Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit0
MoinMoin twikidraw Action Traversal File Upload
CVE-2012-608130 Dec 2012
Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action
50RISK
open
Metasploit600
Wordpress Reflex Gallery Upload Vulnerability
CVE-2015-413330 Dec 2012
Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 f
50RISK
open
Metasploit300
MS13-008 Microsoft Internet Explorer CButton Object Use-After-Free Vulnerability
CVE-2012-4792HIGHunder attack27 Dec 2012
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary cod
100RISK
open
Metasploit200
Nvidia (nvsvc) Display Driver Service Local Privilege Escalation
CVE-2013-010925 Dec 2012
The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not
38RISK
open
Metasploit600
Android Browser and WebView addJavascriptInterface Code Execution
CVE-2013-471021 Dec 2012
Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly imp
50RISK
open
Metasploit600
Android Browser and WebView addJavascriptInterface Code Execution
CVE-2012-663621 Dec 2012
The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote atta
50RISK
open
Metasploit600
TWiki MAKETEXT Remote Command Execution
CVE-2012-632915 Dec 2012
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly hand
50RISK
open
Metasploit300
RealPlayer RealMedia File Handling Buffer Overflow
CVE-2012-569114 Dec 2012
Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers
50RISK
open
Metasploit300
Novell eDirectory 8 Buffer Overflow
CVE-2012-043212 Dec 2012
Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote at
50RISK
open
Metasploit500
Nagios3 history.cgi Host Command Execution
CVE-2012-609609 Dec 2012
Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga
50RISK
open
Metasploit600
FreeFloat FTP Server Arbitrary File Upload
CVE-2012-10030CRITICAL07 Dec 2012
FreeFloat FTP Server Arbitrary File Upload
63RISK
open
Metasploit400
Netwin SurgeFTP Remote Command Execution
CVE-2012-10028HIGH06 Dec 2012
Netwin SurgeFTP <= v23c8 Authenticated RCE
36RISK
open
Metasploit600
OpenSIS 'modname' PHP Code Execution
CVE-2013-134904 Dec 2012
Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP cod
43RISK
open
Metasploit600
Foswiki MAKETEXT Remote Command Execution
CVE-2012-632903 Dec 2012
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly hand
50RISK
open
Metasploit300
Android Stock Browser Iframe DOS
CVE-2012-630101 Dec 2012
The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a
18RISK
open
Metasploit600
Oracle MySQL for Microsoft Windows FILE Privilege Abuse
CVE-2012-561301 Dec 2012
MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the
50RISK
open
Metasploit600
Oracle MySQL for Microsoft Windows MOF Execution
CVE-2012-561301 Dec 2012
MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the
50RISK
open
Metasploit600
Tectia SSH USERAUTH Change Request Password Reset Vulnerability
CVE-2012-597501 Dec 2012
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6
50RISK
open
Metasploit300
Symantec Messaging Gateway 9.5 Log File Download Vulnerability
CVE-2012-434730 Nov 2012
Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow r
50RISK
open
Metasploit600
Nagios XI Network Monitor Graph Explorer Component Command Injection
CVE-2012-10029HIGH30 Nov 2012
Nagios XI Network Monitor Graph Explorer Component < 1.3 Authenticated Command Injection
36RISK
open
Metasploit600
MS13-005 HWND_BROADCAST Low to Medium Integrity Privilege Escalation
CVE-2013-000827 Nov 2012
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7
43RISK
open
Metasploit600
Maxthon3 about:history XCS Trusted Zone Code Execution
CVE-2012-10032HIGH26 Nov 2012
Maxthon3 about:history XCS Trusted Zone Code Execution
36RISK
open
Metasploit300
KingView Log File Parsing Buffer Overflow
CVE-2012-471120 Nov 2012
Buffer overflow in kingMess.exe 65.20.2003.10300 in WellinTech KingView 6.52, kingMess.exe 65.20.2003.10400 in KingView
50RISK
open
Metasploit300
CUPS 1.6.1 Root File Read
CVE-2012-551920 Nov 2012
CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator
18RISK
open
Metasploit300
NFR Agent FSFUI Record Arbitrary Remote File Access
CVE-2012-495816 Nov 2012
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrar
60RISK
open
Metasploit300
NFR Agent SRS Record Arbitrary Remote File Access
CVE-2012-495716 Nov 2012
Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbi
50RISK
open
Metasploit300
NFR Agent Heap Overflow Vulnerability
CVE-2012-495616 Nov 2012
Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to execute arbitrary co
30RISK
open
Metasploit500
NFR Agent FSFUI Record File Upload RCE
CVE-2012-495916 Nov 2012
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and ex
60RISK
open
Metasploit600
NetIQ Privileged User Manager 2.3.1 ldapagnt_eval() Remote Perl Code Execution
CVE-2012-593215 Nov 2012
Eval injection vulnerability in the ldapagnt_eval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manage
50RISK
open
Metasploit600
Narcissus Image Configuration Passthru Vulnerability
CVE-2012-10033CRITICAL14 Nov 2012
Narcissus backend.php Image Configuration Command Injection
63RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.