Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.163exploits catalogados
31.687CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.132VulnCheck XDB 8.069Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit300
Web-Dorado ECommerce WD for Joomla! search_category_id SQL Injection Scanner
Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allo
50RISCO
abrir ↗Metasploit600
Wordpress Work The Flow Upload Vulnerability
Work The Flow File Upload <= 2.5.2 - Arbitrary File Upload
63RISCO
abrir ↗Metasploit600
Solarwinds Firewall Security Manager 6.6.5 Client Session Handling Vulnerability
userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privile
60RISCO
abrir ↗Metasploit600
iPass Mobile Client Service Privilege Escalation
The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via
50RISCO
abrir ↗Metasploit500
Adobe Flash Player NetConnection Type Confusion
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451
60RISCO
abrir ↗Metasploit600
Microsoft Windows Shell LNK Code Execution
Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and
60RISCO
abrir ↗Metasploit600
Microsoft Windows Shell LNK Code Execution
Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and
60RISCO
abrir ↗Metasploit600
WordPress WPshop eCommerce Arbitrary File Upload Vulnerability
WPshop 2 – E-Commerce < 1.3.9.6 - Arbitrary File Upload
43RISCO
abrir ↗Metasploit300
WordPress CP Multi-View Calendar Unauthenticated SQL Injection Scanner
SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to exe
50RISCO
abrir ↗Metasploit600
PHPMoAdmin 1.1.2 Remote Code Execution
The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via she
50RISCO
abrir ↗Metasploit300
Seagate Business NAS Unauthenticated Remote Command Execution
CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof
60RISCO
abrir ↗Metasploit300
Seagate Business NAS Unauthenticated Remote Command Execution
CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-
50RISCO
abrir ↗Metasploit300
Seagate Business NAS Unauthenticated Remote Command Execution
Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root
50RISCO
abrir ↗Metasploit300
D-Link/TRENDnet NCC Service Command Injection
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr
100RISCO
abrir ↗Metasploit300
WordPress WP EasyCart Plugin Privilege Escalation
The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyC
23RISCO
abrir ↗Metasploit300
Solarwinds Orion AccountManagement.asmx GetAccounts Admin Creation
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwin
50RISCO
abrir ↗Metasploit300
WordPress Contus Video Gallery Unauthenticated SQL Injection Scanner
SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery (contus-video-gallery) plugin b
50RISCO
abrir ↗Metasploit500
D-Link DCS-931L File Upload
Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated use
50RISCO
abrir ↗Metasploit300
D-Link Devices HNAP SOAPAction-Header Command Execution
The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute ar
100RISCO
abrir ↗Metasploit600
ElasticSearch Search Groovy Sandbox Bypass
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the s
100RISCO
abrir ↗Metasploit600
WordPress Holding Pattern Theme Arbitrary File Upload
Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme (aka holding_pattern) 0.6 a
50RISCO
abrir ↗Metasploit400
SixApart MovableType Storable Perl Code Execution
Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use
60RISCO
abrir ↗Metasploit600
Maarch LetterBox Unrestricted File Upload
Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earl
50RISCO
abrir ↗Metasploit300
WordPress WPLMS Theme Privilege Escalation
WPLMS Learning Management System for WordPress, WordPress LMS <= 1.8.4.1 - Privilege Escalation
36RISCO
abrir ↗Metasploit600
Ektron 8.5, 8.7, 9.0 XSLT Transform Remote Code Execution
The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before
23RISCO
abrir ↗Metasploit500
Adobe Flash Player ByteArray With Workers Use After Free
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows
100RISCO
abrir ↗Metasploit300
MS15-018 Microsoft Internet Explorer 10 and 11 Cross-Domain JavaScript Injection
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass t
60RISCO
abrir ↗Metasploit300
X360 VideoPlayer ActiveX Control Buffer Overflow
X360 VideoPlayer ActiveX Control Buffer Overflow via ConvertFile()
36RISCO
abrir ↗Metasploit300
ManageEngine Multiple Products Arbitrary File Download
The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, O
60RISCO
abrir ↗Metasploit300
ManageEngine Multiple Products Arbitrary Directory Listing
The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, O
60RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.