Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit600
SugarCRM REST Unserialize PHP Code Execution
CVE-2025-25034CRITICAL23 jun 2016
SugarCRM PHP Deserialization RCE
63RISCO
abrir
Metasploit300
NetBIOS Response "BadTunnel" Brute Force Spoof (NAT Tunnel)
CVE-2016-321314 jun 2016
The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and
40RISCO
abrir
Metasploit300
NetBIOS Response "BadTunnel" Brute Force Spoof (NAT Tunnel)
CVE-2016-323614 jun 2016
The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and
40RISCO
abrir
Metasploit600
Apache Shiro v1.2.4 Cookie RememberME Deserial RCE
CVE-2016-4437CRITICALsob ataque07 jun 2016
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attack
100RISCO
abrir
Metasploit600
Tiki-Wiki CMS Calendar Command Execution
CVE-2025-34113HIGH06 jun 2016
Tiki Wiki CMS Authenticated Command Injection in Calendar Module
36RISCO
abrir
Metasploit400
Linux Kernel 4.6.3 Netfilter Privilege Escalation
CVE-2016-499703 jun 2016
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux
38RISCO
abrir
Metasploit400
Linux Kernel 4.6.3 Netfilter Privilege Escalation
CVE-2016-499803 jun 2016
The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local
18RISCO
abrir
Metasploit600
ActiveMQ web shell upload
CVE-2016-3088CRITICALsob ataque01 jun 2016
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitr
100RISCO
abrir
Metasploit600
Apache Struts REST Plugin With Dynamic Method Invocation Remote Code Execution
CVE-2016-308701 jun 2016
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, a
60RISCO
abrir
Metasploit600
WordPress WP Mobile Detector 3.5 Shell Upload
CVE-2016-15043CRITICAL31 mai 2016
WP Mobile Detector <= 3.5 - Arbitrary File Upload
48RISCO
abrir
Metasploit600
Magento 2.0.6 Unserialize Remote Code Execution
CVE-2016-401017 mai 2016
Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary
60RISCO
abrir
Metasploit300
Internet Explorer 11 VBScript Engine Memory Corruption
CVE-2016-0189HIGHsob ataque10 mai 2016
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other
100RISCO
abrir
Metasploit600
WordPress Ninja Forms Unauthenticated File Upload
CVE-2016-120904 mai 2016
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via
50RISCO
abrir
Metasploit600
IPFire proxy.cgi RCE
CVE-2025-34116HIGH04 mai 2016
IPFire < 2.19 Core Update 101 proxy.cgi RCE
36RISCO
abrir
Metasploit400
Linux BPF doubleput UAF Privilege Escalation
CVE-2016-455704 mai 2016
The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly mai
43RISCO
abrir
Metasploit600
ImageMagick Delegate Arbitrary Command Execution
CVE-2016-3714HIGHsob ataque03 mai 2016
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.
100RISCO
abrir
Metasploit600
ImageMagick Delegate Arbitrary Command Execution
CVE-2016-797603 mai 2016
The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams
23RISCO
abrir
Metasploit600
Allwinner 3.4 Legacy Kernel Local Privilege Escalation
CVE-2016-1022530 abr 2016
The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privil
18RISCO
abrir
Metasploit600
Apache Struts Dynamic Method Invocation Remote Code Execution
CVE-2016-308127 abr 2016
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, a
60RISCO
abrir
Metasploit500
Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion
CVE-2016-4117HIGHsob ataque27 abr 2016
Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as
100RISCO
abrir
Metasploit300
HP Data Protector Encrypted Communication Remote Command Execution
CVE-2016-200418 abr 2016
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary cod
60RISCO
abrir
Metasploit600
pfSense authenticated graph status RCE
CVE-2016-1070918 abr 2016
pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_
30RISCO
abrir
Metasploit600
op5 v7.1.9 Configuration Command Execution
CVE-2025-34115HIGH08 abr 2016
OP5 Monitor <= 7.1.9 Authenticated Command Execution via command_test.php
36RISCO
abrir
Metasploit600
ExaGrid Known SSH Key and Default Password
CVE-2016-156007 abr 2016
ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and
60RISCO
abrir
Metasploit600
ExaGrid Known SSH Key and Default Password
CVE-2016-156107 abr 2016
ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, whic
60RISCO
abrir
Metasploit600
Apache CouchDB Arbitrary Command Execution
CVE-2017-1263506 abr 2016
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB be
60RISCO
abrir
Metasploit600
Apache Continuum Arbitrary Command Execution
CVE-2016-15057CRITICAL06 abr 2016
Apache Continuum: Command injection leading to RCE
43RISCO
abrir
Metasploit600
Apache CouchDB Arbitrary Command Execution
CVE-2017-1263606 abr 2016
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include pa
60RISCO
abrir
Metasploit600
Novell ServiceDesk Authenticated File Upload
CVE-2016-159330 mar 2016
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remot
50RISCO
abrir
Metasploit300
MS16-032 Secondary Logon Handle Privilege Escalation
CVE-2016-0099HIGHsob ataqueransomware21 mar 2016
The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8
98RISCO
abrir
anteriorpágina 46 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.