Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
19.841 exploits
Referência
CVE-2019-6444
An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based buffer over-read be
35RISCO
abrir
Referência
Microsoft SQL Server - Distributed Management Objects 'sqldmo.dll' Buffer Overflow (PoC)
Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.200
35RISCO
abrir
Referência
Microsoft SQL Server - Distributed Management Objects Buffer Overflow
Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.200
35RISCO
abrir
Referência
LS Simple Guestbook 1.0 - Remote Code Execution
Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) 1.0 allows remote at
35RISCO
abrir
Referência
CVE-2017-0202
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerabi
35RISCO
abrir
Referência
CVE-2023-4708
Infosoftbd Clcknshop GET Parameter all sql injection
45RISCO
abrir
Referência
CVE-2019-0221
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided
50RISCO
abrir
Referência
CVE-2017-11885
Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold,
35RISCO
abrir
Referência
CVE-2015-5574
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and
35RISCO
abrir
Referência
CVE-2015-7245
Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remot
50RISCO
abrir
Referência
CVE-2011-5046
The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Window
35RISCO
abrir
Referência
CVE-2009-4203
Multiple SQL injection vulnerabilities in admin/aclass/admin_func.php in Arab Portal 2.2 allow remote attackers to execu
23RISCO
abrir
Referência
CVE-2011-0506
Directory traversal vulnerability in modules/profile/user.php in Ax Developer CMS (AxDCMS) 0.1.1 allows remote attackers
23RISCO
abrir
Referência
CVE-2021-29003
Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacter
35RISCO
abrir
Referência
WordPress Plugin wp-Table 1.43 - 'inc_dir' Remote File Inclusion
PHP remote file inclusion vulnerability in js/wptable-button.php in the wp-Table 1.43 and earlier plugin for WordPress,
35RISCO
abrir
Referência
CVE-2014-9312
Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.
50RISCO
abrir
Referência
CVE-2014-9312
Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.
50RISCO
abrir
Referência
CVE-2018-15839
D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header.
35RISCO
abrir
Referência
CuteNews 1.1.1 - 'html.php' Remote Code Execution
plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (aka Strawberry) allows remote attackers to execute
35RISCO
abrir
Referência
PHPSlash 0.8.1.1 - Remote Code Execution
Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary P
35RISCO
abrir
Referência
CVE-2018-15535
/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname
50RISCO
abrir
Referência
CVE-2020-11798
A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before
50RISCO
abrir
Referência
CVE-2019-0803
CVE-2019-0803HIGHsob ataque
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
83RISCO
abrir
Referência
CVE-2020-35313
A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in Wonder
35RISCO
abrir
Referência
CVE-2011-2386
VisiWaveReport.exe in AZO Technologies, Inc. VisiWave Site Survey before 2.1.9 allows user-assisted remote attackers to
50RISCO
abrir
Referência
CVE-2017-0145
CVE-2017-0145HIGHsob ataqueransomware
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir
Referência
CVE-2019-13344
An authentication bypass vulnerability in the CRUDLab WP Like Button plugin through 1.6.0 for WordPress allows unauthent
35RISCO
abrir
Referência
CVE-2015-8426
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and
35RISCO
abrir
Referência
CVE-2023-36844
CVE-2023-36844MEDIUMsob ataque
Junos OS: EX Series: A PHP vulnerability in J-Web allows an unauthenticated attacker to control important environment variables
100RISCO
abrir
Referência
CVE-2015-8420
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and
35RISCO
abrir
anteriorpágina 68 / 662próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.