Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit300
Joomla com_contenthistory Error-Based SQL Injection
CVE-2015-729722 oct 2015
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via un
60RIESGO
abrir
Metasploit0
Safari User-Assisted Applescript Exec Attack
CVE-2015-700716 oct 2015
Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement f
50RIESGO
abrir
Metasploit300
Limesurvey Unauthenticated File Download
CVE-2025-34120HIGH12 oct 2015
LimeSurvey 2.0+ - 2.06+ Unauthenticated Arbitrary File Download via Serialized Backup Payload
36RIESGO
abrir
Metasploit600
Wordpress Ajax Load More PHP Upload Vulnerability
CVE-2015-10140HIGH10 oct 2015
Ajax Load More < 2.8.1.2 - Subscriber+ File Upload & Deletion
36RIESGO
abrir
Metasploit300
ManageEngine ServiceDesk Plus Path Traversal
CVE-2011-275703 oct 2015
Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remot
50RIESGO
abrir
Metasploit300
PDF Shaper Buffer Overflow
CVE-2025-34106HIGH03 oct 2015
PDF Shaper v3.5/3.6 Buffer Overflow via Convert to Image Feature
36RIESGO
abrir
Metasploit300
Mac OS X 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation
CVE-2015-588901 oct 2015
rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors inv
38RIESGO
abrir
Metasploit300
Apache James Server 2.3.2 Insecure User Creation Arbitrary File Write
CVE-2015-761101 oct 2015
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary syst
50RIESGO
abrir
Metasploit600
Vtiger CRM - Authenticated Logo Upload RCE
CVE-2015-600028 sep 2015
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger
50RIESGO
abrir
Metasploit600
Vtiger CRM - Authenticated Logo Upload RCE
CVE-2016-171328 sep 2015
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger
43RIESGO
abrir
Metasploit300
BisonWare BisonFTP Server 3.5 Directory Traversal Information Disclosure
CVE-2015-760228 sep 2015
Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (d
50RIESGO
abrir
Metasploit300
PCMan FTP Server 2.0.7 Directory Traversal Information Disclosure
CVE-2015-760128 sep 2015
Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..//
50RIESGO
abrir
Metasploit300
Kaseya VSA Master Administrator Account Creation
CVE-2015-692223 sep 2015
Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before
60RIESGO
abrir
Metasploit600
Kaseya VSA uploader.aspx Arbitrary File Upload
CVE-2015-692223 sep 2015
Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before
60RIESGO
abrir
Metasploit300
Konica Minolta FTP Utility 1.00 Directory Traversal Information Disclosure
CVE-2015-760322 sep 2015
Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via
50RIESGO
abrir
Metasploit0
ManageEngine OpManager Remote Code Execution
CVE-2015-776614 sep 2015
PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL q
60RIESGO
abrir
Metasploit0
ManageEngine OpManager Remote Code Execution
CVE-2015-776514 sep 2015
ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser a
50RIESGO
abrir
Metasploit600
MS15-100 Microsoft Windows Media Center MCL Vulnerability
CVE-2015-250908 sep 2015
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows user-assisted remo
60RIESGO
abrir
Metasploit600
F5 iControl iCall::Script Root Command Execution
CVE-2015-362803 sep 2015
The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 before 11.5.3 HF2 and 11.6.
50RIESGO
abrir
Metasploit600
Nibbleblog File Upload Vulnerability
CVE-2015-696701 sep 2015
Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to
50RIESGO
abrir
Metasploit300
Boxoft WAV to MP3 Converter v1.1 Buffer Overflow
CVE-2015-724331 ago 2015
Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly
50RIESGO
abrir
Metasploit600
WordPress Responsive Thumbnail Slider Arbitrary File Upload
CVE-2015-10144HIGH28 ago 2015
Responsive Thumbnail Slider < 1.0.1 - Authenticated (Subscriber+) Arbitrary File Upload
36RIESGO
abrir
Metasploit600
phpFileManager 0.9.8 Remote Code Execution
CVE-2015-595828 ago 2015
phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL.
23RIESGO
abrir
Metasploit600
MVPower DVR Shell Unauthenticated Command Execution
CVE-2016-20016CRITICAL23 ago 2015
MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /
85RIESGO
abrir
Metasploit300
Konica Minolta FTP Utility 1.00 Post Auth CWD Command SEH Overflow
CVE-2015-776823 ago 2015
Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code via a long CWD comma
50RIESGO
abrir
Metasploit600
ManageEngine ServiceDesk Plus Arbitrary File Upload
CVE-2019-8394HIGHbajo ataque20 ago 2015
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via l
98RIESGO
abrir
Metasploit600
Apache ActiveMQ 5.x-5.11.1 Directory Traversal Shell Upload
CVE-2015-183019 ago 2015
Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5
60RIESGO
abrir
Metasploit300
WordPress Symposium Plugin SQL Injection
CVE-2015-652218 ago 2015
SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbi
60RIESGO
abrir
Metasploit600
CMS Bolt File Upload Vulnerability
CVE-2015-730917 ago 2015
The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authent
50RIESGO
abrir
Metasploit300
Android Stagefright MP4 tx3g Integer Overflow
CVE-2015-386413 ago 2015
Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in A
60RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.