Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit600
Squash YAML Code Execution
CVE-2013-503606 Aug 2013
The Square Squash allows remote attackers to execute arbitrary code via a YAML document in the (1) namespace parameter t
50RISK
open
Metasploit600
Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution
CVE-2012-399306 Aug 2013
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbi
50RISK
open
Metasploit600
Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution
CVE-2013-171006 Aug 2013
The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird befo
50RISK
open
Metasploit600
Agnitum Outpost Internet Security Local Privilege Escalation
CVE-2013-10046HIGH02 Aug 2013
Agnitum Outpost Internet Security Local Privilege Escalation
36RISK
open
Metasploit600
Joomla Media Manager File Upload Vulnerability
CVE-2013-557601 Aug 2013
administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before
50RISK
open
Metasploit0
HP SiteScope Remote Code Execution
CVE-2013-236729 Jul 2013
Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, when SOAP is used, allow remote attackers to execu
50RISK
open
Metasploit300
HP LoadRunner magentproc.exe Overflow
CVE-2013-480027 Jul 2013
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown ve
50RISK
open
Metasploit300
Chasys Draw IES Buffer Overflow
CVE-2013-392826 Jul 2013
Stack-based buffer overflow in the ReadFile function in flt_BMP.dll in Chasys Draw IES before 4.11.02 allows remote atta
50RISK
open
Metasploit300
Cogent DataHub HTTP Server Buffer Overflow
CVE-2013-068026 Jul 2013
Stack-based buffer overflow in the web server in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub befor
23RISK
open
Metasploit600
PineApp Mail-SeCure test_li_connection.php Arbitrary Command Execution
CVE-2013-682926 Jul 2013
admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacha
60RISK
open
Metasploit300
HP LoadRunner lrFileIOService ActiveX WriteFileString Remote Code Execution
CVE-2013-479824 Jul 2013
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown ve
50RISK
open
Metasploit300
HP LoadRunner lrFileIOService ActiveX Remote Code Execution
CVE-2013-237024 Jul 2013
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown ve
50RISK
open
Metasploit600
Oracle Endeca Server Remote Command Execution
CVE-2013-376316 Jul 2013
Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows rem
50RISK
open
Metasploit0
NETGEAR ReadyNAS Perl Code Evaluation
CVE-2013-275112 Jul 2013
Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator
60RISK
open
Metasploit600
Linksys Devices pingstr Remote Command Injection
CVE-2013-356812 Jul 2013
Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentica
43RISK
open
Metasploit300
Ultra Mini HTTPD Stack Buffer Overflow
CVE-2013-501910 Jul 2013
Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resour
50RISK
open
Metasploit300
MS13-055 Microsoft Internet Explorer CAnchorElement Use-After-Free
CVE-2013-3163HIGHunder attack09 Jul 2013
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service
100RISK
open
Metasploit300
Corel PDF Fusion Stack Buffer Overflow
CVE-2013-324808 Jul 2013
Untrusted search path vulnerability in Corel PDF Fusion 1.11 allows local users to gain privileges via a Trojan horse wi
43RISK
open
Metasploit300
D-Link Devices UPnP SOAP Command Execution
CVE-2014-8361CRITICALunder attack05 Jul 2013
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClien
100RISK
open
Metasploit600
Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
CVE-2013-2251CRITICALunder attack02 Jul 2013
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a
100RISK
open
Metasploit600
Nodejs js-yaml load() Code Execution
CVE-2013-466028 Jun 2013
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, whic
43RISK
open
Metasploit300
HP StorageWorks P4000 Virtual SAN Appliance Login Buffer Overflow
CVE-2013-234328 Jun 2013
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attacke
50RISK
open
Metasploit300
MS13-059 Microsoft Internet Explorer CFlatMarkupPointer Use-After-Free
CVE-2013-318427 Jun 2013
Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service
50RISK
open
Metasploit300
PCMAN FTP Server Post-Authentication STOR Command Stack Buffer Overflow
CVE-2013-473027 Jun 2013
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USE
50RISK
open
Metasploit600
Horde Framework Unserialize PHP Code Execution
CVE-2014-169127 Jun 2013
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to c
50RISK
open
Metasploit600
InstantCMS 1.6 Remote PHP Code Execution
CVE-2013-10051CRITICAL26 Jun 2013
InstantCMS <= 1.6 Remote PHP Code Execution
63RISK
open
Metasploit300
Firefox onreadystatechange Event DocumentViewerImpl Use After Free
CVE-2013-1690HIGHunder attack25 Jun 2013
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before
98RISK
open
Metasploit300
MediaCoder .M3U Buffer Overflow
CVE-2017-886924 Jun 2013
Buffer overflow in MediaCoder 0.8.48.5888 allows remote attackers to execute arbitrary code via a crafted .m3u file.
43RISK
open
Metasploit300
IPMI 2.0 RAKP Remote SHA1 Password Hash Retrieval
CVE-2013-478620 Jun 2013
The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote
60RISK
open
Metasploit300
IPMI 2.0 Cipher Zero Authentication Bypass Scanner
CVE-2013-478220 Jun 2013
The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands b
23RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.