Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
22.469 exploits
Exploit-DB
IceWarp WebMail 11.4.4.1 - Reflective Cross-Site Scripting
CVE-2020-851203 feb 2020
In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.
43RIESGO
abrir
Exploit-DB
Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection
CVE-2018-777703 feb 2020
The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Ele
35RIESGO
abrir
Exploit-DB
BearFTP 0.1.0 - 'PASV' Denial of Service
CVE-2020-841603 feb 2020
IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial of service via a large volume of connections to th
28RIESGO
abrir
Exploit-DB
School ERP System 1.0 - Cross Site Request Forgery (Add Admin)
CVE-2020-850503 feb 2020
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user.
23RIESGO
abrir
Exploit-DB
School ERP System 1.0 - Cross Site Request Forgery (Add Admin)
CVE-2020-850403 feb 2020
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrati
23RIESGO
abrir
Exploit-DB
OpenSMTPD 6.6.1 - Remote Code Execution
CVE-2020-7247CRITICALbajo ataque30 ene 2020
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to
100RIESGO
abrir
Exploit-DB
rConfig 3.9.3 - Authenticated Remote Code Execution
CVE-2019-1950930 ene 2020
An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a
60RIESGO
abrir
Exploit-DB
Satellian 1.12 - Remote Code Execution
CVE-2020-798029 ene 2020
Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to th
60RIESGO
abrir
Exploit-DB
XMLBlueprint 16.191112 - XML External Entity Injection
CVE-2019-1903229 ene 2020
XMLBlueprint through 16.191112 is affected by XML External Entity Injection. The impact is: Arbitrary File Read when an
23RIESGO
abrir
Exploit-DB
Microsoft Windows 10 - Theme API 'ThemePack' File Parsing
CVE-2018-841329 ene 2020
A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files, aka "Windows T
35RIESGO
abrir
Exploit-DB
Cups Easy 1.0 - Cross Site Request Forgery (Password Reset)
CVE-2020-842529 ene 2020
Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account deletion via userdelete.php.
23RIESGO
abrir
Exploit-DB
Cups Easy 1.0 - Cross Site Request Forgery (Password Reset)
CVE-2020-842429 ene 2020
Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account takeover via passwordmychange.php
23RIESGO
abrir
Exploit-DB
Adive Framework 2.0.8 - Cross-Site Request Forgery (Change Admin Password)
CVE-2020-799128 ene 2020
Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password.
23RIESGO
abrir
Exploit-DB
Octeth Oempro 4.8 - 'CampaignID' SQL Injection
CVE-2019-1974028 ene 2020
Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get is vulnerable.
23RIESGO
abrir
Exploit-DB
Microsoft Windows Kernel - Information Disclosure
CVE-2019-1125MEDIUM27 ene 2020
Windows Kernel Information Disclosure Vulnerability
33RIESGO
abrir
Exploit-DB
Genexis Platinum-4410 2.1 - Authentication Bypass
CVE-2020-617024 ene 2020
An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cl
23RIESGO
abrir
Exploit-DB
TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot
CVE-2019-1689324 ene 2020
The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated attacker to reboot the
35RIESGO
abrir
Exploit-DB
qdPM 9.1 - Remote Code Execution
CVE-2020-724623 ene 2020
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code
60RIESGO
abrir
Exploit-DB
Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)
CVE-2020-061023 ene 2020
A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated atta
35RIESGO
abrir
Exploit-DB
Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)
CVE-2020-060923 ene 2020
A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated atta
45RIESGO
abrir
Exploit-DB
Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)
CVE-2020-061023 ene 2020
A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated atta
35RIESGO
abrir
Exploit-DB
Reliable Datagram Sockets (RDS) - rds_atomic_free_op NULL pointer dereference Privilege Escalation (Metasploit)
CVE-2018-533323 ene 2020
In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning
38RIESGO
abrir
Exploit-DB
Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)
CVE-2020-060923 ene 2020
A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated atta
45RIESGO
abrir
Exploit-DB
Reliable Datagram Sockets (RDS) - rds_atomic_free_op NULL pointer dereference Privilege Escalation (Metasploit)
CVE-2019-921323 ene 2020
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which make
38RIESGO
abrir
Exploit-DB
Ricoh Printer Drivers - Local Privilege Escalation
CVE-2019-1936322 ene 2020
An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attacker
38RIESGO
abrir
Exploit-DB
Citrix XenMobile Server 10.8 - XML External Entity Injection
CVE-2018-1065322 ene 2020
There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 befor
23RIESGO
abrir
Exploit-DB
Microsoft SharePoint - Deserialization Remote Code Execution
CVE-2019-0604CRITICALbajo ataqueransomware21 ene 2020
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup
100RIESGO
abrir
Exploit-DB
Centreon 19.04 - Authenticated Remote Code Execution (Metasploit)
CVE-2019-1640520 ene 2020
Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code
28RIESGO
abrir
Exploit-DB
Easy XML Editor 1.7.8 - XML External Entity Injection
CVE-2019-1903120 ene 2020
Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. The impact is: Arbitrary File Read and DoS
23RIESGO
abrir
Exploit-DB
Plantronics Hub 3.13.2 - SpokesUpdateService Privilege Escalation (Metasploit)
CVE-2019-1574217 ene 2020
A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application
38RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.