Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
4.188 exploits
Nucleimedium
PacsOne Server <7.1.1 - Cross-Site Scripting
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site scripting (XSS).
18RISCO
abrir
Nucleicritical
Alumni Management System 1.0 - SQL Injection
SQL injection vulnerability in SourceCodester Alumni Management System 1.0 allows the user to inject SQL payload to bypa
18RISCO
abrir
Nucleicritical
Car Rental Management System 1.0 - Local File Inclusion
An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack
23RISCO
abrir
Nucleicritical
74CMS - Remote File Inclusion
PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 7
30RISCO
abrir
Nucleicritical
Zeroshell 3.9.3 - Command Injection
Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that co
30RISCO
abrir
Nucleimedium
Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting
The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.
43RISCO
abrir
Nucleimedium
Jira Server Pre-Auth - Arbitrary File Retrieval (WEB-INF, META-INF)
The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 befor
23RISCO
abrir
Nucleicritical
ZyXel USG - Hardcoded Credentials
CVE-2020-29583CRITICALsob ataque
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The p
100RISCO
abrir
Nucleicritical
IncomCMS 2.0 - Arbitrary File Upload
IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows un
60RISCO
abrir
Nucleicritical
Cisco Adaptive Security Appliance Software/Cisco Firepower Threat Defense - Directory Traversal
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability
85RISCO
abrir
Nucleihigh
Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense (FTD) - Local File Inclusion
CVE-2020-3452HIGHsob ataque
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability
100RISCO
abrir
Nucleicritical
Cockpit CMS 0.6.1 - Remote Code Execution
Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCrite
30RISCO
abrir
Nucleihigh
SMTP WP Plugin Directory Listing
The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in De
30RISCO
abrir
Nucleicritical
Wireless Multiplex Terminal Playout Server <=20.2.8 - Default Credential Detection
The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server 20.2.8 and earlier
23RISCO
abrir
Nucleicritical
OpenTSDB <=2.4.0 - Remote Code Execution
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. Th
60RISCO
abrir
Nucleihigh
SearchBlox <9.2.2 - Local File Inclusion
A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated us
23RISCO
abrir
Nucleihigh
Advanced Comment System 1.0 - Local File Inclusion
ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=.
43RISCO
abrir
Nucleicritical
Belkin Linksys RE6500 <1.0.012.001 - Remote Command Execution
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new passw
50RISCO
abrir
Nucleicritical
Klog Server <=2.41 - Unauthenticated Command Injection
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
60RISCO
abrir
Nucleihigh
GateOne 1.1 - Local File Inclusion
GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.
23RISCO
abrir
Nucleihigh
WordPress Simple Job Board <2.9.4 - Local File Inclusion
Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2
50RISCO
abrir
Nucleimedium
twitter-server Cross-Site Scripting
server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configu
40RISCO
abrir
Nucleimedium
Cisco ASA/FTD Software - Cross-Site Scripting
CVE-2020-3580MEDIUMsob ataqueransomware
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities
100RISCO
abrir
Nucleicritical
Agentejo Cockpit < 0.11.2 - NoSQL Injection
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
40RISCO
abrir
Nucleicritical
Agentejo Cockpit <0.11.2 - NoSQL Injection
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
60RISCO
abrir
Nucleicritical
Agentejo Cockpit <0.12.0 - NoSQL Injection
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.
60RISCO
abrir
Nucleicritical
Wordpress Quiz and Survey Master <7.0.1 - Arbitrary File Deletion
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbit
65RISCO
abrir
Nucleimedium
Rukovoditel <= 2.7.2 - Cross Site Scripting
A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticate
18RISCO
abrir
Nucleimedium
Rukovoditel <= 2.7.2 - Cross Site Scripting
A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticate
18RISCO
abrir
Nucleimedium
Rukovoditel <= 2.7.2 - Cross Site Scripting
A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authe
18RISCO
abrir
anteriorpágina 39 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.