Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit600
BMC Server Automation RSCD Agent NSH Remote Command Execution
The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux a
60RISCO
abrir ↗Metasploit600
BMC Server Automation RSCD Agent NSH Remote Command Execution
The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and U
60RISCO
abrir ↗Metasploit600
Kaltura Remote PHP Code Execution
Kaltura < 11.1.0-2 PHP Object Injection RCE
63RISCO
abrir ↗Metasploit600
Exim "perl_startup" Privilege Escalation
Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
38RISCO
abrir ↗Metasploit600
Nagios XI Chained Remote Code Execution
Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an
43RISCO
abrir ↗Metasploit0
Apache Jetspeed Arbitrary File Upload
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attacker
50RISCO
abrir ↗Metasploit0
Apache Jetspeed Arbitrary File Upload
Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3
60RISCO
abrir ↗Metasploit600
Nagios XI Chained Remote Code Execution
Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execut
50RISCO
abrir ↗Metasploit600
Nagios XI Chained Remote Code Execution
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker
50RISCO
abrir ↗Metasploit600
Nagios XI Chained Remote Code Execution
A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RC
50RISCO
abrir ↗Metasploit600
Ruby on Rails ActionPack Inline ERB Code Execution
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to e
60RISCO
abrir ↗Metasploit600
ATutor 2.2.1 Directory Traversal / Remote Code Execution
SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbi
60RISCO
abrir ↗Metasploit600
ATutor 2.2.1 Directory Traversal / Remote Code Execution
ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course
30RISCO
abrir ↗Metasploit600
ATutor 2.2.1 SQL Injection / Remote Code Execution
SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbi
60RISCO
abrir ↗Metasploit600
Netgear Devices Unauthenticated Remote Command Execution
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear
100RISCO
abrir ↗Metasploit600
Jenkins XStream Groovy classpath Deserialization Vulnerability
Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to ex
60RISCO
abrir ↗Metasploit600
Primefaces Remote Code Execution Exploit
Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution
100RISCO
abrir ↗Metasploit600
Xymon useradm Command Execution
xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via
50RISCO
abrir ↗Metasploit600
Ubiquiti airOS Arbitrary File Upload
Ubiquiti airOS HTTP(S) unauthenticated arbitrary file upload
85RISCO
abrir ↗Metasploit600
MS16-016 mrxdav.sys WebDav Local Privilege Escalation
The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Window
43RISCO
abrir ↗Metasploit600
Advantech WebAccess Dashboard Viewer uploadImageCommon Arbitrary File Upload
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess
60RISCO
abrir ↗Metasploit500
D-Link DSL-2750B OS Command Injection
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as
100RISCO
abrir ↗Metasploit600
NETGEAR ProSafe Network Management System 300 Arbitrary File Upload
NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability
41RISCO
abrir ↗Metasploit600
NETGEAR ProSafe Network Management System 300 Arbitrary File Upload
Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allow
60RISCO
abrir ↗Metasploit600
NETGEAR ProSafe Network Management System 300 Arbitrary File Upload
NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability
65RISCO
abrir ↗Metasploit300
NETGEAR ProSafe Network Management System 300 Authenticated File Download
Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote
60RISCO
abrir ↗Metasploit600
lastore-daemon D-Bus Privilege Escalation
Deepin lastore-daemon Privilege Escalation via Unsigned .deb Installation
36RISCO
abrir ↗Metasploit600
Oracle ATS Arbitrary File Upload
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12
60RISCO
abrir ↗Metasploit600
Oracle ATS Arbitrary File Upload
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12
60RISCO
abrir ↗Metasploit500
Windows Net-NTLMv2 Reflection DCOM/RPC (Juicy)
The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1,
50RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.