Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
4187 exploits
Nucleihigh
Spring Security OAuth2 Remote Command Execution
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1
60RIESGO
abrir
Nucleicritical
NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure
Netgear DGN2200 and DGND3700 disclose the administrator password
23RIESGO
abrir
Nucleicritical
NUUO NVR camera `debugging_center_utils_.php` - Command Execution
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR Rea
60RIESGO
abrir
Nucleicritical
vBulletin <= 4.2.3 - SQL Injection
SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 bef
50RIESGO
abrir
Nucleihigh
NETGEAR Routers - Remote Code Execution
CVE-2016-6277HIGHbajo ataque
NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.B
100RIESGO
abrir
Nucleihigh
ZOHO WebNMS Framework <5.2 SP1 - Local File Inclusion
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows rem
60RIESGO
abrir
Nucleicritical
Trend Micro Threat Discovery Appliance 2.6.1062r1 - Authentication Bypass
On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows
40RIESGO
abrir
Nucleihigh
Sony IPELA Engine IP Camera - Hardcoded Account
SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC
18RIESGO
abrir
Nucleimedium
SPIP <3.1.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject
18RIESGO
abrir
Nucleimedium
Aruba Airwave <8.2.3.1 - Cross-Site Scripting
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). Th
43RIESGO
abrir
Nucleihigh
DotNetNuke (DNN) ImageHandler <9.2.0 - Server-Side Request Forgery
DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler
23RIESGO
abrir
Nucleihigh
Oracle GlassFish Server Open Source Edition 4.1 - Local File Inclusion
Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Trave
60RIESGO
abrir
Nucleihigh
Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion
Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that
18RIESGO
abrir
Nucleimedium
Phoenix Framework - Open Redirect
The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to u
18RIESGO
abrir
Nucleihigh
WordPress Delightful Downloads Jquery File Tree 2.1.5 - Local File Inclusion
jqueryFileTree 2.1.5 and older Directory Traversal
50RIESGO
abrir
Nucleicritical
Primetek Primefaces 5.x - Remote Code Execution
CVE-2017-1000486CRITICALbajo ataque
Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution
100RIESGO
abrir
Nucleihigh
Oracle Content Server - Cross-Site Scripting
Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supp
23RIESGO
abrir
Nucleihigh
Oracle WebLogic Server - Remote Command Execution
CVE-2017-10271HIGHbajo ataqueransomware
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supporte
100RIESGO
abrir
Nucleihigh
Yaws 1.91 - Local File Inclusion
Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: th
60RIESGO
abrir
Nucleimedium
phpLDAPadmin <= 1.2.3 - Reflected XSS
phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter.
18RIESGO
abrir
Nucleicritical
DataTaker DT80 dEX 1.50.012 - Information Disclosure
dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a d
50RIESGO
abrir
Nucleicritical
Subrion CMS <4.1.5.10 - SQL Injection
Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.
23RIESGO
abrir
Nucleihigh
ManageEngine ServiceDesk 9.3.9328 - Arbitrary File Retrieval
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the path
40RIESGO
abrir
Nucleimedium
FineCMS <5.0.9 - Open Redirect
dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php.
18RIESGO
abrir
Nucleihigh
XML-RPC Server - Remote Code Execution
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows rem
60RIESGO
abrir
Nucleimedium
FineCMS <=5.0.10 - Cross-Site Scripting
dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=ap
18RIESGO
abrir
Nucleimedium
XOOPS Core 2.5.8 - Open Redirect
XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter.
18RIESGO
abrir
Nucleicritical
Jboss Application Server - Remote Code Execution
CVE-2017-12149CRITICALbajo ataqueransomware
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter
100RIESGO
abrir
Nucleicritical
HPE Integrated Lights-out 4 (ILO4) <2.53 - Authentication Bypass
A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53
60RIESGO
abrir
Nucleimedium
HPE System Management - Cross-Site Scripting
A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was
18RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.