Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
4187 exploits
Nucleimedium
PacsOne Server <7.1.1 - Cross-Site Scripting
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site scripting (XSS).
18RIESGO
abrir
Nucleicritical
Alumni Management System 1.0 - SQL Injection
SQL injection vulnerability in SourceCodester Alumni Management System 1.0 allows the user to inject SQL payload to bypa
18RIESGO
abrir
Nucleicritical
Car Rental Management System 1.0 - Local File Inclusion
An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack
23RIESGO
abrir
Nucleicritical
74CMS - Remote File Inclusion
PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 7
30RIESGO
abrir
Nucleicritical
Zeroshell 3.9.3 - Command Injection
Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that co
30RIESGO
abrir
Nucleimedium
Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting
The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.
43RIESGO
abrir
Nucleimedium
Jira Server Pre-Auth - Arbitrary File Retrieval (WEB-INF, META-INF)
The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 befor
23RIESGO
abrir
Nucleicritical
ZyXel USG - Hardcoded Credentials
CVE-2020-29583CRITICALbajo ataque
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The p
100RIESGO
abrir
Nucleicritical
IncomCMS 2.0 - Arbitrary File Upload
IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows un
60RIESGO
abrir
Nucleicritical
Cisco Adaptive Security Appliance Software/Cisco Firepower Threat Defense - Directory Traversal
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability
85RIESGO
abrir
Nucleihigh
Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense (FTD) - Local File Inclusion
CVE-2020-3452HIGHbajo ataque
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability
100RIESGO
abrir
Nucleicritical
Cockpit CMS 0.6.1 - Remote Code Execution
Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCrite
30RIESGO
abrir
Nucleihigh
SMTP WP Plugin Directory Listing
The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in De
30RIESGO
abrir
Nucleicritical
Wireless Multiplex Terminal Playout Server <=20.2.8 - Default Credential Detection
The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server 20.2.8 and earlier
23RIESGO
abrir
Nucleicritical
OpenTSDB <=2.4.0 - Remote Code Execution
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. Th
60RIESGO
abrir
Nucleihigh
SearchBlox <9.2.2 - Local File Inclusion
A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated us
23RIESGO
abrir
Nucleihigh
Advanced Comment System 1.0 - Local File Inclusion
ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=.
43RIESGO
abrir
Nucleicritical
Belkin Linksys RE6500 <1.0.012.001 - Remote Command Execution
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new passw
50RIESGO
abrir
Nucleicritical
Klog Server <=2.41 - Unauthenticated Command Injection
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
60RIESGO
abrir
Nucleihigh
GateOne 1.1 - Local File Inclusion
GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.
23RIESGO
abrir
Nucleihigh
WordPress Simple Job Board <2.9.4 - Local File Inclusion
Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2
50RIESGO
abrir
Nucleimedium
twitter-server Cross-Site Scripting
server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configu
40RIESGO
abrir
Nucleimedium
Cisco ASA/FTD Software - Cross-Site Scripting
CVE-2020-3580MEDIUMbajo ataqueransomware
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities
100RIESGO
abrir
Nucleicritical
Agentejo Cockpit < 0.11.2 - NoSQL Injection
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
40RIESGO
abrir
Nucleicritical
Agentejo Cockpit <0.11.2 - NoSQL Injection
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
60RIESGO
abrir
Nucleicritical
Agentejo Cockpit <0.12.0 - NoSQL Injection
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.
60RIESGO
abrir
Nucleicritical
Wordpress Quiz and Survey Master <7.0.1 - Arbitrary File Deletion
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbit
65RIESGO
abrir
Nucleimedium
Rukovoditel <= 2.7.2 - Cross Site Scripting
A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticate
18RIESGO
abrir
Nucleimedium
Rukovoditel <= 2.7.2 - Cross Site Scripting
A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticate
18RIESGO
abrir
Nucleimedium
Rukovoditel <= 2.7.2 - Cross Site Scripting
A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authe
18RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.