Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit600
HP Data Protector Backup Client Service Remote Code Execution
The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary
50RISCO
abrir ↗Metasploit500
SerComm Device Remote Code Execution
The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x
60RISCO
abrir ↗Metasploit300
SerComm Network Device Backdoor Detection
The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x
60RISCO
abrir ↗Metasploit300
IBM Lotus Sametime Version Enumeration
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspeci
23RISCO
abrir ↗Metasploit300
IBM Lotus Notes Sametime Room Name Bruteforce
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine whic
18RISCO
abrir ↗Metasploit300
IBM Lotus Notes Sametime User Enumeration
Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remot
23RISCO
abrir ↗Metasploit300
RealNetworks RealPlayer Version Attribute Buffer Overflow
Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before
50RISCO
abrir ↗Metasploit300
Adobe Flash Player Type Confusion Remote Code Execution
Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2
60RISCO
abrir ↗Metasploit300
IcoFX Stack Buffer Overflow
Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCoun
50RISCO
abrir ↗Metasploit500
MS13-097 Registry Symlink IE Sandbox Escape
Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and conseque
43RISCO
abrir ↗Metasploit600
ElasticSearch Dynamic Script Arbitrary Java Execution
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execut
100RISCO
abrir ↗Metasploit600
Zimbra Collaboration Server LFI
Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zim
60RISCO
abrir ↗Metasploit300
IBM Forms Viewer Unicode Buffer Overflow
Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to exe
50RISCO
abrir ↗Metasploit300
Ruby on Rails Action View MIME Memory Exhaustion
actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allo
23RISCO
abrir ↗Metasploit200
Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, W
43RISCO
abrir ↗Metasploit600
WordPress OptimizePress Theme File Upload Vulnerability
Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb.php, and (3) media-
23RISCO
abrir ↗Metasploit200
MS14-002 Microsoft Windows ndproxy.sys Local Privilege Escalation
NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges
98RISCO
abrir ↗Metasploit300
Total Video Player 1.3.1 (Settings.ini) - SEH Buffer Overflow
Stack-based buffer overflow in EffectMatrix Total Video Player 1.31 allows user-assisted attackers to execute arbitrary
43RISCO
abrir ↗Metasploit300
Ruby on Rails JSON Processor Floating Point Heap Overflow DoS
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and tru
30RISCO
abrir ↗Metasploit600
Idera Up.Time Monitoring Station 7.0 post2file.php Arbitrary File Upload
Idera Up.Time ≤ 7.2 post2file.php Arbitrary File Upload RCE
63RISCO
abrir ↗Metasploit300
Red Hat CloudForms Management Engine 5.1 miq_policy/explorer SQL Injection
SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and Mana
23RISCO
abrir ↗Metasploit600
Kaseya uploadImage Arbitrary File Upload
Kaseya < 6.3.0.2 uploadImage.asp Arbitrary File Upload RCE
63RISCO
abrir ↗Metasploit300
Huawei Datacard Information Disclosure Vulnerability
The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remot
18RISCO
abrir ↗Metasploit600
ManageEngine Desktop Central AgentLogUpload Arbitrary File Upload
Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before buil
60RISCO
abrir ↗Metasploit300
MS13-090 CardSpaceClaimCollection ActiveX Integer Underflow
The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server
100RISCO
abrir ↗Metasploit300
IBM Lotus Sametime WebPlayer DoS
IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote attackers to cause a denial of service (WebPlayer Firefox extension c
18RISCO
abrir ↗Metasploit300
Supermicro Onboard IPMI url_redirect.cgi Authenticated Directory Traversal
Directory traversal vulnerability in url_redirect.cgi in Supermicro IPMI before SMT_X9_315 allows authenticated attacker
18RISCO
abrir ↗Metasploit300
Supermicro Onboard IPMI Static SSL Certificate Scanner
Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_3
18RISCO
abrir ↗Metasploit300
Supermicro Onboard IPMI CGI Vulnerability Scanner
Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Managemen
60RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.