Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit500
SMB DOUBLEPULSAR Remote Code Execution
CVE-2017-0148HIGHsob ataqueransomware14 abr 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir
Metasploit500
SMB DOUBLEPULSAR Remote Code Execution
CVE-2017-0144HIGHsob ataqueransomware14 abr 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir
Metasploit600
Microsoft Office Word Malicious Hta Execution
CVE-2017-0199HIGHsob ataqueransomware14 abr 2017
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Window
100RISCO
abrir
Metasploit600
Juju-run Agent Privilege Escalation
CVE-2017-923213 abr 2017
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate pe
50RISCO
abrir
Metasploit600
Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution
CVE-2016-754710 abr 2017
A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in
40RISCO
abrir
Metasploit600
Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution
CVE-2016-755210 abr 2017
On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows
40RISCO
abrir
Metasploit300
Quest Privilege Manager pmmasterd Buffer Overflow
CVE-2017-655309 abr 2017
Buffer Overflow in Quest One Identity Privilege Manager for Unix before 6.0.0.061 allows remote attackers to obtain full
50RISCO
abrir
Metasploit300
Satel Iberia SenNet Data Logger and Electricity Meters Command Injection Vulnerability
CVE-2017-604807 abr 2017
A Command Injection issue was discovered in Satel Iberia SenNet Data Logger and Electricity Meters: SenNet Optimal DataL
23RISCO
abrir
Metasploit400
MediaWiki SyntaxHighlight extension option injection vulnerability
CVE-2017-037206 abr 2017
Parameters injection in SyntaxHighlight results in multiple vulnerabilities
23RISCO
abrir
Metasploit300
TYPO3 News Module SQL Injection
CVE-2017-758106 abr 2017
SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated
30RISCO
abrir
Metasploit300
HP Jetdirect Path Traversal Arbitrary Code Execution
CVE-2017-274105 abr 2017
A potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmwa
60RISCO
abrir
Metasploit300
Dup Scout Enterprise v10.4.16 - Import Command Buffer Overflow
CVE-2017-731029 mar 2017
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9
50RISCO
abrir
Metasploit300
Sync Breeze Enterprise 9.5.16 - Import Command Buffer Overflow
CVE-2017-731029 mar 2017
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9
50RISCO
abrir
Metasploit400
AF_PACKET packet_set_ring Privilege Escalation
CVE-2017-730829 mar 2017
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate cer
43RISCO
abrir
Metasploit0
Microsoft IIS WebDav ScStoragePathFromUrl Overflow
CVE-2017-7269CRITICALsob ataque26 mar 2017
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in
100RISCO
abrir
Metasploit600
Samba is_known_pipename() Arbitrary Module Load
CVE-2017-7494CRITICALsob ataqueransomware24 mar 2017
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allo
100RISCO
abrir
Metasploit300
Razer Synapse rzpnk.sys ZwOpenProcess
CVE-2017-976922 mar 2017
A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpe
60RISCO
abrir
Metasploit600
SolarWinds LEM Default SSH Password Remote Code Execution
CVE-2017-772217 mar 2017
In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is acce
23RISCO
abrir
Metasploit300
Cisco IOS Telnet Denial of Service
CVE-2017-3881CRITICALsob ataque17 mar 2017
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software co
100RISCO
abrir
Metasploit500
Dup Scout Enterprise GET Buffer Overflow
CVE-2017-1369615 mar 2017
A buffer overflow vulnerability lies in the web server component of Dup Scout Enterprise 9.9.14, Disk Savvy Enterprise 9
40RISCO
abrir
Metasploit500
Sync Breeze Enterprise GET Buffer Overflow
CVE-2017-1498015 mar 2017
Buffer overflow in Sync Breeze Enterprise 10.0.28 allows remote attackers to have unspecified impact via a long username
23RISCO
abrir
Metasploit600
Github Enterprise Default Session Secret And Deserialization Vulnerability
CVE-2017-1836515 mar 2017
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated r
23RISCO
abrir
Metasploit500
Disk Sorter Enterprise GET Buffer Overflow
CVE-2017-723015 mar 2017
A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and earlier allows remote attackers to execute arbitrar
23RISCO
abrir
Metasploit500
VX Search Enterprise GET Buffer Overflow
CVE-2017-1370815 mar 2017
Buffer overflow in the web server service in VX Search Enterprise 10.0.14 allows remote attackers to execute arbitrary c
23RISCO
abrir
Metasploit300
MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution
CVE-2017-0146HIGHsob ataqueransomware14 mar 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir
Metasploit200
MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
CVE-2017-0145HIGHsob ataqueransomware14 mar 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir
Metasploit300
MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution
CVE-2017-0147HIGHsob ataqueransomware14 mar 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir
Metasploit300
MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution
CVE-2017-0147HIGHsob ataqueransomware14 mar 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir
Metasploit300
MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution
CVE-2017-0146HIGHsob ataqueransomware14 mar 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir
Metasploit200
MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
CVE-2017-0144HIGHsob ataqueransomware14 mar 2017
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir
anteriorpágina 42 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.