Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,114cataloged exploits
31,649CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit600
BMC Server Automation RSCD Agent NSH Remote Command Execution
CVE-2016-154316 Mar 2016
The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux a
60RISK
open
Metasploit600
BMC Server Automation RSCD Agent NSH Remote Command Execution
CVE-2016-154216 Mar 2016
The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and U
60RISK
open
Metasploit600
Kaltura Remote PHP Code Execution
CVE-2016-15044CRITICAL15 Mar 2016
Kaltura < 11.1.0-2 PHP Object Injection RCE
63RISK
open
Metasploit600
Exim "perl_startup" Privilege Escalation
CVE-2016-153110 Mar 2016
Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
38RISK
open
Metasploit600
Nagios XI Chained Remote Code Execution
CVE-2018-873306 Mar 2016
Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an
43RISK
open
Metasploit0
Apache Jetspeed Arbitrary File Upload
CVE-2016-071006 Mar 2016
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attacker
50RISK
open
Metasploit0
Apache Jetspeed Arbitrary File Upload
CVE-2016-070906 Mar 2016
Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3
60RISK
open
Metasploit600
Nagios XI Chained Remote Code Execution
CVE-2018-873506 Mar 2016
Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execut
50RISK
open
Metasploit600
Nagios XI Chained Remote Code Execution
CVE-2018-873406 Mar 2016
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker
50RISK
open
Metasploit600
Nagios XI Chained Remote Code Execution
CVE-2018-873606 Mar 2016
A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RC
50RISK
open
Metasploit600
Ruby on Rails ActionPack Inline ERB Code Execution
CVE-2016-209801 Mar 2016
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to e
60RISK
open
Metasploit600
ATutor 2.2.1 Directory Traversal / Remote Code Execution
CVE-2016-255501 Mar 2016
SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbi
60RISK
open
Metasploit600
ATutor 2.2.1 Directory Traversal / Remote Code Execution
CVE-2017-100000201 Mar 2016
ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course
30RISK
open
Metasploit600
ATutor 2.2.1 SQL Injection / Remote Code Execution
CVE-2016-255501 Mar 2016
SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbi
60RISK
open
Metasploit600
Netgear Devices Unauthenticated Remote Command Execution
CVE-2016-1555CRITICALunder attack25 Feb 2016
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear
100RISK
open
Metasploit600
Jenkins XStream Groovy classpath Deserialization Vulnerability
CVE-2016-079224 Feb 2016
Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to ex
60RISK
open
Metasploit600
Primefaces Remote Code Execution Exploit
CVE-2017-1000486CRITICALunder attack15 Feb 2016
Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution
100RISK
open
Metasploit600
Xymon useradm Command Execution
CVE-2016-205614 Feb 2016
xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via
50RISK
open
Metasploit600
Ubiquiti airOS Arbitrary File Upload
CVE-2015-9266CRITICAL13 Feb 2016
Ubiquiti airOS HTTP(S) unauthenticated arbitrary file upload
85RISK
open
Metasploit600
MS16-016 mrxdav.sys WebDav Local Privilege Escalation
CVE-2016-005109 Feb 2016
The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Window
43RISK
open
Metasploit600
Advantech WebAccess Dashboard Viewer uploadImageCommon Arbitrary File Upload
CVE-2016-085405 Feb 2016
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess
60RISK
open
Metasploit500
D-Link DSL-2750B OS Command Injection
CVE-2016-20017CRITICALunder attack05 Feb 2016
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as
100RISK
open
Metasploit600
NETGEAR ProSafe Network Management System 300 Arbitrary File Upload
CVE-2023-38098HIGH04 Feb 2016
NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability
41RISK
open
Metasploit600
NETGEAR ProSafe Network Management System 300 Arbitrary File Upload
CVE-2016-152504 Feb 2016
Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allow
60RISK
open
Metasploit600
NETGEAR ProSafe Network Management System 300 Arbitrary File Upload
CVE-2023-38096CRITICAL04 Feb 2016
NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability
65RISK
open
Metasploit300
NETGEAR ProSafe Network Management System 300 Authenticated File Download
CVE-2016-152404 Feb 2016
Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote
60RISK
open
Metasploit600
lastore-daemon D-Bus Privilege Escalation
CVE-2016-15045HIGH02 Feb 2016
Deepin lastore-daemon Privilege Escalation via Unsigned .deb Installation
36RISK
open
Metasploit600
Oracle ATS Arbitrary File Upload
CVE-2016-049220 Jan 2016
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12
60RISK
open
Metasploit600
Oracle ATS Arbitrary File Upload
CVE-2016-049120 Jan 2016
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12
60RISK
open
Metasploit500
Windows Net-NTLMv2 Reflection DCOM/RPC (Juicy)
CVE-2016-322516 Jan 2016
The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1,
50RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.