Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
22.469 exploits
Exploit-DB
PANDORAFMS 7.0 - Authenticated Remote Code Execution
CVE-2020-894713 feb 2020
functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metac
28RIESGO
abrir
Exploit-DB
HP System Event Utility - Local Privilege Escalation
CVE-2019-1891512 feb 2020
A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version
23RIESGO
abrir
Exploit-DB
OpenSMTPD 6.4.0 < 6.6.1 - Local Privilege Escalation + Remote Code Execution
CVE-2020-7247CRITICALbajo ataque11 feb 2020
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to
100RIESGO
abrir
Exploit-DB
Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting
CVE-2020-882511 feb 2020
index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS.
23RIESGO
abrir
Exploit-DB
CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting
CVE-2020-883911 feb 2020
Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter devices before 1.16.00, as demonstrated by the /if.cg
23RIESGO
abrir
Exploit-DB
iOS/macOS - Out-of-Bounds Timestamp Write in IOAccelCommandQueue2::processSegmentKernelCommand()
CVE-2020-3837HIGHbajo ataque10 feb 2020
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3
76RIESGO
abrir
Exploit-DB
WordPress Plugin LearnDash LMS 3.1.2 - Reflective Cross-Site Scripting
CVE-2020-710810 feb 2020
The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field.
23RIESGO
abrir
Exploit-DB
Dota 2 7.23f - Denial of Service (PoC)
CVE-2020-794910 feb 2020
schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by
23RIESGO
abrir
Exploit-DB
D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi (Metasploit)
CVE-2019-2021510 feb 2020
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the
60RIESGO
abrir
Exploit-DB
Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting
CVE-2019-614610 feb 2020
It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version 8.x, via host heade
23RIESGO
abrir
Exploit-DB
OpenSMTPD - MAIL FROM Remote Code Execution (Metasploit)
CVE-2020-7247CRITICALbajo ataque10 feb 2020
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to
100RIESGO
abrir
Exploit-DB
Ricoh Driver - Privilege Escalation (Metasploit)
CVE-2019-1936310 feb 2020
An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attacker
38RIESGO
abrir
Exploit-DB
EyesOfNetwork 5.3 - Remote Code Execution
CVE-2020-865407 feb 2020
An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoD
60RIESGO
abrir
Exploit-DB
Windscribe - WindscribeService Named Pipe Privilege Escalation (Metasploit)
CVE-2018-1147907 feb 2020
The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe s
38RIESGO
abrir
Exploit-DB
EyesOfNetwork 5.3 - Remote Code Execution
CVE-2020-8655HIGHbajo ataque07 feb 2020
An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability
98RIESGO
abrir
Exploit-DB
EyesOfNetwork 5.3 - Remote Code Execution
CVE-2020-865607 feb 2020
An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthe
60RIESGO
abrir
Exploit-DB
Cisco Data Center Network Manager 11.2.1 - 'getVmHostData' SQL Injection
CVE-2019-15984HIGH06 feb 2020
Cisco Data Center Network Manager SQL Injection Vulnerabilities
53RIESGO
abrir
Exploit-DB
Cisco Data Center Network Manager 11.2.1 - 'LanFabricImpl' Command Injection
CVE-2019-15977CRITICAL06 feb 2020
Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
60RIESGO
abrir
Exploit-DB
Cisco Data Center Network Manager 11.2 - Remote Code Execution
CVE-2019-15975CRITICAL06 feb 2020
Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
85RIESGO
abrir
Exploit-DB
Cisco Data Center Network Manager 11.2.1 - 'LanFabricImpl' Command Injection
CVE-2019-15978HIGH06 feb 2020
Cisco Data Center Network Manager Command Injection Vulnerabilities
53RIESGO
abrir
Exploit-DB
Cisco Data Center Network Manager 11.2.1 - 'getVmHostData' SQL Injection
CVE-2019-15976CRITICAL06 feb 2020
Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
70RIESGO
abrir
Exploit-DB
Sudo 1.8.25p - 'pwfeedback' Buffer Overflow
CVE-2019-1863406 feb 2020
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the
28RIESGO
abrir
Exploit-DB
Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation
CVE-2020-8495HIGH05 feb 2020
In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate se
41RIESGO
abrir
Exploit-DB
Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure (PoC)
CVE-2019-1071605 feb 2020
An Information Disclosure issue in Verodin Director 3.5.3.1 and earlier reveals usernames and passwords of integrated se
23RIESGO
abrir
Exploit-DB
Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation
CVE-2020-8493MEDIUM05 feb 2020
A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions before 4.0 via
33RIESGO
abrir
Exploit-DB
xglance-bin 11.00 - Privilege Escalation
CVE-2014-263005 feb 2020
Unspecified vulnerability in HP Operations Agent 11.00, when Glance is used, allows local users to gain privileges via u
38RIESGO
abrir
Exploit-DB
Sudo 1.8.25p - 'pwfeedback' Buffer Overflow (PoC)
CVE-2019-1863404 feb 2020
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the
28RIESGO
abrir
Exploit-DB
School ERP System 1.0 - Cross Site Request Forgery (Add Admin)
CVE-2020-850503 feb 2020
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user.
23RIESGO
abrir
Exploit-DB
Jira 8.3.4 - Information Disclosure (Username Enumeration)
CVE-2019-844903 feb 2020
The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate username
60RIESGO
abrir
Exploit-DB
IceWarp WebMail 11.4.4.1 - Reflective Cross-Site Scripting
CVE-2020-851203 feb 2020
In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.
43RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.