Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit300
Easy File Sharing HTTP Server 7.2 POST Buffer Overflow
CVE-2025-34096CRITICAL12 jun 2017
Easy File Sharing HTTP Server 7.2 Buffer Overflow via POST to /sendemail.ghp
63RISCO
abrir
Metasploit600
IPFire proxy.cgi RCE
CVE-2017-975709 jun 2017
IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a
30RISCO
abrir
Metasploit300
Riverbed SteelHead VCX File Read
CVE-2025-34098HIGH01 jun 2017
Riverbed SteelHead VCX Authenticated Arbitrary File Read via Log Filter Injection
36RISCO
abrir
Metasploit600
IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution
CVE-2017-109230 mai 2017
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system a
60RISCO
abrir
Metasploit600
VICIdial user_authorization Unauthenticated Command Execution
CVE-2025-34099CRITICAL26 mai 2017
VICIdial vicidial_sales_viewer.php Unauthenticated Command Injection via Basic Auth Password
63RISCO
abrir
Metasploit600
VMware Workstation ALSA Config File Local Privilege Escalation
CVE-2017-491522 mai 2017
VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration fil
38RISCO
abrir
Metasploit600
PlaySMS sendfromfile.php Authenticated "Filename" Field Code Execution
CVE-2017-908021 mai 2017
PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile
50RISCO
abrir
Metasploit600
PlaySMS import.php Authenticated CSV File Upload Code Execution
CVE-2017-910121 mai 2017
import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User
60RISCO
abrir
Metasploit600
Joomla Component Fields SQLi Remote Code Execution
CVE-2017-891717 mai 2017
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspeci
60RISCO
abrir
Metasploit300
LabF nfsAxe 3.7 FTP Client Stack Buffer Overflow
CVE-2017-1804715 mai 2017
Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long repl
23RISCO
abrir
Metasploit600
HPE iMC dbman RestoreDBase Unauthenticated RCE
CVE-2017-581715 mai 2017
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
60RISCO
abrir
Metasploit600
HPE iMC dbman RestartDB Unauthenticated RCE
CVE-2017-581615 mai 2017
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
60RISCO
abrir
Metasploit600
Octopus Deploy Authenticated Code Execution
CVE-2018-1885015 mai 2017
In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment
23RISCO
abrir
Metasploit300
Veritas/Symantec Backup Exec SSL NDMP Connection Use-After-Free
CVE-2017-889510 mai 2017
In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a u
60RISCO
abrir
Metasploit300
Intel AMT Digest Authentication Bypass Scanner
CVE-2017-5689CRITICALsob ataque05 mai 2017
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Mana
100RISCO
abrir
Metasploit200
WordPress PHPMailer Host Header Command Injection
CVE-2016-10033CRITICALsob ataque03 mai 2017
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra para
100RISCO
abrir
Metasploit600
Serviio Media Server checkStreamUrl Command Execution
CVE-2025-34101CRITICAL03 mai 2017
Serviio Media Server Unauthenticated Command Injection via checkStreamUrl VIDEO Parameter
63RISCO
abrir
Metasploit600
Crypttech CryptoLog Remote Code Execution
CVE-2025-34102CRITICAL03 mai 2017
CryptoLog Unauthenticated RCE via SQL Injection and Command Injection
63RISCO
abrir
Metasploit600
Ghostscript Type Confusion Arbitrary Command Execution
CVE-2017-8291HIGHsob ataque27 abr 2017
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion
100RISCO
abrir
Metasploit600
Symantec Messaging Gateway Remote Code Execution
CVE-2017-632626 abr 2017
The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an i
60RISCO
abrir
Metasploit600
Jenkins CLI Deserialization
CVE-2017-1000353CRITICALsob ataque26 abr 2017
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code exe
100RISCO
abrir
Metasploit600
October CMS Upload Protection Bypass Code Execution
CVE-2017-100011925 abr 2017
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise
50RISCO
abrir
Metasploit600
Solaris 'EXTREMEPARR' dtappgather Privilege Escalation
CVE-2017-362224 abr 2017
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment (C
38RISCO
abrir
Metasploit600
WePresent WiPG-1000 Command Injection
CVE-2025-34103CRITICAL20 abr 2017
WePresent WiPG-1000 Unauthenticated Command Injection in via rdfs.cgi
63RISCO
abrir
Metasploit600
Mercurial Custom hg-ssh Wrapper Remote Code Exec
CVE-2017-946218 abr 2017
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse
23RISCO
abrir
Metasploit300
MantisBT password reset
CVE-2017-761516 abr 2017
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value
60RISCO
abrir
Metasploit500
SMB DOUBLEPULSAR Remote Code Execution
CVE-2017-0146HIGHsob ataqueransomware14 abr 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir
Metasploit500
SMB DOUBLEPULSAR Remote Code Execution
CVE-2017-0147HIGHsob ataqueransomware14 abr 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir
Metasploit500
SMB DOUBLEPULSAR Remote Code Execution
CVE-2017-0143HIGHsob ataqueransomware14 abr 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir
Metasploit500
SMB DOUBLEPULSAR Remote Code Execution
CVE-2017-0145HIGHsob ataqueransomware14 abr 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir
anteriorpágina 41 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.