Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
4187 exploits
Nucleimedium
DokuWiki - Cross-Site Scripting
DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php.
18RIESGO
abrir ↗Nucleicritical
Apache Struts2 S2-053 - Remote Code Execution
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag in
60RIESGO
abrir ↗Nucleihigh
Apache Tomcat Servers - Remote Code Execution
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisati
100RIESGO
abrir ↗Nucleihigh
Apache Tomcat - Remote Code Execution
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTT
100RIESGO
abrir ↗Nucleicritical
Apache Solr <= 7.1 - XML Entity Injection
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction wi
60RIESGO
abrir ↗Nucleicritical
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB be
60RIESGO
abrir ↗Nucleihigh
SAP NetWeaver Application Server Java 7.5 - Local File Inclusion
Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Se
100RIESGO
abrir ↗Nucleimedium
Django Debug Page - Cross-Site Scripting
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for
23RIESGO
abrir ↗Nucleicritical
OpenDreambox 2.0.0 - Remote Code Execution
enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote
23RIESGO
abrir ↗Nucleimedium
FortiGate FortiOS SSL VPN Web Portal - Cross-Site Scripting
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions un
18RIESGO
abrir ↗Nucleimedium
OpenText Documentum Administrator 7.2.0180.0055 - Open Redirect
Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redi
18RIESGO
abrir ↗Nucleihigh
Trixbox - 2.8.0.4 OS Command Injection
trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php
50RIESGO
abrir ↗Nucleimedium
Trixbox 2.8.0 - Path Traversal
trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter
50RIESGO
abrir ↗Nucleimedium
WordPress 2kb Amazon Affiliates Store <2.1.1 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress
18RIESGO
abrir ↗Nucleimedium
WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting
WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or
18RIESGO
abrir ↗Nucleimedium
WordPress < 4.8.2 - Authenticated Open Redirect
Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/us
18RIESGO
abrir ↗Nucleihigh
Node.js <8.6.0 - Directory Traversal
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was inc
30RIESGO
abrir ↗Nucleicritical
Intelbras WRN 150 - Authentication Bypass
Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication,
30RIESGO
abrir ↗Nucleimedium
Dreambox WebControl 2.0.0 - Cross-Site Scripting
There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouq
38RIESGO
abrir ↗Nucleihigh
Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local File Inclusion
Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used
23RIESGO
abrir ↗Nucleihigh
FiberHome Routers - Local File Inclusion
On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a cra
43RIESGO
abrir ↗Nucleihigh
Apache httpd <=2.4.29 - Arbitrary File Upload
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a ma
60RIESGO
abrir ↗Nucleicritical
Palo Alto Network PAN-OS - Remote Code Execution
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote
100RIESGO
abrir ↗Nucleihigh
Ulterius Server < 1.9.5.0 - Directory Traversal
The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory
60RIESGO
abrir ↗Nucleihigh
Nextjs <2.4.1 - Local File Inclusion
ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to
23RIESGO
abrir ↗Nucleihigh
Laravel <5.5.21 - Information Disclosure
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwo
60RIESGO
abrir ↗Nucleimedium
WordPress Emag Marketplace Connector 1.0 - Cross-Site Scripting
The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/
18RIESGO
abrir ↗Nucleimedium
WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting
XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via
18RIESGO
abrir ↗Nucleimedium
WordPress < 4.9.1 - Authenticated JavaScript File Upload
wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js fi
18RIESGO
abrir ↗Nucleimedium
WordPress Mailster <=1.5.4 - Cross-Site Scripting
The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subsc
18RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.