Public exploitation

Exploit catalog

Every public exploit we catalog, in one index. Search by CVE, exploit name or technology — and see, right beside it, what the flaw is actually worth: severity, exploitation probability, and whether it’s already under attack.

71,294cataloged exploits
31,742CVEs with public exploitation
0lab-tested
3,462 exploits
Metasploit300
HP Operations Agent Opcode coda.exe 0x34 Buffer Overflow
CVE-2012-201909 Jul 2012
Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via u
50RISK
open
Metasploit600
EGallery PHP File Upload Vulnerability
CVE-2012-10052CRITICAL08 Jul 2012
EGallery 1.2 Arbitrary PHP File Upload
63RISK
open
Metasploit600
Sflog! CMS 1.0 Arbitrary File Upload Vulnerability
CVE-2012-10042HIGH06 Jul 2012
Sflog! CMS 1.0 Arbitrary File Upload RCE
36RISK
open
Metasploit600
SPIP connect Parameter PHP Injection
CVE-2013-455704 Jul 2012
The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, all
23RISK
open
Metasploit600
Tiki Wiki unserialize() PHP Code Execution
CVE-2012-091104 Jul 2012
TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted
50RISK
open
Metasploit600
Wordpress Front-end Editor File Upload
CVE-2012-10019CRITICAL04 Jul 2012
Front-end Editor < 2.3 - Arbitrary File Upload
63RISK
open
Metasploit300
ALLMediaServer 0.8 Buffer Overflow
CVE-2017-1793204 Jul 2012
A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow
50RISK
open
Metasploit600
Avaya IP Office Customer Call Reporter ImageUpload.ashx Remote Command Execution
CVE-2012-381128 Jun 2012
Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call
50RISK
open
Metasploit600
Umbraco CMS Remote Command Execution
CVE-2012-10054CRITICAL28 Jun 2012
Umbraco CMS < 4.7.1 codeEditorSave.asmx RCE
63RISK
open
Metasploit600
Basilic 1.5.14 diff.php Arbitrary Command Execution
CVE-2012-339928 Jun 2012
Config/diff.php in Basilic 1.5.14 allows remote attackers to execute arbitrary commands via shell metacharacters in the
50RISK
open
Metasploit600
KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability
CVE-2012-251626 Jun 2012
An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Pl
50RISK
open
Metasploit600
SugarCRM unserialize() PHP Code Execution
CVE-2012-069423 Jun 2012
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers
50RISK
open
Metasploit500
Adobe Flash Player AVM Verification Logic Array Indexing Code Execution
CVE-2011-211021 Jun 2012
Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android,
60RISK
open
Metasploit600
Open-FTPD 1.2 Arbitrary File Upload
CVE-2010-262018 Jun 2012
Open&Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote attackers to bypass authentication by sending (1) LIST
43RISK
open
Metasploit600
IBM Lotus Notes Client URL Handler Command Injection
CVE-2012-217418 Jun 2012
The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted
50RISK
open
Metasploit600
EZHomeTech EzServer Stack Buffer Overflow Vulnerability
CVE-2024-23985HIGH18 Jun 2012
EzServer 6.4.017 allows a denial of service (daemon crash) via a long string, such as one for the RNTO command.
36RISK
open
Metasploit600
qdPM v7 Arbitrary PHP File Upload Vulnerability
CVE-2015-388414 Jun 2012
Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6)
23RISK
open
Metasploit300
MS12-037 Microsoft Internet Explorer Same ID Property Deleted Object Handling Memory Corruption
CVE-2012-187512 Jun 2012
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbit
50RISK
open
Metasploit300
MS12-037 Microsoft Internet Explorer Fixed Table Col Span Heap Overflow
CVE-2012-187612 Jun 2012
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allo
50RISK
open
Metasploit300
Free Float FTP Server USER Command Buffer Overflow
CVE-2012-10023MEDIUM12 Jun 2012
FreeFloat FTP Server USER Command Buffer Overflow
28RISK
open
Metasploit500
FreeBSD Intel SYSRET Privilege Escalation
CVE-2012-021712 Jun 2012
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and
50RISK
open
Metasploit400
MS12-043 Microsoft XML Core Services MSXML Uninitialized Memory Corruption
CVE-2012-1889HIGHunder attack12 Jun 2012
Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attacker
100RISK
open
Metasploit600
F5 BIG-IP SSH Private Key Exposure
CVE-2012-149311 Jun 2012
F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, a
50RISK
open
Metasploit300
MySQL Authentication Bypass Password Dump
CVE-2012-212209 Jun 2012
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x befor
60RISK
open
Metasploit400
ComSndFTP v1.3.7 Beta USER Format String (Write4) Vulnerability
CVE-2012-10055CRITICAL08 Jun 2012
ComSndFTP v1.3.7 Beta USER Format String RCE
63RISK
open
Metasploit600
Java Applet Field Bytecode Verifier Cache Remote Code Execution
CVE-2012-1723CRITICALunder attackransomware06 Jun 2012
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 up
100RISK
open
Metasploit300
Photodex ProShow Producer 5.0.3256 load File Handling Buffer Overflow
CVE-2012-10051HIGH06 Jun 2012
Photodex ProShow Producer 5.0.3256 load File Handling Buffer Overflow
36RISK
open
Metasploit600
WordPress Plugin Foxypress uploadify.php Arbitrary Code Execution
CVE-2012-10020CRITICAL05 Jun 2012
FoxyPress <= 0.4.2.1 - Arbitrary File Upload
63RISK
open
Metasploit300
Sielco Sistemi Winlog Buffer Overflow 2.07.14 - 2.07.16
CVE-2012-381504 Jun 2012
Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 al
50RISK
open
Metasploit300
IBM Lotus iNotes dwa85W ActiveX Buffer Overflow
CVE-2012-217501 Jun 2012
Buffer overflow in the Attachment_Times method in a certain ActiveX control in dwa85W.dll in IBM Lotus iNotes 8.5.x befo
43RISK
open

We index only the public link to the proof of concept — we never host or redistribute exploitation code. Sources: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit and VulnCheck XDB. A public PoC existing does not mean the flaw is exploitable in your environment.