Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit600
Firefox toString console.time Privileged Javascript Injection
CVE-2013-171014 May 2013
The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird befo
50RISK
open
Metasploit500
AdobeCollabSync Buffer Overflow Adobe Reader X Sandbox Bypass
CVE-2013-273014 May 2013
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attacke
60RISK
open
Metasploit300
ColdFusion 'password.properties' Hash Extraction
CVE-2013-333607 May 2013
Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files
60RISK
open
Metasploit500
Nginx HTTP Server 1.3.9-1.4.0 Chunked Encoding Stack Buffer Overflow
CVE-2013-202807 May 2013
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cau
60RISK
open
Metasploit400
MS13-038 Microsoft Internet Explorer CGenericElement Object Use-After-Free Vulnerability
CVE-2013-1347HIGHunder attack03 May 2013
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbit
100RISK
open
Metasploit300
AudioCoder .M3U Buffer Overflow
CVE-2017-887001 May 2013
Buffer overflow in AudioCoder 0.8.46 allows remote attackers to execute arbitrary code via a crafted .m3u file.
43RISK
open
Metasploit300
IBM SPSS SamplePower C1Tab ActiveX Heap Overflow
CVE-2012-594626 Apr 2013
Buffer overflow in the c1sizer ActiveX control in C1sizer.ocx in IBM SPSS SamplePower 3.0 before FP1 allows remote attac
50RISK
open
Metasploit600
phpMyAdmin Authenticated Remote Code Execution via preg_replace()
CVE-2013-323825 Apr 2013
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a
43RISK
open
Metasploit300
ERS Viewer 2011 ERS File Handling Buffer Overflow
CVE-2013-072623 Apr 2013
Stack-based buffer overflow in the ERM_convert_to_correct_webpath function in ermapper_u.dll in ERDAS ER Viewer before 1
43RISK
open
Metasploit600
D-Link Devices Unauthenticated Remote Command Execution
CVE-2013-10050HIGH22 Apr 2013
D-Link Devices tools_vct.xgi Authenticated RCE
36RISK
open
Metasploit200
Tincd Post-Authentication Remote TCP Stack Buffer Overflow
CVE-2013-142822 Apr 2013
Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pr
50RISK
open
Metasploit600
WordPress W3 Total Cache PHP Code Execution
CVE-2013-201017 Apr 2013
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
60RISK
open
Metasploit600
Oracle WebCenter Content CheckOutAndOpen.dll ActiveX Remote Code Execution
CVE-2013-155916 Apr 2013
Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.
50RISK
open
Metasploit600
Ruby on Rails Known Secret Session Cookie Remote Code Execution
CVE-2013-015611 Apr 2013
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, an
60RISK
open
Metasploit600
MiniWeb (Build 300) Arbitrary File Upload
CVE-2013-10047CRITICAL09 Apr 2013
MiniWeb <= Build 300 Arbitrary File Upload
43RISK
open
Metasploit600
ABB MicroSCADA wserver.exe Remote Code Execution
CVE-2019-562005 Apr 2013
ABB MicroSCADA Pro SYS600 Missing Authentication for Critical Function
40RISK
open
Metasploit300
Sophos Web Protection Appliance patience.cgi Directory Traversal
CVE-2013-264103 Apr 2013
Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read
60RISK
open
Metasploit300
MiniUPnPd 1.4 Denial of Service (DoS) Exploit
CVE-2013-022927 Mar 2013
The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attacke
60RISK
open
Metasploit300
MiniUPnPd 1.0 Stack Buffer Overflow Remote Code Execution
CVE-2013-023027 Mar 2013
Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP
50RISK
open
Metasploit600
vTiger CRM SOAP AddEmailAttachment Arbitrary File Upload
CVE-2013-321426 Mar 2013
vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.
60RISK
open
Metasploit600
vTiger CRM SOAP AddEmailAttachment Arbitrary File Upload
CVE-2013-321526 Mar 2013
vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in
50RISK
open
Metasploit600
vBulletin index.php/ajax/api/reputation/vote nodeid Parameter SQL Injection
CVE-2013-352225 Mar 2013
SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier
43RISK
open
Metasploit300
vBulletin Password Collector via nodeid SQL Injection
CVE-2013-352224 Mar 2013
SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier
43RISK
open
Metasploit300
MongoDB nativeHelper.apply Remote Code Execution
CVE-2013-189224 Mar 2013
MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMo
50RISK
open
Metasploit500
Novell ZENworks Configuration Management Remote Execution
CVE-2013-108022 Mar 2013
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform a
60RISK
open
Metasploit300
Sysax Multi-Server 6.10 SSHD Key Exchange Denial of Service
CVE-2013-10065HIGH17 Mar 2013
Sysax Multi-Server <= 6.10 SSHD Key Exchange DoS
36RISK
open
Metasploit600
Novell Zenworks Mobile Managment MDM.php Local File Inclusion Vulnerability
CVE-2013-108113 Mar 2013
Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.7.0 allows remote at
50RISK
open
Metasploit300
MS13-022 Microsoft Silverlight ScriptObject Unsafe Memory Access
CVE-2013-0074HIGHunder attackransomware12 Mar 2013
Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML obj
100RISK
open
Metasploit300
MS13-022 Microsoft Silverlight ScriptObject Unsafe Memory Access
CVE-2013-3896MEDIUMunder attack12 Mar 2013
Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, wh
90RISK
open
Metasploit600
GroundWork monarch_scan.cgi OS Command Injection
CVE-2013-350208 Mar 2013
monarch_scan.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to ex
50RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.