Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
22.467 exploits
Exploit-DB
Sysax MultiServer 6.90 - Reflected Cross Site Scripting
CVE-2020-1322812 jun 2020
An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter.
23RIESGO
abrir
Exploit-DB
WinGate 9.4.1.5998 - Insecure Folder Permissions
CVE-2020-1386610 jun 2020
WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges
23RIESGO
abrir
Exploit-DB
Bludit 3.9.12 - Directory Traversal
CVE-2019-1611309 jun 2020
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .j
60RIESGO
abrir
Exploit-DB
D-Link DIR-615 T1 20.10 - CAPTCHA Bypass
CVE-2019-1752504 jun 2020
The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and
23RIESGO
abrir
Exploit-DB
Microsoft Windows - 'SMBGhost' Remote Code Execution
CVE-2020-0796CRITICALbajo ataqueransomware02 jun 2020
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol h
100RIESGO
abrir
Exploit-DB
vCloud Director 9.7.0.15498291 - Remote Code Execution
CVE-2020-395602 jun 2020
VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4
28RIESGO
abrir
Exploit-DB
OpenCart 3.0.3.2 - Stored Cross Site Scripting (Authenticated)
CVE-2020-1059602 jun 2020
OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upl
23RIESGO
abrir
Exploit-DB
VMware vCenter Server 6.7 - Authentication Bypass
CVE-2020-3952CRITICALbajo ataque01 jun 2020
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Servi
100RIESGO
abrir
Exploit-DB
WordPress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation
CVE-2020-1369301 jun 2020
An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Regi
35RIESGO
abrir
Exploit-DB
QuickBox Pro 2.1.8 - Authenticated Remote Code Execution
CVE-2020-1344801 jun 2020
QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execut
28RIESGO
abrir
Exploit-DB
Pi-hole 4.4.0 - Remote Code Execution (Authenticated)
CVE-2020-1110826 may 2020
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abus
60RIESGO
abrir
Exploit-DB
Plesk/myLittleAdmin - ViewState .NET Deserialization (Metasploit)
CVE-2020-1316625 may 2020
The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcod
60RIESGO
abrir
Exploit-DB
Synology DiskStation Manager - smart.cgi Remote Command Execution (Metasploit)
CVE-2017-1588925 may 2020
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authe
60RIESGO
abrir
Exploit-DB
WebLogic Server - Deserialization RCE - BadAttributeValueExpException (Metasploit)
CVE-2020-2555CRITICALbajo ataque22 may 2020
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Su
100RIESGO
abrir
Exploit-DB
Druva inSync Windows Client 6.6.3 - Local Privilege Escalation
CVE-2020-575222 may 2020
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitra
38RIESGO
abrir
Exploit-DB
OpenEDX platform Ironwood 2.5 - Remote Code Execution
CVE-2020-1314421 may 2020
Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>Ne
28RIESGO
abrir
Exploit-DB
BIND - 'TSIG' Denial of Service
CVE-2020-8617HIGH20 may 2020
A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c
78RIESGO
abrir
Exploit-DB
Submitty 20.04.01 - Persistent Cross-Site Scripting
CVE-2020-1288219 may 2020
Submitty through 20.04.01 allows XSS via upload of an SVG document, as demonstrated by an attack by a Student against a
23RIESGO
abrir
Exploit-DB
Pi-Hole - heisenbergCompensator Blocklist OS Command Execution (Metasploit)
CVE-2020-1110819 may 2020
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abus
60RIESGO
abrir
Exploit-DB
HP LinuxKI 6.01 - Remote Command Injection
CVE-2020-720918 may 2020
LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.
60RIESGO
abrir
Exploit-DB
Oracle Hospitality RES 3700 5.7 - Remote Code Execution
CVE-2019-302518 may 2020
Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Food and Beverage Applications. The supported versi
28RIESGO
abrir
Exploit-DB
Mikrotik Router Monitoring System 1.2.3 - 'community' SQL Injection
CVE-2020-1311818 may 2020
An issue was discovered in Mikrotik-Router-Monitoring-System through 2018-10-22. SQL Injection exists in check_community
23RIESGO
abrir
Exploit-DB
WordPress Plugin ChopSlider 3.4 - 'id' SQL Injection
CVE-2020-1153012 may 2020
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in
60RIESGO
abrir
Exploit-DB
Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting
CVE-2019-15253MEDIUM12 may 2020
Cisco Digital Network Architecture Center Stored Cross-Site Scripting Vulnerability
33RIESGO
abrir
Exploit-DB
SolarWinds MSP PME Cache Service 1.1.14 - Insecure File Permissions
CVE-2020-1260811 may 2020
An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Moni
28RIESGO
abrir
Exploit-DB
Pi-hole < 4.4 - Authenticated Remote Code Execution / Privileges Escalation
CVE-2020-1110810 may 2020
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abus
60RIESGO
abrir
Exploit-DB
Pi-hole < 4.4 - Authenticated Remote Code Execution
CVE-2020-1110810 may 2020
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abus
60RIESGO
abrir
Exploit-DB
Saltstack 3000.1 - Remote Code Execution
CVE-2020-11651CRITICALbajo ataque05 may 2020
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RIESGO
abrir
Exploit-DB
Saltstack 3000.1 - Remote Code Execution
CVE-2020-11652MEDIUMbajo ataque05 may 2020
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RIESGO
abrir
Exploit-DB
Apache Shiro 1.2.4 - Cookie RememberME Deserial RCE (Metasploit)
CVE-2016-4437CRITICALbajo ataque01 may 2020
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attack
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.