Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit300
Easy File Sharing HTTP Server 7.2 POST Buffer Overflow
Easy File Sharing HTTP Server 7.2 Buffer Overflow via POST to /sendemail.ghp
63RISCO
abrir ↗Metasploit600
IPFire proxy.cgi RCE
IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a
30RISCO
abrir ↗Metasploit300
Riverbed SteelHead VCX File Read
Riverbed SteelHead VCX Authenticated Arbitrary File Read via Log Filter Injection
36RISCO
abrir ↗Metasploit600
IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system a
60RISCO
abrir ↗Metasploit600
VICIdial user_authorization Unauthenticated Command Execution
VICIdial vicidial_sales_viewer.php Unauthenticated Command Injection via Basic Auth Password
63RISCO
abrir ↗Metasploit600
VMware Workstation ALSA Config File Local Privilege Escalation
VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration fil
38RISCO
abrir ↗Metasploit600
PlaySMS sendfromfile.php Authenticated "Filename" Field Code Execution
PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile
50RISCO
abrir ↗Metasploit600
PlaySMS import.php Authenticated CSV File Upload Code Execution
import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User
60RISCO
abrir ↗Metasploit600
Joomla Component Fields SQLi Remote Code Execution
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspeci
60RISCO
abrir ↗Metasploit300
LabF nfsAxe 3.7 FTP Client Stack Buffer Overflow
Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long repl
23RISCO
abrir ↗Metasploit600
HPE iMC dbman RestoreDBase Unauthenticated RCE
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
60RISCO
abrir ↗Metasploit600
HPE iMC dbman RestartDB Unauthenticated RCE
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
60RISCO
abrir ↗Metasploit600
Octopus Deploy Authenticated Code Execution
In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment
23RISCO
abrir ↗Metasploit300
Veritas/Symantec Backup Exec SSL NDMP Connection Use-After-Free
In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a u
60RISCO
abrir ↗Metasploit300
Intel AMT Digest Authentication Bypass Scanner
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Mana
100RISCO
abrir ↗Metasploit200
WordPress PHPMailer Host Header Command Injection
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra para
100RISCO
abrir ↗Metasploit600
Serviio Media Server checkStreamUrl Command Execution
Serviio Media Server Unauthenticated Command Injection via checkStreamUrl VIDEO Parameter
63RISCO
abrir ↗Metasploit600
Crypttech CryptoLog Remote Code Execution
CryptoLog Unauthenticated RCE via SQL Injection and Command Injection
63RISCO
abrir ↗Metasploit600
Ghostscript Type Confusion Arbitrary Command Execution
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion
100RISCO
abrir ↗Metasploit600
Symantec Messaging Gateway Remote Code Execution
The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an i
60RISCO
abrir ↗Metasploit600
Jenkins CLI Deserialization
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code exe
100RISCO
abrir ↗Metasploit600
October CMS Upload Protection Bypass Code Execution
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise
50RISCO
abrir ↗Metasploit600
Solaris 'EXTREMEPARR' dtappgather Privilege Escalation
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment (C
38RISCO
abrir ↗Metasploit600
WePresent WiPG-1000 Command Injection
WePresent WiPG-1000 Unauthenticated Command Injection in via rdfs.cgi
63RISCO
abrir ↗Metasploit600
Mercurial Custom hg-ssh Wrapper Remote Code Exec
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse
23RISCO
abrir ↗Metasploit300
MantisBT password reset
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value
60RISCO
abrir ↗Metasploit500
SMB DOUBLEPULSAR Remote Code Execution
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir ↗Metasploit500
SMB DOUBLEPULSAR Remote Code Execution
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir ↗Metasploit500
SMB DOUBLEPULSAR Remote Code Execution
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir ↗Metasploit500
SMB DOUBLEPULSAR Remote Code Execution
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.