Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit600
BMC Server Automation RSCD Agent NSH Remote Command Execution
CVE-2016-154316 mar 2016
The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux a
60RISCO
abrir
Metasploit600
BMC Server Automation RSCD Agent NSH Remote Command Execution
CVE-2016-154216 mar 2016
The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and U
60RISCO
abrir
Metasploit600
Kaltura Remote PHP Code Execution
CVE-2016-15044CRITICAL15 mar 2016
Kaltura < 11.1.0-2 PHP Object Injection RCE
63RISCO
abrir
Metasploit600
Exim "perl_startup" Privilege Escalation
CVE-2016-153110 mar 2016
Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
38RISCO
abrir
Metasploit600
Nagios XI Chained Remote Code Execution
CVE-2018-873306 mar 2016
Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an
43RISCO
abrir
Metasploit0
Apache Jetspeed Arbitrary File Upload
CVE-2016-071006 mar 2016
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attacker
50RISCO
abrir
Metasploit0
Apache Jetspeed Arbitrary File Upload
CVE-2016-070906 mar 2016
Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3
60RISCO
abrir
Metasploit600
Nagios XI Chained Remote Code Execution
CVE-2018-873506 mar 2016
Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execut
50RISCO
abrir
Metasploit600
Nagios XI Chained Remote Code Execution
CVE-2018-873406 mar 2016
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker
50RISCO
abrir
Metasploit600
Nagios XI Chained Remote Code Execution
CVE-2018-873606 mar 2016
A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RC
50RISCO
abrir
Metasploit600
Ruby on Rails ActionPack Inline ERB Code Execution
CVE-2016-209801 mar 2016
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to e
60RISCO
abrir
Metasploit600
ATutor 2.2.1 Directory Traversal / Remote Code Execution
CVE-2016-255501 mar 2016
SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbi
60RISCO
abrir
Metasploit600
ATutor 2.2.1 Directory Traversal / Remote Code Execution
CVE-2017-100000201 mar 2016
ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course
30RISCO
abrir
Metasploit600
ATutor 2.2.1 SQL Injection / Remote Code Execution
CVE-2016-255501 mar 2016
SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbi
60RISCO
abrir
Metasploit600
Netgear Devices Unauthenticated Remote Command Execution
CVE-2016-1555CRITICALsob ataque25 fev 2016
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear
100RISCO
abrir
Metasploit600
Jenkins XStream Groovy classpath Deserialization Vulnerability
CVE-2016-079224 fev 2016
Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to ex
60RISCO
abrir
Metasploit600
Primefaces Remote Code Execution Exploit
CVE-2017-1000486CRITICALsob ataque15 fev 2016
Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution
100RISCO
abrir
Metasploit600
Xymon useradm Command Execution
CVE-2016-205614 fev 2016
xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via
50RISCO
abrir
Metasploit600
Ubiquiti airOS Arbitrary File Upload
CVE-2015-9266CRITICAL13 fev 2016
Ubiquiti airOS HTTP(S) unauthenticated arbitrary file upload
85RISCO
abrir
Metasploit600
MS16-016 mrxdav.sys WebDav Local Privilege Escalation
CVE-2016-005109 fev 2016
The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Window
43RISCO
abrir
Metasploit600
Advantech WebAccess Dashboard Viewer uploadImageCommon Arbitrary File Upload
CVE-2016-085405 fev 2016
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess
60RISCO
abrir
Metasploit500
D-Link DSL-2750B OS Command Injection
CVE-2016-20017CRITICALsob ataque05 fev 2016
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as
100RISCO
abrir
Metasploit600
NETGEAR ProSafe Network Management System 300 Arbitrary File Upload
CVE-2023-38098HIGH04 fev 2016
NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability
41RISCO
abrir
Metasploit600
NETGEAR ProSafe Network Management System 300 Arbitrary File Upload
CVE-2016-152504 fev 2016
Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allow
60RISCO
abrir
Metasploit600
NETGEAR ProSafe Network Management System 300 Arbitrary File Upload
CVE-2023-38096CRITICAL04 fev 2016
NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability
65RISCO
abrir
Metasploit300
NETGEAR ProSafe Network Management System 300 Authenticated File Download
CVE-2016-152404 fev 2016
Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote
60RISCO
abrir
Metasploit600
lastore-daemon D-Bus Privilege Escalation
CVE-2016-15045HIGH02 fev 2016
Deepin lastore-daemon Privilege Escalation via Unsigned .deb Installation
36RISCO
abrir
Metasploit600
Oracle ATS Arbitrary File Upload
CVE-2016-049220 jan 2016
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12
60RISCO
abrir
Metasploit600
Oracle ATS Arbitrary File Upload
CVE-2016-049120 jan 2016
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12
60RISCO
abrir
Metasploit500
Windows Net-NTLMv2 Reflection DCOM/RPC (Juicy)
CVE-2016-322516 jan 2016
The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1,
50RISCO
abrir
anteriorpágina 47 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.