Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit600
Vesta Control Panel Authenticated Remote Code Execution
CVE-2020-1080817 mar 2020
Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint.
40RIESGO
abrir
Metasploit200
SMBv3 Compression Buffer Overflow
CVE-2020-0796CRITICALbajo ataqueransomware13 mar 2020
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol h
100RIESGO
abrir
Metasploit400
SMBv3 Compression Buffer Overflow
CVE-2020-0796CRITICALbajo ataqueransomware13 mar 2020
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol h
100RIESGO
abrir
Metasploit300
vBulletin /ajax/api/content_infraction/getIndexableContent nodeid Parameter SQL Injection
CVE-2020-1272012 mar 2020
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
40RIESGO
abrir
Metasploit0
vBulletin /ajax/api/content_infraction/getIndexableContent nodeid Parameter SQL Injection
CVE-2020-1272012 mar 2020
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
40RIESGO
abrir
Metasploit400
Rconfig 3.x Chained Remote Code Execution
CVE-2019-1950911 mar 2020
An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a
60RIESGO
abrir
Metasploit400
Rconfig 3.x Chained Remote Code Execution
CVE-2020-1022011 mar 2020
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php
60RIESGO
abrir
Metasploit600
Background Intelligent Transfer Service Arbitrary File Move Privilege Elevation Vulnerability
CVE-2020-0787HIGHbajo ataqueransomware10 mar 2020
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperl
98RIESGO
abrir
Metasploit300
CVE-2020-1170 Cloud Filter Arbitrary File Creation EOP
CVE-2020-17136HIGH10 mar 2020
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
41RIESGO
abrir
Metasploit600
Pandora FMS Ping Authenticated Remote Code Execution
CVE-2025-34088HIGH09 mar 2020
Pandora FMS Authenticated Remote Code Execution via Ping Module
36RIESGO
abrir
Metasploit500
ManageEngine Desktop Central Java Deserialization
CVE-2020-10189CRITICALbajo ataque05 mar 2020
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted d
100RIESGO
abrir
Metasploit600
Metasploit Libnotify Plugin Arbitrary Command Execution
CVE-2020-7350MEDIUM04 mar 2020
Metasploit Framework Plugin Libnotify Command Injection
28RIESGO
abrir
Metasploit600
SharePoint Workflows XOML Injection
CVE-2020-0646CRITICALbajo ataque02 mar 2020
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.N
100RIESGO
abrir
Metasploit600
Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation
CVE-2020-575225 feb 2020
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitra
38RIESGO
abrir
Metasploit600
Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation
CVE-2019-399925 feb 2020
Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, u
38RIESGO
abrir
Metasploit200
OpenSMTPD OOB Read Local Privilege Escalation
CVE-2020-879424 feb 2020
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for mult
60RIESGO
abrir
Metasploit600
WordPress wpDiscuz Unauthenticated File Upload Vulnerability
CVE-2020-24186CRITICAL21 feb 2020
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allo
85RIESGO
abrir
Metasploit300
Apache Tomcat AJP File Read
CVE-2020-1938CRITICALbajo ataque20 feb 2020
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RIESGO
abrir
Metasploit300
Microsoft Windows DrawIconEx OOB Write Local Privilege Elevation
CVE-2020-1054HIGHbajo ataque20 feb 2020
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle o
98RIESGO
abrir
Metasploit300
WordPress Duplicator File Read Vulnerability
CVE-2020-11738HIGHbajo ataque19 feb 2020
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traver
100RIESGO
abrir
Metasploit0
Google Chrome 80 JSCreate side-effect type confusion exploit
CVE-2020-6418HIGHbajo ataque19 feb 2020
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corru
100RIESGO
abrir
Metasploit600
Aerohive NetConfig 10.0r8a LFI and log poisoning to RCE
CVE-2020-1615217 feb 2020
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0
30RIESGO
abrir
Metasploit600
Service Tracing Privilege Elevation Vulnerability
CVE-2020-066811 feb 2020
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Window
23RIESGO
abrir
Metasploit600
SQL Server Reporting Services (SSRS) ViewState Deserialization
CVE-2020-0618CRITICALbajo ataque11 feb 2020
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page
100RIESGO
abrir
Metasploit600
Exchange Control Panel ViewState Deserialization
CVE-2020-0688HIGHbajo ataqueransomware11 feb 2020
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle o
100RIESGO
abrir
Metasploit600
Unraid 6.8.0 Auth Bypass PHP Code Execution
CVE-2020-5847CRITICALbajo ataque10 feb 2020
Unraid through 6.8.0 allows Remote Code Execution.
100RIESGO
abrir
Metasploit600
Unraid 6.8.0 Auth Bypass PHP Code Execution
CVE-2020-5849HIGHbajo ataque10 feb 2020
Unraid 6.8.0 allows authentication bypass.
100RIESGO
abrir
Metasploit600
Horde CSV import arbitrary PHP code execution
CVE-2020-851807 feb 2020
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execu
60RIESGO
abrir
Metasploit600
EyesOfNetwork 5.1-5.3 AutoDiscovery Target Command Execution
CVE-2020-8657CRITICALbajo ataque06 feb 2020
An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include
100RIESGO
abrir
Metasploit600
EyesOfNetwork 5.1-5.3 AutoDiscovery Target Command Execution
CVE-2020-865606 feb 2020
An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthe
60RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.