 ago 2018
An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and
30RISCO
abrir
Metasploit300
Microsoft Windows ALPC Task Scheduler Local Privilege Elevation
CVE-2018-8440HIGHsob ataqueransomware27 ago 2018
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (A
91RISCO
abrir
Metasploit600
Wordpress Plainview Activity Monitor RCE
CVE-2018-1587726 ago 2018
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell meta
60RISCO
abrir
Metasploit600
Apache Struts 2 Namespace Redirect OGNL Injection
CVE-2018-11776HIGHsob ataque22 ago 2018
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullN
100RISCO
abrir
Metasploit600
Ghostscript Failed Restore Command Execution
CVE-2018-1650921 ago 2018
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handlin
60RISCO
abrir
Metasploit300
Pimcore Gather Credentials via SQL Injection
CVE-2018-1405813 ago 2018
Pimcore before 5.3.0 allows SQL Injection via the REST web service API.
43RISCO
abrir
Metasploit600
PHP Laravel Framework token Unserialize Remote Command Execution
CVE-2018-15133HIGHsob ataque07 ago 2018
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unseri
100RISCO
abrir
Metasploit600
PHP Laravel Framework token Unserialize Remote Command Execution
CVE-2017-1689407 ago 2018
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwo
60RISCO
abrir
Metasploit300
Windows unmarshal post exploitation
CVE-2018-0824HIGHsob ataque05 ago 2018
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized
100RISCO
abrir
Metasploit600
NUUO NVRmini upgrade_handle.php Remote Command Execution
CVE-2018-14933CRITICALsob ataque04 ago 2018
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir par
100RISCO
abrir
Metasploit300
cgit Directory Traversal
CVE-2018-1491203 ago 2018
cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned
60RISCO
abrir
Metasploit300
Mikrotik Winbox Arbitrary File Read
CVE-2018-14847CRITICALsob ataque02 ago 2018
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated
100RISCO
abrir
Metasploit600
Network Manager VPNC Username Privilege Escalation
CVE-2018-10900HIGH26 jul 2018
Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attac
56RISCO
abrir
Metasploit300
Eaton Xpert Meter SSH Private Key Exposure Scanner
CVE-2018-1615818 jul 2018
Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different cus
30RISCO
abrir
Metasploit300
Dicoogle PACS Web Server Directory Traversal
CVE-2018-25113HIGH11 jul 2018
Dicoogle PACS Web Server 2.5.0 Unauthenticated Path Traversal
36RISCO
abrir
Metasploit600
QNAP Q'Center change_passwd Command Execution
CVE-2018-070611 jul 2018
Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticate
50RISCO
abrir
Metasploit600
QNAP Q'Center change_passwd Command Execution
CVE-2018-070711 jul 2018
Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could
50RISCO
abrir
Metasploit600
CMS Made Simple Authenticated RCE via File Upload/Copy
CVE-2018-100009403 jul 2018
CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows a
50RISCO
abrir
Metasploit300
Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow
CVE-2018-1059402 jul 2018
Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPS
50RISCO
abrir
Metasploit300
Wordpress Arbitrary File Deletion
CVE-2018-1289526 jun 2018
WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/
30RISCO
abrir
Metasploit600
PRTG Network Monitor Authenticated RCE
CVE-2018-9276HIGHsob ataque25 jun 2018
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administra
100RISCO
abrir
Metasploit400
phpMyAdmin Authenticated Remote Code Execution
CVE-2018-1261319 jun 2018
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute
60RISCO
abrir
Metasploit600
MicroFocus Secure Messaging Gateway Remote Code Execution
CVE-2018-12465CRITICAL19 jun 2018
Remote Code Execution in Micro Focus Secure Messaging Gateway
85RISCO
abrir
Metasploit600
MicroFocus Secure Messaging Gateway Remote Code Execution
CVE-2018-12464CRITICAL19 jun 2018
Unauthenticated SQL injection in Micro Focus Secure Messaging Gateway
85RISCO
abrir
Metasploit600
Axis Network Camera .srv-to-parhand RCE
CVE-2018-1066018 jun 2018
An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.
60RISCO
abrir
Metasploit600
Axis Network Camera .srv-to-parhand RCE
CVE-2018-1066118 jun 2018
An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.
60RISCO
abrir
Metasploit600
Axis Network Camera .srv-to-parhand RCE
CVE-2018-1066218 jun 2018
An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.
60RISCO
abrir
Metasploit300
Splunk __raw Server Info Disclosure
CVE-2018-1140908 jun 2018
Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json
60RISCO
abrir
Metasploit300
Cisco ASA Directory Traversal
CVE-2018-0296HIGHsob ataque06 jun 2018
A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remo
100RISCO
abrir
anteriorpágina 36 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.