Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
22.469 exploits
Exploit-DB
Mida eFramework 2.8.9 - Remote Code Execution
CVE-2020-1592228 set 2020
There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE)
35RISCO
abrir
Exploit-DB
Joplin 1.0.245 - Arbitrary Code Execution (PoC)
CVE-2020-1593028 set 2020
An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed tag.
23RISCO
abrir
Exploit-DB
MSI Ambient Link Driver 1.0.0.8 - Local Privilege Escalation
CVE-2020-1738228 set 2020
The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040, 0x80102044, 0x80102050,and 0x80102054).
23RISCO
abrir
Exploit-DB
Comodo Unified Threat Management Web Console 2.7.0 - Remote Code Execution
CVE-2018-1743122 set 2020
Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication
60RISCO
abrir
Exploit-DB
BlackCat CMS 1.3.6 - Cross-Site Request Forgery
CVE-2020-2545321 set 2020
An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote
23RISCO
abrir
Exploit-DB
Mida eFramework 2.9.0 - Back Door Access
CVE-2020-1592121 set 2020
Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restric
28RISCO
abrir
Exploit-DB
SpamTitan 7.07 - Remote Code Execution (Authenticated)
CVE-2020-1180418 set 2020
An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page ma
23RISCO
abrir
Exploit-DB
SpamTitan 7.07 - Remote Code Execution (Authenticated)
CVE-2020-1169918 set 2020
An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the page certs-x.php woul
23RISCO
abrir
Exploit-DB
SpamTitan 7.07 - Remote Code Execution (Authenticated)
CVE-2020-1180318 set 2020
An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter jaction when interacting with th
23RISCO
abrir
Exploit-DB
Mantis Bug Tracker 2.3.0 - Remote Code Execution (Unauthenticated)
CVE-2017-761518 set 2020
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value
60RISCO
abrir
Exploit-DB
Mantis Bug Tracker 2.3.0 - Remote Code Execution (Unauthenticated)
CVE-2019-1571518 set 2020
MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.
35RISCO
abrir
Exploit-DB
SpamTitan 7.07 - Remote Code Execution (Authenticated)
CVE-2020-1170018 set 2020
An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter fname, used on the page certs-x.
23RISCO
abrir
Exploit-DB
Microsoft SQL Server Reporting Services 2016 - Remote Code Execution
CVE-2020-0618CRITICALsob ataque17 set 2020
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page
100RISCO
abrir
Exploit-DB
Piwigo 2.10.1 - Cross Site Scripting
CVE-2020-946716 set 2020
Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.
28RISCO
abrir
Exploit-DB
ThinkAdmin 6 - Arbitrarily File Read
CVE-2020-2554015 set 2020
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on
60RISCO
abrir
Exploit-DB
ZTE Router F602W - Captcha Bypass
CVE-2020-686210 set 2020
V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could lo
23RISCO
abrir
Exploit-DB
CuteNews 2.1.2 - Remote Code Execution
CVE-2019-1144710 set 2020
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload proce
35RISCO
abrir
Exploit-DB
ManageEngine Applications Manager 14700 - Remote Code Execution (Authenticated)
CVE-2020-1400807 set 2020
Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in
35RISCO
abrir
Exploit-DB
Rukovoditel 2.7.1 - Remote Code Execution (2) (Authenticated)
CVE-2020-1181902 set 2020
In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve
28RISCO
abrir
Exploit-DB
Mida eFramework 2.9.0 - Remote Code Execution
CVE-2020-1592027 ago 2020
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Executi
60RISCO
abrir
Exploit-DB
Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass
CVE-2019-17240LOW17 ago 2020
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many
40RISCO
abrir
Exploit-DB
Microsoft SharePoint Server 2019 - Remote Code Execution
CVE-2020-1147HIGHsob ataque17 ago 2020
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the softwar
100RISCO
abrir
Exploit-DB
Artica Proxy 4.3.0 - Authentication Bypass
CVE-2020-1750613 ago 2020
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator p
60RISCO
abrir
Exploit-DB
ACTi NVR3 Standard or Professional Server 3.0.12.42 - Denial of Service (PoC)
CVE-2020-1595605 ago 2020
ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows remote unauthenticated attackers to trigger a buffer
28RISCO
abrir
Exploit-DB
Pi-hole 4.3.2 - Remote Code Execution (Authenticated)
CVE-2020-8816CRITICALsob ataque04 ago 2020
Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static l
100RISCO
abrir
Exploit-DB
Wordpress Plugin Maintenance Mode by SeedProd 5.1.1 - Persistent Cross-Site Scripting
CVE-2020-1503829 jul 2020
The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS.
23RISCO
abrir
Exploit-DB
Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File Deletion
CVE-2020-3187CRITICAL29 jul 2020
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability
85RISCO
abrir
Exploit-DB
Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion
CVE-2020-3452HIGHsob ataque28 jul 2020
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability
100RISCO
abrir
Exploit-DB
WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download
CVE-2019-19985MEDIUM26 jul 2020
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file downloa
70RISCO
abrir
Exploit-DB
INNEO Startup TOOLS 2018 M040 13.0.70.3804 - Remote Code Execution
CVE-2020-1549226 jul 2020
An issue was discovered in INNEO Startup TOOLS 2017 M021 12.0.66.3784 through 2018 M040 13.0.70.3804. The sut_srv.exe we
28RISCO
abrir
anteriorpágina 42 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.