Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit300
IBM Notes encodeURI DOS
CVE-2017-112931 ago 2017
IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it coul
50RISCO
abrir
Metasploit300
IBM Notes Denial Of Service
CVE-2017-113031 ago 2017
IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it woul
43RISCO
abrir
Metasploit600
Disk Pulse Enterprise GET Buffer Overflow
CVE-2017-1369625 ago 2017
A buffer overflow vulnerability lies in the web server component of Dup Scout Enterprise 9.9.14, Disk Savvy Enterprise 9
40RISCO
abrir
Metasploit300
HP iLO 4 1.00-2.50 Authentication Bypass Administrator Account Creation
CVE-2017-1254224 ago 2017
A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53
60RISCO
abrir
Metasploit400
Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation
CVE-2017-100011210 ago 2017
Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE
43RISCO
abrir
Metasploit600
Malicious Git HTTP Server For CVE-2017-1000117
CVE-2017-100011710 ago 2017
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL ca
60RISCO
abrir
Metasploit600
DIR-850L (Un)authenticated OS Command Exec
CVE-2019-1750809 ago 2017
On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SER
23RISCO
abrir
Metasploit600
Unitrends UEB http api remote code execution
CVE-2017-1247808 ago 2017
It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of
60RISCO
abrir
Metasploit600
Unitrends UEB http api remote code execution
CVE-2018-632808 ago 2017
It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, w
50RISCO
abrir
Metasploit600
Unitrends UEB bpserverd authentication bypass RCE
CVE-2017-1247708 ago 2017
It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xin
50RISCO
abrir
Metasploit600
QNAP Transcode Server Command Execution
CVE-2017-1306706 ago 2017
QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.
23RISCO
abrir
Metasploit0
Android Janus APK Signature bypass
CVE-2017-1315631 jul 2017
An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0,
43RISCO
abrir
Metasploit600
Western Digital MyCloud multi_uploadify File Upload Vulnerability
CVE-2017-1756029 jul 2017
An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquer
60RISCO
abrir
Metasploit600
Nitro Pro PDF Reader 11.0.3.173 Javascript API Remote Code Execution
CVE-2017-744224 jul 2017
Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory tra
50RISCO
abrir
Metasploit600
DotNetNuke Cookie Deserialization Remote Code Excecution
CVE-2018-1581220 jul 2017
DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expect
50RISCO
abrir
Metasploit600
DotNetNuke Cookie Deserialization Remote Code Excecution
CVE-2018-1832620 jul 2017
DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expect
50RISCO
abrir
Metasploit600
DotNetNuke Cookie Deserialization Remote Code Excecution
CVE-2017-9822HIGHsob ataqueransomware20 jul 2017
DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code e
100RISCO
abrir
Metasploit600
DotNetNuke Cookie Deserialization Remote Code Excecution
CVE-2018-15811HIGHsob ataque20 jul 2017
DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.
100RISCO
abrir
Metasploit600
DotNetNuke Cookie Deserialization Remote Code Excecution
CVE-2018-18325HIGHsob ataque20 jul 2017
DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue ex
100RISCO
abrir
Metasploit600
Supervisor XML-RPC Authenticated Remote Code Execution
CVE-2017-1161019 jul 2017
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows rem
60RISCO
abrir
Metasploit400
OrientDB 2.2.x Remote Code Execution
CVE-2017-1146713 jul 2017
OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which a
60RISCO
abrir
Metasploit600
Evince CBT File Command Injection
CVE-2017-100008313 jul 2017
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to e
50RISCO
abrir
Metasploit600
Apache Struts 2 Struts 1 Plugin Showcase OGNL Code Execution
CVE-2017-9791CRITICALsob ataque07 jul 2017
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passe
100RISCO
abrir
Metasploit400
Solaris RSH Stack Clash Privilege Escalation
CVE-2017-363119 jun 2017
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported versio
38RISCO
abrir
Metasploit400
Solaris RSH Stack Clash Privilege Escalation
CVE-2017-100036419 jun 2017
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficie
38RISCO
abrir
Metasploit400
Solaris RSH Stack Clash Privilege Escalation
CVE-2017-363019 jun 2017
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions t
38RISCO
abrir
Metasploit400
Solaris RSH Stack Clash Privilege Escalation
CVE-2017-362919 jun 2017
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions t
38RISCO
abrir
Metasploit500
LNK Code Execution Vulnerability
CVE-2017-8464HIGHsob ataque13 jun 2017
Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 201
100RISCO
abrir
Metasploit500
LNK Code Execution Vulnerability
CVE-2017-8464HIGHsob ataque13 jun 2017
Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 201
100RISCO
abrir
Metasploit200
Microsoft Windows RRAS Service MIBEntryGet Overflow
CVE-2017-846113 jun 2017
Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute c
23RISCO
abrir
anteriorpágina 40 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.