Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit400
Redis Replication Code Execution
CVE-2018-1121813 nov 2018
Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10,
30RIESGO
abrir
Metasploit300
WordPress WP GDPR Compliance Plugin Privilege Escalation
CVE-2018-1920708 nov 2018
The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to exe
60RIESGO
abrir
Metasploit500
VyOS restricted-shell Escape and Privilege Escalation
CVE-2018-1855605 nov 2018
A privilege escalation issue was discovered in VyOS 1.1.8. The default configuration also allows operator users to execu
23RIESGO
abrir
Metasploit600
Intelliants Subrion CMS 4.2.1 - Authenticated File Upload Bypass to RCE
CVE-2018-1942204 nov 2018
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, beca
50RIESGO
abrir
Metasploit400
Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation
CVE-2019-921301 nov 2018
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which make
38RIESGO
abrir
Metasploit400
Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation
CVE-2018-533301 nov 2018
In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning
38RIESGO
abrir
Metasploit500
Xorg X11 Server Local Privilege Escalation
CVE-2018-1466525 oct 2018
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options wh
43RIESGO
abrir
Metasploit400
Xorg X11 Server SUID logfile Privilege Escalation
CVE-2018-1466525 oct 2018
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options wh
43RIESGO
abrir
Metasploit400
Xorg X11 Server SUID modulepath Privilege Escalation
CVE-2018-1466525 oct 2018
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options wh
43RIESGO
abrir
Metasploit0
WebExec Authenticated User Code Execution
CVE-2018-15442HIGH24 oct 2018
Cisco Webex Meetings Desktop App Update Service Command Injection Vulnerability
61RIESGO
abrir
Metasploit400
php imap_open Remote Code Execution
CVE-2018-100085923 oct 2018
15RIESGO
abrir
Metasploit400
php imap_open Remote Code Execution
CVE-2018-1951823 oct 2018
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh c
60RIESGO
abrir
Metasploit300
LibreOffice Macro Code Execution
CVE-2018-16858HIGH18 oct 2018
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could
68RIESGO
abrir
Metasploit300
libssh Authentication Bypass Scanner
CVE-2018-10933CRITICAL16 oct 2018
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client coul
85RIESGO
abrir
Metasploit0
Nuuo Central Management Server Authenticated Arbitrary File Upload
CVE-2018-1793611 oct 2018
NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite co
23RIESGO
abrir
Metasploit300
Nuuo Central Management Server User Session Token Bruteforce
CVE-2018-1788811 oct 2018
NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers
23RIESGO
abrir
Metasploit300
Nuuo Central Management Authenticated SQL Server SQLi
CVE-2018-1898211 oct 2018
NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can b
50RIESGO
abrir
Metasploit300
Nuuo Central Management Server Authenticated Arbitrary File Download
CVE-2018-1793411 oct 2018
NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be res
23RIESGO
abrir
Metasploit400
WebEx Local Service Permissions Exploit
CVE-2018-15442HIGH09 oct 2018
Cisco Webex Meetings Desktop App Update Service Command Injection Vulnerability
61RIESGO
abrir
Metasploit0
Windows NtUserSetWindowFNID Win32k User Callback
CVE-2018-8453HIGHbajo ataqueransomware09 oct 2018
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
98RIESGO
abrir
Metasploit600
blueimp's jQuery (Arbitrary) File Upload
CVE-2018-920609 oct 2018
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
60RIESGO
abrir
Metasploit600
Imperva SecureSphere PWS Command Injection
CVE-2018-1666008 oct 2018
A command injection vulnerability in PWS in Imperva SecureSphere 13.0.0.10 and 13.1.0.10 Gateway allows an attacker with
23RIESGO
abrir
Metasploit600
Malicious Git HTTP Server For CVE-2018-17456
CVE-2018-1745605 oct 2018
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x be
60RIESGO
abrir
Metasploit600
Cisco Prime Infrastructure Unauthenticated Remote Code Execution
CVE-2018-1537904 oct 2018
Cisco Prime Infrastructure Arbitrary File Upload and Command Execution Vulnerability
60RIESGO
abrir
Metasploit300
Zahir Enterprise Plus 6 Stack Buffer Overflow
CVE-2018-1740828 sep 2018
Stack-based buffer overflows in Zahir Accounting Enterprise Plus 6 through build 10b allow remote attackers to execute a
43RIESGO
abrir
Metasploit600
Navigate CMS Unauthenticated Remote Code Execution
CVE-2018-1755326 sep 2018
An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs N
60RIESGO
abrir
Metasploit600
Navigate CMS Unauthenticated Remote Code Execution
CVE-2018-1755226 sep 2018
SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigat
60RIESGO
abrir
Metasploit0
Google Chrome 67, 68 and 69 Object.create exploit
CVE-2018-17463HIGHbajo ataque25 sep 2018
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbit
100RIESGO
abrir
Metasploit600
Adobe ColdFusion CKEditor unrestricted file upload
CVE-2018-15961CRITICALbajo ataque11 sep 2018
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unr
100RIESGO
abrir
Metasploit300
Cisco RV320 and RV325 Unauthenticated Remote Code Execution
CVE-2019-1652HIGHbajo ataque09 sep 2018
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.