Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
22.469 exploits
Exploit-DB
Anuko Time Tracker 1.19.23.5311 - Password Reset leading to Account Takeover
CVE-2020-2742202 dez 2020
In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an a
23RISCO
abrir
Exploit-DB
Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile
CVE-2020-2868702 dez 2020
The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upl
28RISCO
abrir
Exploit-DB
Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Add Artwork
CVE-2020-2868802 dez 2020
The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to uplo
28RISCO
abrir
Exploit-DB
WonderCMS 3.1.3 - Authenticated SSRF to Remote Remote Code Execution
CVE-2020-3531302 dez 2020
A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in Wonder
35RISCO
abrir
Exploit-DB
WonderCMS 3.1.3 - Authenticated Remote Code Execution
CVE-2020-3531402 dez 2020
A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, al
28RISCO
abrir
Exploit-DB
Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality
CVE-2020-2742302 dez 2020
Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial o
23RISCO
abrir
Exploit-DB
PRTG Network Monitor 20.4.63.1412 - 'maps' Stored XSS
CVE-2020-1407302 dez 2020
XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can c
23RISCO
abrir
Exploit-DB
WordPress Plugin Wp-FileManager 6.8 - RCE
CVE-2020-25213CRITICALsob ataque02 dez 2020
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitra
100RISCO
abrir
Exploit-DB
Joomla! Component GMapFP 3.5 - Unauthenticated Arbitrary File Upload
CVE-2020-2397201 dez 2020
In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating
50RISCO
abrir
Exploit-DB
Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting
CVE-2020-2939501 dez 2020
The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.
43RISCO
abrir
Exploit-DB
Rejetto HttpFileServer 2.3.x - Remote Command Execution (3)
CVE-2014-6287CRITICALsob ataque30 nov 2020
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c a
100RISCO
abrir
Exploit-DB
Best Support System 3.0.4 - 'ticket_body' Persistent XSS (Authenticated)
CVE-2020-2496327 nov 2020
An Authenticated Persistent XSS vulnerability was discovered in the Best Support System, tested version v3.0.4.
23RISCO
abrir
Exploit-DB
Laravel Administrator 4 - Unrestricted File Upload (Authenticated)
CVE-2020-1096327 nov 2020
FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution)
28RISCO
abrir
Exploit-DB
Acronis Cyber Backup 12.5 Build 16341 - Unauthenticated SSRF
CVE-2020-1617127 nov 2020
An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/
23RISCO
abrir
Exploit-DB
libupnp 1.6.18 - Stack-based buffer overflow (DoS)
CVE-2012-595827 nov 2020
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable
60RISCO
abrir
Exploit-DB
Foxit Reader 9.0.1.1049 - Arbitrary Code Execution
CVE-2018-995827 nov 2020
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1
50RISCO
abrir
Exploit-DB
Razer Chroma SDK Server 3.16.02 - Race Condition Remote File Execution
CVE-2020-1660226 nov 2020
Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a ra
23RISCO
abrir
Exploit-DB
Apache OpenMeetings 5.0.0 - 'hostname' Denial of Service
CVE-2020-1395124 nov 2020
Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.
45RISCO
abrir
Exploit-DB
ZeroShell 3.9.0 - 'cgi-bin/kerbynet' Remote Root Command Injection (Metasploit)
CVE-2019-1272524 nov 2020
Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web ap
60RISCO
abrir
Exploit-DB
TP-Link TL-WA855RE V5_200415 - Device Reset Auth Bypass
CVE-2020-24363HIGHsob ataque23 nov 2020
TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP
76RISCO
abrir
Exploit-DB
LifeRay 7.2.1 GA2 - Stored XSS
CVE-2020-793423 nov 2020
In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyA
23RISCO
abrir
Exploit-DB
PESCMS TEAM 2.3.2 - Multiple Reflected XSS
CVE-2020-2809219 nov 2020
PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&s
23RISCO
abrir
Exploit-DB
xuucms 3 - 'keywords' SQL Injection
CVE-2020-2809119 nov 2020
cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parame
23RISCO
abrir
Exploit-DB
Fortinet FortiOS 6.0.4 - Unauthenticated SSL VPN User Password Modification
CVE-2018-13382CRITICALsob ataqueransomware19 nov 2020
An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and Forti
100RISCO
abrir
Exploit-DB
Gemtek WVRTM-127ACN 01.01.02.141 - Authenticated Arbitrary Command Injection
CVE-2020-2436519 nov 2020
An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127x9 01.01.02.127 devices. The Monitor Diagnostic n
28RISCO
abrir
Exploit-DB
ZeroLogon - Netlogon Elevation of Privilege
CVE-2020-1472MEDIUMsob ataqueransomware18 nov 2020
Netlogon Elevation of Privilege Vulnerability
100RISCO
abrir
Exploit-DB
BigBlueButton 2.2.25 - Arbitrary File Disclosure and Server-Side Request Forgery
CVE-2020-2582018 nov 2020
BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploade
23RISCO
abrir
Exploit-DB
Aerospike Database 5.1.0.3 - OS Command Execution
CVE-2020-1315117 nov 2020
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs)
60RISCO
abrir
Exploit-DB
Microsoft Internet Explorer 11 - Use-After-Free
CVE-2020-0674HIGHsob ataque17 nov 2020
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet
93RISCO
abrir
Exploit-DB
Apache Struts 2.5.20 - Double OGNL evaluation
CVE-2019-023017 nov 2020
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lea
60RISCO
abrir
anteriorpágina 40 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.