Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit300
Cisco RV320 and RV325 Unauthenticated Remote Code Execution
CVE-2019-1653HIGHbajo ataque09 sep 2018
Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
100RIESGO
abrir
Metasploit0
Snap Creek Duplicator WordPress plugin code injection
CVE-2018-1720729 ago 2018
An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and
30RIESGO
abrir
Metasploit300
Microsoft Windows ALPC Task Scheduler Local Privilege Elevation
CVE-2018-8440HIGHbajo ataqueransomware27 ago 2018
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (A
91RIESGO
abrir
Metasploit600
Wordpress Plainview Activity Monitor RCE
CVE-2018-1587726 ago 2018
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell meta
60RIESGO
abrir
Metasploit600
Apache Struts 2 Namespace Redirect OGNL Injection
CVE-2018-11776HIGHbajo ataque22 ago 2018
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullN
100RIESGO
abrir
Metasploit600
Ghostscript Failed Restore Command Execution
CVE-2018-1650921 ago 2018
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handlin
60RIESGO
abrir
Metasploit300
Pimcore Gather Credentials via SQL Injection
CVE-2018-1405813 ago 2018
Pimcore before 5.3.0 allows SQL Injection via the REST web service API.
43RIESGO
abrir
Metasploit600
PHP Laravel Framework token Unserialize Remote Command Execution
CVE-2017-1689407 ago 2018
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwo
60RIESGO
abrir
Metasploit600
PHP Laravel Framework token Unserialize Remote Command Execution
CVE-2018-15133HIGHbajo ataque07 ago 2018
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unseri
100RIESGO
abrir
Metasploit300
Windows unmarshal post exploitation
CVE-2018-0824HIGHbajo ataque05 ago 2018
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized
100RIESGO
abrir
Metasploit600
NUUO NVRmini upgrade_handle.php Remote Command Execution
CVE-2018-14933CRITICALbajo ataque04 ago 2018
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir par
100RIESGO
abrir
Metasploit300
cgit Directory Traversal
CVE-2018-1491203 ago 2018
cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned
60RIESGO
abrir
Metasploit300
Mikrotik Winbox Arbitrary File Read
CVE-2018-14847CRITICALbajo ataque02 ago 2018
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated
100RIESGO
abrir
Metasploit600
Network Manager VPNC Username Privilege Escalation
CVE-2018-10900HIGH26 jul 2018
Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attac
56RIESGO
abrir
Metasploit300
Eaton Xpert Meter SSH Private Key Exposure Scanner
CVE-2018-1615818 jul 2018
Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different cus
30RIESGO
abrir
Metasploit600
QNAP Q'Center change_passwd Command Execution
CVE-2018-070711 jul 2018
Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could
50RIESGO
abrir
Metasploit300
Dicoogle PACS Web Server Directory Traversal
CVE-2018-25113HIGH11 jul 2018
Dicoogle PACS Web Server 2.5.0 Unauthenticated Path Traversal
36RIESGO
abrir
Metasploit600
QNAP Q'Center change_passwd Command Execution
CVE-2018-070611 jul 2018
Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticate
50RIESGO
abrir
Metasploit600
CMS Made Simple Authenticated RCE via File Upload/Copy
CVE-2018-100009403 jul 2018
CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows a
50RIESGO
abrir
Metasploit300
Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow
CVE-2018-1059402 jul 2018
Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPS
50RIESGO
abrir
Metasploit300
Wordpress Arbitrary File Deletion
CVE-2018-1289526 jun 2018
WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/
30RIESGO
abrir
Metasploit600
PRTG Network Monitor Authenticated RCE
CVE-2018-9276HIGHbajo ataque25 jun 2018
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administra
100RIESGO
abrir
Metasploit400
phpMyAdmin Authenticated Remote Code Execution
CVE-2018-1261319 jun 2018
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute
60RIESGO
abrir
Metasploit600
MicroFocus Secure Messaging Gateway Remote Code Execution
CVE-2018-12465CRITICAL19 jun 2018
Remote Code Execution in Micro Focus Secure Messaging Gateway
85RIESGO
abrir
Metasploit600
MicroFocus Secure Messaging Gateway Remote Code Execution
CVE-2018-12464CRITICAL19 jun 2018
Unauthenticated SQL injection in Micro Focus Secure Messaging Gateway
85RIESGO
abrir
Metasploit600
Axis Network Camera .srv-to-parhand RCE
CVE-2018-1066218 jun 2018
An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.
60RIESGO
abrir
Metasploit600
Axis Network Camera .srv-to-parhand RCE
CVE-2018-1066018 jun 2018
An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.
60RIESGO
abrir
Metasploit600
Axis Network Camera .srv-to-parhand RCE
CVE-2018-1066118 jun 2018
An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.
60RIESGO
abrir
Metasploit300
Splunk __raw Server Info Disclosure
CVE-2018-1140908 jun 2018
Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json
60RIESGO
abrir
Metasploit300
Cisco ASA Directory Traversal
CVE-2018-0296HIGHbajo ataque06 jun 2018
A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remo
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.