Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.046exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.079VulnCheck XDB 8060Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
4187 exploits
Nucleimedium
Microsoft FrontPage Extensions - Information Disclosure
Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST reque
30RIESGO
abrir ↗Nucleimedium
Jakarta Tomcat 3.1 and 3.0 - Information Disclosure
The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker
50RIESGO
abrir ↗Nucleicritical
Cisco IOS HTTP Configuration - Authentication Bypass
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when lo
50RIESGO
abrir ↗Nucleihigh
SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting
Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as othe
43RIESGO
abrir ↗Nucleimedium
SquirrelMail 1.4.x - Folder Name Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary sc
43RIESGO
abrir ↗Nucleimedium
Open Bulletin Board (OpenBB) v1.0.6 - Open Redirect/XSS
Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote atta
38RIESGO
abrir ↗Nucleimedium
Lotus Domino R5 and R6 WebMail - Information Disclosure
Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hid
60RIESGO
abrir ↗Nucleimedium
SquirrelMail Address Add 1.4.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote att
38RIESGO
abrir ↗Nucleicritical
Horde Groupware Unauthenticated Admin Access
The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote at
18RIESGO
abrir ↗Nucleimedium
SAP Web Application Server 6.x/7.0 - Open Redirect
frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log use
43RIESGO
abrir ↗Nucleimedium
Cofax <=2.0RC3 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in search.htm in Cofax 2.0 RC3 and earlier allows remote attackers to inject ar
38RIESGO
abrir ↗Nucleimedium
Cherokee HTTPD <=0.5 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary w
18RIESGO
abrir ↗Nucleihigh
Squirrelmail <=1.4.6 - Local File Inclusion
PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals i
50RIESGO
abrir ↗Nucleimedium
Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote
60RIESGO
abrir ↗Nucleimedium
Jira Rainbow.Zen - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extensi
38RIESGO
abrir ↗Nucleimedium
Apache Tomcat 4.x-7.x - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomca
60RIESGO
abrir ↗Nucleicritical
Alcatel-Lucent OmniPCX - Remote Command Execution
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows rem
100RIESGO
abrir ↗Nucleimedium
Joomla! RSfiles <=1.0.2 - Local File Inclusion
Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allo
38RIESGO
abrir ↗Nucleimedium
OpenSymphony XWork/Apache Struts2 - Remote Code Execution
Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursive
23RIESGO
abrir ↗Nucleimedium
phpPgAdmin <=4.1.1 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inje
43RIESGO
abrir ↗Nucleihigh
WordPress Sniplets 1.1.2 - Local File Inclusion
PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordP
50RIESGO
abrir ↗Nucleimedium
WordPress Sniplets <=1.2.2 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote at
38RIESGO
abrir ↗Nucleimedium
Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection
Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2
50RIESGO
abrir ↗Nucleimedium
Bitrix Site Management 2.x - Open Redirect
Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbi
18RIESGO
abrir ↗Nucleimedium
AppServ Open Project <=2.5.10 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers
38RIESGO
abrir ↗Nucleimedium
CMSimple 3.1 - Local File Inclusion
Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote a
43RIESGO
abrir ↗Nucleicritical
Joomla! Image Browser 0.1.5 rc2 - Local File Inclusion
Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote atta
43RIESGO
abrir ↗Nucleimedium
Joomla! <=2.0.0 RC2 - Local File Inclusion
Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote
43RIESGO
abrir ↗Nucleimedium
phpPgAdmin <=4.2.1 - Local File Inclusion
Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is ena
43RIESGO
abrir ↗Nucleimedium
Joomla! ionFiles 4.4.2 - Local File Inclusion
Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remo
43RIESGO
abrir ↗página 1 / 140siguiente →
Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.