Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit500
AdobeCollabSync Buffer Overflow Adobe Reader X Sandbox Bypass
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attacke
60RISCO
abrir ↗Metasploit600
Firefox toString console.time Privileged Javascript Injection
The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird befo
50RISCO
abrir ↗Metasploit500
Nginx HTTP Server 1.3.9-1.4.0 Chunked Encoding Stack Buffer Overflow
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cau
60RISCO
abrir ↗Metasploit300
ColdFusion 'password.properties' Hash Extraction
Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files
60RISCO
abrir ↗Metasploit400
MS13-038 Microsoft Internet Explorer CGenericElement Object Use-After-Free Vulnerability
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbit
100RISCO
abrir ↗Metasploit300
AudioCoder .M3U Buffer Overflow
Buffer overflow in AudioCoder 0.8.46 allows remote attackers to execute arbitrary code via a crafted .m3u file.
43RISCO
abrir ↗Metasploit300
IBM SPSS SamplePower C1Tab ActiveX Heap Overflow
Buffer overflow in the c1sizer ActiveX control in C1sizer.ocx in IBM SPSS SamplePower 3.0 before FP1 allows remote attac
50RISCO
abrir ↗Metasploit600
phpMyAdmin Authenticated Remote Code Execution via preg_replace()
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a
43RISCO
abrir ↗Metasploit300
ERS Viewer 2011 ERS File Handling Buffer Overflow
Stack-based buffer overflow in the ERM_convert_to_correct_webpath function in ermapper_u.dll in ERDAS ER Viewer before 1
43RISCO
abrir ↗Metasploit600
D-Link Devices Unauthenticated Remote Command Execution
D-Link Devices tools_vct.xgi Authenticated RCE
36RISCO
abrir ↗Metasploit200
Tincd Post-Authentication Remote TCP Stack Buffer Overflow
Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pr
50RISCO
abrir ↗Metasploit600
WordPress W3 Total Cache PHP Code Execution
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
60RISCO
abrir ↗Metasploit600
Oracle WebCenter Content CheckOutAndOpen.dll ActiveX Remote Code Execution
Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.
50RISCO
abrir ↗Metasploit600
Ruby on Rails Known Secret Session Cookie Remote Code Execution
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, an
60RISCO
abrir ↗Metasploit600
MiniWeb (Build 300) Arbitrary File Upload
MiniWeb <= Build 300 Arbitrary File Upload
43RISCO
abrir ↗Metasploit600
ABB MicroSCADA wserver.exe Remote Code Execution
ABB MicroSCADA Pro SYS600 Missing Authentication for Critical Function
40RISCO
abrir ↗Metasploit300
Sophos Web Protection Appliance patience.cgi Directory Traversal
Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read
60RISCO
abrir ↗Metasploit300
MiniUPnPd 1.4 Denial of Service (DoS) Exploit
The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attacke
60RISCO
abrir ↗Metasploit300
MiniUPnPd 1.0 Stack Buffer Overflow Remote Code Execution
Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP
50RISCO
abrir ↗Metasploit600
vTiger CRM SOAP AddEmailAttachment Arbitrary File Upload
vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in
50RISCO
abrir ↗Metasploit600
vTiger CRM SOAP AddEmailAttachment Arbitrary File Upload
vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.
60RISCO
abrir ↗Metasploit600
vBulletin index.php/ajax/api/reputation/vote nodeid Parameter SQL Injection
SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier
43RISCO
abrir ↗Metasploit300
vBulletin Password Collector via nodeid SQL Injection
SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier
43RISCO
abrir ↗Metasploit300
MongoDB nativeHelper.apply Remote Code Execution
MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMo
50RISCO
abrir ↗Metasploit500
Novell ZENworks Configuration Management Remote Execution
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform a
60RISCO
abrir ↗Metasploit300
Sysax Multi-Server 6.10 SSHD Key Exchange Denial of Service
Sysax Multi-Server <= 6.10 SSHD Key Exchange DoS
36RISCO
abrir ↗Metasploit600
Novell Zenworks Mobile Managment MDM.php Local File Inclusion Vulnerability
Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.7.0 allows remote at
50RISCO
abrir ↗Metasploit300
MS13-022 Microsoft Silverlight ScriptObject Unsafe Memory Access
Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML obj
100RISCO
abrir ↗Metasploit300
MS13-022 Microsoft Silverlight ScriptObject Unsafe Memory Access
Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, wh
90RISCO
abrir ↗Metasploit600
GroundWork monarch_scan.cgi OS Command Injection
monarch_scan.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to ex
50RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.