Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit600
HP Intelligent Management Center BIMS UploadServlet Directory Traversal
CVE-2013-482208 Oct 2013
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Soft
50RISK
open
Metasploit600
GestioIP Remote Command Execution
CVE-2013-10039HIGH04 Oct 2013
GestioIP 3.0 ip_checkhost.cgi RCE
36RISK
open
Metasploit600
ClipBucket Remote Code Execution
CVE-2013-10040CRITICAL04 Oct 2013
ClipBucket <= 2.6 ofc_upload_image.php Arbitrary File Upload RCE
63RISK
open
Metasploit600
FlashChat Arbitrary File Upload
CVE-2013-10038CRITICAL04 Oct 2013
FlashChat Arbitrary File Upload RCE
63RISK
open
Metasploit600
ibstat $PATH Privilege Escalation
CVE-2013-401124 Sep 2013
Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, a
38RISK
open
Metasploit600
Zabbix 2.0.8 SQL Injection and Remote Code Execution
CVE-2013-574323 Sep 2013
Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.
60RISK
open
Metasploit600
ZeroShell Remote Code Execution
CVE-2009-054522 Sep 2013
cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell meta
60RISK
open
Metasploit600
Cisco Prime Data Center Network Manager Arbitrary File Upload
CVE-2013-548618 Sep 2013
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager
60RISK
open
Metasploit300
MS13-080 Microsoft Internet Explorer SetMouseCapture Use-After-Free
CVE-2013-3893HIGHunder attack17 Sep 2013
Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 throug
100RISK
open
Metasploit600
F5 iControl Remote Root Command Execution
CVE-2014-292817 Sep 2013
The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5
50RISK
open
Metasploit0
Astium Remote Code Execution
CVE-2013-10043CRITICAL17 Sep 2013
Astium VOIP PBX <= 2.1 SQL Injection File Upload RCE
63RISK
open
Metasploit600
OpenEMR 4.1.1 Patch 14 SQLi Privilege Escalation Remote Code Execution
CVE-2013-10044HIGH16 Sep 2013
OpenEMR ≤ 4.1.1 SQL Injection Privilege Escalation and RCE
36RISK
open
Metasploit0
GLPI install.php Remote Command Execution
CVE-2013-569612 Sep 2013
inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installati
38RISK
open
Metasploit600
MS13-071 Microsoft Windows Theme File Handling Arbitrary Code Execution
CVE-2013-0810HIGH10 Sep 2013
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote a
68RISK
open
Metasploit300
MS13-069 Microsoft Internet Explorer CCaret Use-After-Free
CVE-2013-320510 Sep 2013
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (
50RISK
open
Metasploit600
HP ProCurve Manager SNAC UpdateCertificatesServlet File Upload
CVE-2013-481209 Sep 2013
UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0,
50RISK
open
Metasploit600
HP ProCurve Manager SNAC UpdateDomainControllerServlet File Upload
CVE-2013-481109 Sep 2013
UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4
60RISK
open
Metasploit600
Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation
CVE-2013-498406 Sep 2013
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1
38RISK
open
Metasploit600
Sophos Web Protection Appliance sblistpack Arbitrary Command Execution
CVE-2013-498306 Sep 2013
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows
60RISK
open
Metasploit600
Android get_user/put_user Exploit
CVE-2013-6282HIGHunder attack06 Sep 2013
The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not
98RISK
open
Metasploit300
HTTP Client LAN IP Address Gather
CVE-2018-684905 Sep 2013
In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather complete client informati
50RISK
open
Metasploit600
Red Hat CloudForms Management Engine 5.1 agent/linuxpkgs Path Traversal
CVE-2013-206804 Sep 2013
Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow re
50RISK
open
Metasploit600
VMWare Setuid vmware-mount Unsafe popen(3)
CVE-2013-166222 Aug 2013
vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allo
38RISK
open
Metasploit600
Graphite Web Unsafe Pickle Handling
CVE-2013-509320 Aug 2013
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python
50RISK
open
Metasploit300
freeFTPd PASS Command Buffer Overflow
CVE-2013-10042CRITICAL20 Aug 2013
freeFTPd <= 1.0.10 PASS Command Stack-Based Buffer Overflow
63RISK
open
Metasploit500
Java storeImageArray() Invalid Array Indexing Vulnerability
CVE-2013-2465CRITICALunder attackransomware12 Aug 2013
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 U
100RISK
open
Metasploit300
Adobe Reader ToolButton Use After Free
CVE-2013-3346HIGHunder attack08 Aug 2013
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitr
100RISK
open
Metasploit500
Adobe ColdFusion RDS Authentication Bypass
CVE-2013-0632CRITICALunder attack08 Aug 2013
administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and pos
100RISK
open
Metasploit300
Adobe Reader ToolButton Use After Free
CVE-2013-3346HIGHunder attack08 Aug 2013
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitr
100RISK
open
Metasploit600
OpenX Backdoor PHP Code Execution
CVE-2013-421107 Aug 2013
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, wh
60RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.