Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
4187 exploits
Nucleihigh
MantisBT <=2.30 - Arbitrary Password Reset/Admin Access
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value
60RIESGO
abrir
Nucleimedium
IceWarp WebMail 11.3.1.5 - Cross-Site Scripting
In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" paramet
18RIESGO
abrir
Nucleicritical
Hikvision - Authentication Bypass
CVE-2017-7921CRITICALbajo ataque
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 16
100RIESGO
abrir
Nucleicritical
Dahua Security - Configuration File Disclosure
A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX,
30RIESGO
abrir
Nucleicritical
Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions pri
60RIESGO
abrir
Nucleicritical
Amcrest IP Camera Web Management - Data Exposure
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative cred
40RIESGO
abrir
Nucleicritical
Joomla! <3.7.1 - SQL Injection
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspeci
60RIESGO
abrir
Nucleimedium
Reflected XSS - Telerik Reporting Module
Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms
18RIESGO
abrir
Nucleimedium
WordPress Raygun4WP <=1.8.0 - Cross-Site Scripting
The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter).
18RIESGO
abrir
Nucleimedium
Odoo 8.0/9.0/10.0 - Local File Inclusion
Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, and 10.0 allows remote authenticated users to rea
18RIESGO
abrir
Nucleimedium
Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before
60RIESGO
abrir
Nucleicritical
Apache Struts2 S2-053 - Remote Code Execution
CVE-2017-9791CRITICALbajo ataque
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passe
100RIESGO
abrir
Nucleihigh
Apache Struts2 S2-052 - Remote Code Execution
CVE-2017-9805HIGHbajo ataque
The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with a
100RIESGO
abrir
Nucleihigh
DotNetNuke 5.0.0 - 9.3.0 - Cookie Deserialization Remote Code Execution
CVE-2017-9822HIGHbajo ataqueransomware
DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code e
100RIESGO
abrir
Nucleihigh
BOA Web Server 0.94.14 - Arbitrary File Access
/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read
50RIESGO
abrir
Nucleicritical
PHPUnit - Remote Code Execution
CVE-2017-9841CRITICALbajo ataque
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP c
100RIESGO
abrir
Nucleimedium
Schneider Electric Pelco VideoXpert Enterprise 2.0 - Path Traversal
An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2
18RIESGO
abrir
Nucleicritical
Cisco RV132W/RV134W Router - Information Disclosure
A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VP
40RIESGO
abrir
Nucleihigh
Cisco ASA - Local File Inclusion
CVE-2018-0296HIGHbajo ataque
A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remo
100RIESGO
abrir
Nucleimedium
Jolokia 1.3.7 - Cross-Site Scripting
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute ma
23RIESGO
abrir
Nucleihigh
Jolokia Agent - JNDI Code Injection
A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to
40RIESGO
abrir
Nucleicritical
Cobbler - Authentication Bypass
Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibl
23RIESGO
abrir
Nucleicritical
GitList < 0.6.0 Remote Code Execution
klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in
40RIESGO
abrir
Nucleihigh
Jenkins GitHub Plugin <=1.29.1 - Server-Side Request Forgery
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCrede
40RIESGO
abrir
Nucleimedium
Sympa version =>6.2.16 - Cross-Site Scripting
sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in
18RIESGO
abrir
Nucleimedium
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting (XSS) v
18RIESGO
abrir
Nucleicritical
Jenkins - Remote Command Injection
CVE-2018-1000861CRITICALbajo ataque
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and ea
100RIESGO
abrir
Nucleicritical
XiongMai uc-httpd 1.0.0 - Buffer Overflow
Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE
50RIESGO
abrir
Nucleihigh
AudioCodes 420HD - Remote Code Execution
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.
50RIESGO
abrir
Nucleimedium
Dolibarr <7.0.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script
40RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.