Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
22.469 exploits
Exploit-DB
OpenSMTPD - OOB Read Local Privilege Escalation (Metasploit)
CVE-2020-879409 mar 2020
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for mult
60RIESGO
abrir
Exploit-DB
PHP-FPM - Underflow Remote Code Execution (Metasploit)
CVE-2019-11043HIGHbajo ataqueransomware09 mar 2020
Underflow in PHP-FPM can lead to RCE
100RIESGO
abrir
Exploit-DB
Google Chrome 72 and 73 - Array.map Out-of-Bounds Write (Metasploit)
CVE-2019-5825MEDIUMbajo ataque09 mar 2020
Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploi
90RIESGO
abrir
Exploit-DB
Google Chrome 67_ 68 and 69 - Object.create Type Confusion (Metasploit)
CVE-2018-17463HIGHbajo ataque09 mar 2020
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbit
100RIESGO
abrir
Exploit-DB
EyesOfNetwork - AutoDiscovery Target Command Execution (Metasploit)
CVE-2020-865405 mar 2020
An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoD
60RIESGO
abrir
Exploit-DB
Exchange Control Panel - Viewstate Deserialization (Metasploit)
CVE-2020-0688HIGHbajo ataqueransomware05 mar 2020
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle o
100RIESGO
abrir
Exploit-DB
EyesOfNetwork - AutoDiscovery Target Command Execution (Metasploit)
CVE-2020-865605 mar 2020
An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthe
60RIESGO
abrir
Exploit-DB
EyesOfNetwork - AutoDiscovery Target Command Execution (Metasploit)
CVE-2020-8657CRITICALbajo ataque05 mar 2020
An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include
100RIESGO
abrir
Exploit-DB
EyesOfNetwork - AutoDiscovery Target Command Execution (Metasploit)
CVE-2020-8655HIGHbajo ataque05 mar 2020
An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability
98RIESGO
abrir
Exploit-DB
Microsoft Windows - 'WizardOpium' Local Privilege Escalation
CVE-2019-1458HIGHbajo ataqueransomware03 mar 2020
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
100RIESGO
abrir
Exploit-DB
Alfresco 5.2.4 - Persistent Cross-Site Scripting
CVE-2020-877703 mar 2020
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo,
23RIESGO
abrir
Exploit-DB
Alfresco 5.2.4 - Persistent Cross-Site Scripting
CVE-2020-877603 mar 2020
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a
23RIESGO
abrir
Exploit-DB
Alfresco 5.2.4 - Persistent Cross-Site Scripting
CVE-2020-877803 mar 2020
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document,
23RIESGO
abrir
Exploit-DB
TL-WR849N 0.9.1 4.16 - Authentication Bypass (Upload Firmware)
CVE-2019-1914302 mar 2020
TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to replace the firmware via a POST request to the cgi
23RIESGO
abrir
Exploit-DB
Joplin Desktop 1.0.184 - Cross-Site Scripting
CVE-2020-903802 mar 2020
Joplin through 1.0.184 allows Arbitrary File Read via XSS.
23RIESGO
abrir
Exploit-DB
WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)
CVE-2020-861502 mar 2020
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves a
38RIESGO
abrir
Exploit-DB
Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution
CVE-2020-0688HIGHbajo ataqueransomware02 mar 2020
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle o
100RIESGO
abrir
Exploit-DB
TP LINK TL-WR849N - Remote Code Execution
CVE-2020-937402 mar 2020
On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploit
35RIESGO
abrir
Exploit-DB
Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload)
CVE-2019-1914202 mar 2020
Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmwa
23RIESGO
abrir
Exploit-DB
CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow
CVE-2020-801202 mar 2020
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerabi
60RIESGO
abrir
Exploit-DB
qdPM < 9.1 - Remote Code Execution
CVE-2020-724628 feb 2020
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code
60RIESGO
abrir
Exploit-DB
OpenSMTPD < 6.6.3p1 - Local Privilege Escalation + Remote Code Execution
CVE-2020-879426 feb 2020
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for mult
60RIESGO
abrir
Exploit-DB
Go SSH servers 0.0.2 - Denial of Service (PoC)
CVE-2020-928324 feb 2020
golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the
28RIESGO
abrir
Exploit-DB
Avaya IP Office Application Server 11.0.0.0 - Reflective Cross-Site Scripting
CVE-2019-7004MEDIUM24 feb 2020
Avaya IP Office XSS Vulnerability
33RIESGO
abrir
Exploit-DB
Android Binder - Use-After-Free (Metasploit)
CVE-2019-2215HIGHbajo ataque24 feb 2020
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interacti
100RIESGO
abrir
Exploit-DB
Apache James Server 2.3.2 - Insecure User Creation Arbitrary File Write (Metasploit)
CVE-2015-761124 feb 2020
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary syst
50RIESGO
abrir
Exploit-DB
ManageEngine EventLog Analyzer 10.0 - Information Disclosure
CVE-2019-1977424 feb 2020
An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetai
28RIESGO
abrir
Exploit-DB
Apache Tomcat - AJP 'Ghostcat File Read/Inclusion
CVE-2020-1938CRITICALbajo ataque20 feb 2020
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RIESGO
abrir
Exploit-DB
Anviz CrossChex - Buffer Overflow (Metasploit)
CVE-2019-1251817 feb 2020
Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability.
50RIESGO
abrir
Exploit-DB
MSI Packages Symbolic Links Processing - Windows 10 Privilege Escalation
CVE-2020-0683HIGHbajo ataque17 feb 2020
An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'W
71RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.