Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
4187 exploits
Nucleimedium
WordPress sitepress-multilingual-cms 3.6.3 - Cross-Site Scripting
process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_fil
23RIESGO
abrir
Nucleihigh
Kubernetes Dashboard <1.10.1 - Authentication Bypass
Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for rea
40RIESGO
abrir
Nucleihigh
Centos Web Panel 0.9.8.480 - Local File Inclusion
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/
60RIESGO
abrir
Nucleihigh
DotNetNuke 9.2 - 9.2.2 - Weak Encryption & Cookie Deserialization
CVE-2018-18325HIGHbajo ataque
DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue ex
100RIESGO
abrir
Nucleimedium
Planon <Live Build 41 - Cross-Site Scripting
Planon before Live Build 41 has XSS.
18RIESGO
abrir
Nucleimedium
DedeCMS 5.7 SP2 - Cross-Site Scripting
DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is u
18RIESGO
abrir
Nucleimedium
Microstrategy Web 7 - Cross-Site Scripting
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (
38RIESGO
abrir
Nucleimedium
Microstrategy Web 7 - Local File Inclusion
Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subp
43RIESGO
abrir
Nucleimedium
ACME mini_httpd <1.30 - Local File Inclusion
ACME mini_httpd before 1.30 lets remote users read arbitrary files.
40RIESGO
abrir
Nucleimedium
TIBCO JasperReports Library - Directory Traversal
CVE-2018-18809CRITICALbajo ataque
TIBCO JasperReports Library Directory Traversal Vulnerability
100RIESGO
abrir
Nucleicritical
Gogs (Go Git Service) 0.11.66 - Remote Code Execution
Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." s
30RIESGO
abrir
Nucleicritical
PHPCMS 2008 - Remote Code Execution via Template Injection
A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cach
23RIESGO
abrir
Nucleimedium
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter.
38RIESGO
abrir
Nucleimedium
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ipid parameter.
18RIESGO
abrir
Nucleicritical
WP GDPR Compliance < 1.4.3 - Unauthenticated Call Any Action or Update Any Option
The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to exe
60RIESGO
abrir
Nucleicritical
OpenMRS Platform < 2.24.0 - Insecure Object Deserialization
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated use
85RIESGO
abrir
Nucleimedium
WordPress Ninja Forms <3.3.18 - Cross-Site Scripting
XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes
38RIESGO
abrir
Nucleihigh
Zyxel VMG1312-B10D 5.13AAXA.8 - Local File Inclusion
Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd.
18RIESGO
abrir
Nucleicritical
Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal
The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via
23RIESGO
abrir
Nucleimedium
SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting
SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component,
18RIESGO
abrir
Nucleicritical
PRTG Network Monitor - Local File Inclusion
CVE-2018-19410CRITICALbajo ataque
PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privile
100RIESGO
abrir
Nucleimedium
Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting
XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later vers
23RIESGO
abrir
Nucleihigh
PHP Proxy 3.0.3 - Local File Inclusion
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI UR
50RIESGO
abrir
Nucleimedium
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field.
38RIESGO
abrir
Nucleimedium
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields.
38RIESGO
abrir
Nucleimedium
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar.
38RIESGO
abrir
Nucleihigh
Tarantella Enterprise <3.11 - Local File Inclusion
Tarantella Enterprise before 3.11 allows Directory Traversal.
23RIESGO
abrir
Nucleimedium
Adiscon LogAnalyzer <4.1.7 - Cross-Site Scripting
login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field.
43RIESGO
abrir
Nucleimedium
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field.
18RIESGO
abrir
Nucleimedium
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field.
38RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.