Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
22.469 exploits
Exploit-DB
Linux 5.3 - Privilege Escalation via io_uring Offload of sendmsg() onto Kernel Thread with Kernel Creds
CVE-2019-1924116 dic 2019
In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabili
23RIESGO
abrir
Exploit-DB
Lenovo Power Management Driver 1.67.17.48 - 'pmdrvs.sys' Denial of Service (PoC)
CVE-2019-6192MEDIUM12 dic 2019
A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a
33RIESGO
abrir
Exploit-DB
Adobe Acrobat Reader DC - Heap-Based Memory Corruption due to Malformed TTF Font
CVE-2019-1645111 dic 2019
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier v
35RIESGO
abrir
Exploit-DB
Apache Olingo OData 4.0 - XML External Entity Injection
CVE-2019-1755411 dic 2019
The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resoluti
28RIESGO
abrir
Exploit-DB
AppXSvc 17763 - Arbitrary File Overwrite (DoS)
CVE-2019-147611 dic 2019
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard li
23RIESGO
abrir
Exploit-DB
Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack
CVE-2019-11708CRITICALbajo ataque07 dic 2019
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result
90RIESGO
abrir
Exploit-DB
Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack
CVE-2019-981007 dic 2019
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check
28RIESGO
abrir
Exploit-DB
Verot 2.0.3 - Remote Code Execution
CVE-2019-1957606 dic 2019
class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! an
28RIESGO
abrir
Exploit-DB
Integard Pro NoJs 2.2.0.9026 - Remote Buffer Overflow
CVE-2019-1670206 dic 2019
Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary code via a buffer overflow involving a long NoJs pa
28RIESGO
abrir
Exploit-DB
Trend Micro Deep Security Agent 11 - Arbitrary File Overwrite
CVE-2019-1562706 dic 2019
Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, w
23RIESGO
abrir
Exploit-DB
Broadcom CA Privilged Access Manager 2.8.2 - Remote Command Execution
CVE-2018-902105 dic 2019
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to exec
28RIESGO
abrir
Exploit-DB
Broadcom CA Privilged Access Manager 2.8.2 - Remote Command Execution
CVE-2018-902205 dic 2019
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to exec
28RIESGO
abrir
Exploit-DB
Cisco WLC 2504 8.9 - Denial of Service (PoC)
CVE-2019-15276HIGH04 dic 2019
Cisco Wireless LAN Controller HTTP Parsing Engine Denial of Service Vulnerability
53RIESGO
abrir
Exploit-DB
Revive Adserver 4.2 - Remote Code Execution
CVE-2019-543403 dic 2019
An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() cal
50RIESGO
abrir
Exploit-DB
Intelbras Router RF1200 1.1.3 - Cross-Site Request Forgery
CVE-2019-1951603 dic 2019
Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp to the goform/SysToolChangePwd URI to change a pa
23RIESGO
abrir
Exploit-DB
Internet Explorer - Use-After-Free in JScript Arguments During toJSON Callback
CVE-2019-1429HIGHbajo ataque22 nov 2019
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet
93RIESGO
abrir
Exploit-DB
GNU Mailutils 3.7 - Privilege Escalation
CVE-2019-1886221 nov 2019
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.
23RIESGO
abrir
Exploit-DB
Ubuntu 19.10 - ubuntu-aufs-modified mmap_region() Breaks Refcounting in overlayfs/shiftfs Error Path
CVE-2019-15794HIGH20 nov 2019
Reference counting error in overlayfs/shiftfs error path when used in conjuction with aufs
41RIESGO
abrir
Exploit-DB
Ubuntu 19.10 - Refcount Underflow and Type Confusion in shiftfs
CVE-2019-15792HIGH20 nov 2019
Type confusion in shiftfs
41RIESGO
abrir
Exploit-DB
Ubuntu 19.10 - Refcount Underflow and Type Confusion in shiftfs
CVE-2019-15791HIGH20 nov 2019
Reference count underflow in shiftfs
41RIESGO
abrir
Exploit-DB
Bludit - Directory Traversal Image File Upload (Metasploit)
CVE-2019-1611320 nov 2019
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .j
60RIESGO
abrir
Exploit-DB
FusionPBX - Operator Panel exec.php Command Execution (Metasploit)
CVE-2019-1140920 nov 2019
app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerabili
60RIESGO
abrir
Exploit-DB
Pulse Secure VPN - Arbitrary Command Execution (Metasploit)
CVE-2019-11539HIGHbajo ataqueransomware20 nov 2019
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1R
100RIESGO
abrir
Exploit-DB
Xorg X11 Server - Local Privilege Escalation (Metasploit)
CVE-2018-1466520 nov 2019
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options wh
43RIESGO
abrir
Exploit-DB
Microsoft Windows 7 (x86) - 'BlueKeep' Remote Desktop Protocol (RDP) Remote Windows Kernel Use After Free
CVE-2019-0708CRITICALbajo ataqueransomware19 nov 2019
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unau
100RIESGO
abrir
Exploit-DB
nipper-ng 0.11.10 - Remote Buffer Overflow (PoC)
CVE-2019-1742418 nov 2019
A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-ng 0.11.10 allows re
28RIESGO
abrir
Exploit-DB
Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal
CVE-2019-1675818 nov 2019
In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a remote attacker can use a directory traversal tech
28RIESGO
abrir
Exploit-DB
Microsoft Windows 10 Build 1803 < 1903 - 'COMahawk' Local Privilege Escalation
CVE-2019-1322HIGHbajo ataqueransomware14 nov 2019
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft W
91RIESGO
abrir
Exploit-DB
Microsoft Windows 10 Build 1803 < 1903 - 'COMahawk' Local Privilege Escalation
CVE-2019-1405HIGHbajo ataqueransomware14 nov 2019
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows
91RIESGO
abrir
Exploit-DB
Xfilesharing 2.5.1 - Arbitrary File Upload
CVE-2019-1895114 nov 2019
SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files.
28RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.