Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit300
Windows Net-NTLMv2 Reflection DCOM/RPC
CVE-2016-322516 jan 2016
The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1,
50RISCO
abrir
Metasploit300
Fortinet SSH Backdoor Scanner
CVE-2016-190909 jan 2016
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0
60RISCO
abrir
Metasploit300
Juniper SSH Backdoor Scanner
CVE-2015-7755CRITICALsob ataque20 dez 2015
Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r
100RISCO
abrir
Metasploit600
D-Link DCS-930L Authenticated Remote Command Execution
CVE-2016-11021HIGHsob ataque20 dez 2015
setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in th
98RISCO
abrir
Metasploit600
TP-Link SC2020n Authenticated Telnet Injection
CVE-2013-257820 dez 2015
cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models be
60RISCO
abrir
Metasploit600
blueman set_dhcp_handler D-Bus Privilege Escalation
CVE-2015-861218 dez 2015
The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users
38RISCO
abrir
Metasploit300
Symantec Messaging Gateway 10 Exposure of Stored AD Password Vulnerability
CVE-2016-220317 dez 2015
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discove
38RISCO
abrir
Metasploit300
IBM Tivoli Storage Manager FastBack Server Opcode 0x534 Denial of Service
CVE-2015-193015 dez 2015
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attacke
18RISCO
abrir
Metasploit600
Joomla HTTP Header Unauthenticated Remote Code Execution
CVE-2015-856214 dez 2015
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbi
60RISCO
abrir
Metasploit600
ManageEngine Desktop Central 9 FileUploadServlet ConnectionId Vulnerability
CVE-2015-824914 dez 2015
The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and e
60RISCO
abrir
Metasploit300
MS15-134 Microsoft Windows Media Center MCL Information Disclosure
CVE-2015-612708 dez 2015
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows remote attackers t
50RISCO
abrir
Metasploit300
Office OLE Multiple DLL Side Loading Vulnerabilities
CVE-2015-612808 dez 2015
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle library loading, which allo
60RISCO
abrir
Metasploit300
Office OLE Multiple DLL Side Loading Vulnerabilities
CVE-2015-613308 dez 2015
Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511
50RISCO
abrir
Metasploit300
Office OLE Multiple DLL Side Loading Vulnerabilities
CVE-2016-3235HIGHsob ataque08 dez 2015
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 misha
98RISCO
abrir
Metasploit300
Office OLE Multiple DLL Side Loading Vulnerabilities
CVE-2016-010008 dez 2015
Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle library loading, which allows local users to gain privileges v
50RISCO
abrir
Metasploit300
Office OLE Multiple DLL Side Loading Vulnerabilities
CVE-2016-004108 dez 2015
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold an
60RISCO
abrir
Metasploit300
Office OLE Multiple DLL Side Loading Vulnerabilities
CVE-2015-613208 dez 2015
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2
60RISCO
abrir
Metasploit300
Windows WMI Receive Notification Exploit
CVE-2016-0040HIGHsob ataque04 dez 2015
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to g
91RISCO
abrir
Metasploit300
Easy File Sharing HTTP Server 7.2 SEH Overflow
CVE-2018-905902 dez 2015
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows remote attackers to execute arbitrary code
60RISCO
abrir
Metasploit600
Advantech Switch Bash Environment Variable Code Injection (Shellshock)
CVE-2014-6271CRITICALsob ataque01 dez 2015
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir
Metasploit600
Cambium ePMP1000 'ping' Shell via Command Injection (up to v2.5)
CVE-2017-525528 nov 2015
In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web
60RISCO
abrir
Metasploit600
ABRT sosreport Privilege Escalation
CVE-2015-528723 nov 2015
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain perm
38RISCO
abrir
Metasploit600
Jenkins CLI RMI Java Deserialization Vulnerability
CVE-2015-810318 nov 2015
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary co
60RISCO
abrir
Metasploit300
OpenNMS Java Object Unserialization Remote Code Execution
CVE-2015-810306 nov 2015
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary co
60RISCO
abrir
Metasploit600
IBM WebSphere RCE Java Deserialization Vulnerability
CVE-2015-7450CRITICALsob ataque06 nov 2015
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and
100RISCO
abrir
Metasploit600
vBulletin 5.1.2 Unserialize Code Execution
CVE-2015-780804 nov 2015
The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PH
60RISCO
abrir
Metasploit600
Atlassian HipChat for Jira Plugin Velocity Template Injection
CVE-2015-560328 out 2015
The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java
50RISCO
abrir
Metasploit600
Joomla Content History SQLi Remote Code Execution
CVE-2015-785823 out 2015
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via un
60RISCO
abrir
Metasploit600
Joomla Content History SQLi Remote Code Execution
CVE-2015-729723 out 2015
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via un
60RISCO
abrir
Metasploit600
Joomla Content History SQLi Remote Code Execution
CVE-2015-785723 out 2015
SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.p
60RISCO
abrir
anteriorpágina 48 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.