Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
4187 exploits
Nucleimedium
Google Maps by BestWebSoft < 1.3.6 - Cross-Site Scripting
The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS issues.
18RIESGO
abrir
Nucleimedium
Testimonials by BestWebSoft < 0.1.9 - Cross-Site Scripting
The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS issues.
18RIESGO
abrir
Nucleimedium
Error Log Viewer by BestWebSoft < 1.0.6 - Cross-Site Scripting
The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS issues.
18RIESGO
abrir
Nucleimedium
Sender by BestWebSoft < 1.2.1 - Cross-Site Scripting
The sender plugin before 1.2.1 for WordPress has multiple XSS issues.
18RIESGO
abrir
Nucleimedium
Updater by BestWebSoft < 1.35 - Cross-Site Scripting
The updater plugin before 1.35 for WordPress has multiple XSS issues.
18RIESGO
abrir
Nucleimedium
User Role by BestWebSoft < 1.5.6 - Cross-Site Scripting
The user-role plugin before 1.5.6 for WordPress has multiple XSS issues.
18RIESGO
abrir
Nucleicritical
WordPress Shortcodes Ultimate <= 5.0.0 - Authenticated Remote Code Execution
The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or use
23RIESGO
abrir
Nucleimedium
Timesheet Plugin < 0.1.5 - Cross-Site Scripting
The timesheet plugin before 0.1.5 for WordPress has multiple XSS issues.
18RIESGO
abrir
Nucleimedium
WordPress Qards - Cross-Site Scripting
The Qards plugin through 2017-10-11 for WordPress has XSS via a remote document specified in the url parameter to html2c
18RIESGO
abrir
Nucleihigh
Graphite <=1.1.5 - Server-Side Request Forgery
send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulner
23RIESGO
abrir
Nucleimedium
Formidable Forms < 2.05.02 - Cross-Site Scripting
Formidable Form Builder < 2.05.03 - Unauthenticated Stored Cross-Site Scripting
56RIESGO
abrir
Nucleimedium
Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure
Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure
28RIESGO
abrir
Nucleimedium
FortiOS 5.4.0 to 5.6.0 - Cross-Site Scripting
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to exec
38RIESGO
abrir
Nucleimedium
Fortinet FortiOS < 5.6.0 - Cross-Site Scripting
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthor
38RIESGO
abrir
Nucleimedium
Fortinet FortiOS < 5.6.0 - Cross-Site Scripting
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthor
43RIESGO
abrir
Nucleihigh
Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution
CVE-2017-3506HIGHbajo ataque
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supporte
100RIESGO
abrir
Nucleimedium
Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect
Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (li
43RIESGO
abrir
Nucleimedium
McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting
Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x a
18RIESGO
abrir
Nucleihigh
NETGEAR Routers - Authentication Bypass
CVE-2017-5521HIGHbajo ataque
An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R
100RIESGO
abrir
Nucleimedium
KMCIS CaseAware - Cross-Site Scripting
An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., "usr"
38RIESGO
abrir
Nucleicritical
Apache Struts 2 - Remote Command Execution
CVE-2017-5638CRITICALbajo ataqueransomware
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception ha
100RIESGO
abrir
Nucleicritical
Intel Active Management - Authentication Bypass
CVE-2017-5689CRITICALbajo ataque
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Mana
100RIESGO
abrir
Nucleimedium
OpenVPN Access Server 2.1.4 - CRLF Injection
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbit
18RIESGO
abrir
Nucleimedium
Odoo <= 8.0-20160726 & 9.0 - Open Redirect
Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: Open redirection. The impact is: obtain sensitive in
18RIESGO
abrir
Nucleihigh
Kodi 17.1 - Local File Inclusion
Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files v
40RIESGO
abrir
Nucleicritical
JIRA Workflow Designer Plugin in Atlassian JIRA Server > 6.3.0 - Remote Code Execution (XXE)
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer,
23RIESGO
abrir
Nucleihigh
PhpColl 2.5.1 Arbitrary File Upload
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authentica
60RIESGO
abrir
Nucleimedium
MaNGOSWebV4 < 4.0.8 - Cross-Site Scripting
paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected XSS in install/index.php (step parameter).
38RIESGO
abrir
Nucleicritical
Windows Server 2003 & IIS 6.0 - Remote Code Execution
CVE-2017-7269CRITICALbajo ataque
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in
100RIESGO
abrir
Nucleimedium
Magmi 0.7.22 - Cross-Site Scripting
A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration o
18RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.