Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit600
Oracle Weblogic Server Deserialization RCE - Raw Object
CVE-2015-4852CRITICALsob ataque28 jan 2015
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers
100RISCO
abrir
Metasploit500
Exim GHOST (glibc gethostbyname) Buffer Overflow
CVE-2015-023527 jan 2015
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18,
60RISCO
abrir
Metasploit600
IPass Control Pipe Remote Command Execution
CVE-2015-092521 jan 2015
The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via
50RISCO
abrir
Metasploit600
WordPress Platform Theme File Upload Vulnerability
CVE-2015-10143CRITICAL21 jan 2015
Platform < 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Options Update
43RISCO
abrir
Metasploit300
Java Secure Socket Extension (JSSE) SKIP-TLS MITM Proxy
CVE-2014-659320 jan 2015
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.
50RISCO
abrir
Metasploit600
WordPress Pixabay Images PHP Code Upload
CVE-2015-137619 jan 2015
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remot
50RISCO
abrir
Metasploit400
MS15-004 Microsoft Remote Desktop Services Web Proxy IE Sandbox Escape
CVE-2015-0016HIGHsob ataque13 jan 2015
Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7
100RISCO
abrir
Metasploit600
WordPress WP EasyCart Unrestricted File Upload
CVE-2014-930808 jan 2015
Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka Wor
50RISCO
abrir
Metasploit300
McAfee ePolicy Orchestrator Authenticated XXE Credentials Exposure
CVE-2015-092106 jan 2015
XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x
23RISCO
abrir
Metasploit300
McAfee ePolicy Orchestrator Authenticated XXE Credentials Exposure
CVE-2015-092206 jan 2015
McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers'
23RISCO
abrir
Metasploit600
ASUS infosvr Auth Bypass Command Execution
CVE-2014-958304 jan 2015
common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC
60RISCO
abrir
Metasploit300
ManageEngine Desktop Central Administrator Account Creation
CVE-2014-786231 dez 2014
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote at
60RISCO
abrir
Metasploit300
Achat Unicode SEH Buffer Overflow
CVE-2025-34127CRITICAL18 dez 2014
Achat v0.150 SEH Buffer Overflow via UDP
63RISCO
abrir
Metasploit600
Malicious Git and Mercurial HTTP Server For CVE-2014-9390
CVE-2014-939018 dez 2014
Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS
30RISCO
abrir
Metasploit300
Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Scanner
CVE-2014-922217 dez 2014
AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows re
30RISCO
abrir
Metasploit300
Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Authentication Bypass
CVE-2014-922217 dez 2014
AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows re
30RISCO
abrir
Metasploit400
Malwarebytes Anti-Malware and Anti-Exploit Update Remote Code Execution
CVE-2014-493616 dez 2014
The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE)
43RISCO
abrir
Metasploit600
Symantec Web Gateway 5 restore.php Post Authentication Command Injection
CVE-2014-728516 dez 2014
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to exe
50RISCO
abrir
Metasploit600
ManageEngine Multiple Products Authenticated File Upload
CVE-2014-530115 dez 2014
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 t
60RISCO
abrir
Metasploit600
WordPress WP Symposium 14.11 Shell Upload
CVE-2014-1002111 dez 2014
Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote
50RISCO
abrir
Metasploit300
BMC TrackIt! Unauthenticated Arbitrary User Password Change
CVE-2014-827009 dez 2014
BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose na
23RISCO
abrir
Metasploit600
Lexmark MarkVision Enterprise Arbitrary File Upload
CVE-2014-874109 dez 2014
Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allo
60RISCO
abrir
Metasploit600
ProjectSend Arbitrary File Upload
CVE-2014-956702 dez 2014
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows rem
50RISCO
abrir
Metasploit300
ManageEngine NetFlow Analyzer Arbitrary File Download
CVE-2014-544530 nov 2014
Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 a
60RISCO
abrir
Metasploit600
Tuleap PHP Unserialize Code Execution
CVE-2014-879127 nov 2014
project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated
43RISCO
abrir
Metasploit600
WordPress RevSlider File Upload and Execute Vulnerability
CVE-2014-973526 nov 2014
The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier
60RISCO
abrir
Metasploit300
Adobe Flash Player PCRE Regex Vulnerability
CVE-2015-031825 nov 2014
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442
60RISCO
abrir
Metasploit300
Arris VAP2500 tools_command.php Command Execution
CVE-2014-842425 nov 2014
ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authenticatio
50RISCO
abrir
Metasploit300
Arris VAP2500 tools_command.php Command Execution
CVE-2014-842325 nov 2014
Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute ar
50RISCO
abrir
Metasploit300
WordPress Long Password DoS
CVE-2014-901620 nov 2014
The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x
60RISCO
abrir
anteriorpágina 53 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.