Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,180cataloged exploits
31,691CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit600
Narcissus Image Configuration Passthru Vulnerability
CVE-2012-10033CRITICAL14 Nov 2012
Narcissus backend.php Image Configuration Command Injection
63RISK
open
Metasploit300
VMWare OVF Tools Format String Vulnerability
CVE-2012-356908 Nov 2012
Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Pl
50RISK
open
Metasploit300
VMWare OVF Tools Format String Vulnerability
CVE-2012-356908 Nov 2012
Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Pl
50RISK
open
Metasploit300
Apple QuickTime 7.7.2 MIME Type Buffer Overflow
CVE-2012-375307 Nov 2012
Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause
50RISK
open
Metasploit300
Apple QuickTime 7.7.2 TeXML Style Element font-table Field Stack Buffer Overflow
CVE-2012-375207 Nov 2012
Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a de
50RISK
open
Metasploit300
XBMC Web Server Directory Traversal
CVE-2012-10024HIGH04 Nov 2012
XBMC ≤ 11.0 Web Server Path Traversal
36RISK
open
Metasploit300
Axigen Arbitrary File Read and Delete
CVE-2012-494031 Oct 2012
Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote att
60RISK
open
Metasploit600
Invision IP.Board unserialize() PHP Code Execution
CVE-2012-569225 Oct 2012
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3
43RISK
open
Metasploit300
ClanSphere 2011.3 Local File Inclusion Vulnerability
CVE-2012-10034HIGH23 Oct 2012
ClanSphere 2011.3 Local File Inclusion via cs_lang Cookie
36RISK
open
Metasploit300
Bitweaver overlay_type Directory Traversal
CVE-2012-519223 Oct 2012
Directory traversal vulnerability in gmap/view_overlay.php in Bitweaver 2.8.1 and earlier allows remote attackers to rea
50RISK
open
Metasploit600
Mutiny Remote Command Execution
CVE-2012-300122 Oct 2012
Mutiny Standard before 4.5-1.12 allows remote attackers to execute arbitrary commands via the network-interface menu, re
43RISK
open
Metasploit300
Drupal OpenID External Entity Injection
CVE-2012-455417 Oct 2012
The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE d
23RISK
open
Metasploit600
Java Applet AverageRangeStatisticImpl Remote Code Execution
CVE-2012-5076CRITICALunder attack16 Oct 2012
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allow
100RISK
open
Metasploit600
Java Applet JAX-WS Remote Code Execution
CVE-2012-5076CRITICALunder attack16 Oct 2012
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allow
100RISK
open
Metasploit600
Ektron 8.02 XSLT Transform Remote Code Execution
CVE-2012-535716 Oct 2012
Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true
50RISK
open
Metasploit600
Java Applet Method Handle Remote Code Execution
CVE-2012-508816 Oct 2012
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allow
60RISK
open
Metasploit600
Sun Java Web Start Double Quote Injection
CVE-2012-153316 Oct 2012
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and
50RISK
open
Metasploit500
Windows Escalate Service Permissions Local Privilege Escalation
CVE-2025-21293HIGH15 Oct 2012
Active Directory Domain Services Elevation of Privilege Vulnerability
41RISK
open
Metasploit300
MS11-081 Microsoft Internet Explorer Option Element Use-After-Free
CVE-2011-199611 Oct 2012
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to exe
50RISK
open
Metasploit600
PhpTax pfilez Parameter Exec Remote Code Injection
CVE-2012-10037CRITICAL08 Oct 2012
PhpTax pfilez Parameter Exec Remote Code Injection
63RISK
open
Metasploit600
Project Pier Arbitrary File Upload Vulnerability
CVE-2012-10036CRITICAL08 Oct 2012
Project Pier <= 0.8.8 Arbitrary File Upload RCE
63RISK
open
Metasploit0
D-Link DIR-605L Captcha Handling Buffer Overflow
CVE-2012-10021CRITICAL08 Oct 2012
D-Link DIR-605L Captcha Handling Buffer Overflow
63RISK
open
Metasploit500
Turbo FTP Server 1.30.823 PORT Overflow
CVE-2012-10035CRITICAL03 Oct 2012
Turbo FTP Server 1.30.823/826 PORT Command Buffer Overflow
43RISK
open
Metasploit300
phpMyAdmin 3.5.2.2 server_sync.php Backdoor
CVE-2012-515925 Sep 2012
phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an e
60RISK
open
Metasploit600
Kloxo Local Privilege Escalation
CVE-2012-10022HIGH18 Sep 2012
Kloxo <= 6.1.12 Local Privilege Escalation
36RISK
open
Metasploit600
ZEN Load Balancer Filelog Command Execution
CVE-2012-10039CRITICAL14 Sep 2012
ZEN Load Balancer Filelog Command Execution
63RISK
open
Metasploit600
Auxilium RateMyPet Arbitrary File Upload Vulnerability
CVE-2012-10038CRITICAL14 Sep 2012
Auxilium RateMyPet Arbitrary File Upload RCE
63RISK
open
Metasploit400
MS12-063 Microsoft Internet Explorer execCommand Use-After-Free Vulnerability
CVE-2012-4969HIGHunder attack14 Sep 2012
Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 al
100RISK
open
Metasploit600
Webmin /file/show.cgi Remote Command Execution
CVE-2012-298206 Sep 2012
file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid
50RISK
open
Metasploit300
Webmin edit_html.cgi file Parameter Traversal Arbitrary File Access
CVE-2012-298306 Sep 2012
file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited
23RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.