Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit400
Overlayfs Privilege Escalation
The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr op
43RIESGO
abrir ↗Metasploit400
Overlayfs Privilege Escalation
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does no
50RIESGO
abrir ↗Metasploit300
D-Link Cookie Command Execution
D-Link DSP-W110A1 Cookie Command Injection
63RIESGO
abrir ↗Metasploit300
SysAid Help Desk Database Credentials Disclosure
Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrar
60RIESGO
abrir ↗Metasploit300
SysAid Help Desk Administrator Account Creation
SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers t
50RIESGO
abrir ↗Metasploit300
SysAid Help Desk Arbitrary File Download
SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the account
50RIESGO
abrir ↗Metasploit300
SysAid Help Desk Arbitrary File Download
Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrar
60RIESGO
abrir ↗Metasploit300
SysAid Help Desk Database Credentials Disclosure
SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensi
43RIESGO
abrir ↗Metasploit600
SysAid Help Desk Administrator Portal Arbitrary File Upload
Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators t
50RIESGO
abrir ↗Metasploit600
SysAid Help Desk 'rdslogs' Arbitrary File Upload
The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote at
50RIESGO
abrir ↗Metasploit300
PhoenixContact PLC Remote START/STOP Command
Phoenix Contact Software ProConOs and MultiProg Missing Authentication for Critical Function
85RIESGO
abrir ↗Metasploit300
Windows ClientCopyImage Win32k Exploit
Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local
98RIESGO
abrir ↗Metasploit500
Adobe Flash Player Drawing Fill Shader Memory Corruption
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466
60RIESGO
abrir ↗Metasploit500
Adobe Flash Player ShaderJob Buffer Overflow
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460
60RIESGO
abrir ↗Metasploit300
Realtek SDK Miniigd UPnP SOAP Command Execution
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClien
100RIESGO
abrir ↗Metasploit600
ProFTPD 1.3.5 Mod_Copy Command Execution
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and
60RIESGO
abrir ↗Metasploit600
GoAutoDial 3.3 Authentication Bypass / Command Injection
Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute
50RIESGO
abrir ↗Metasploit600
GoAutoDial 3.3 Authentication Bypass / Command Injection
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arb
60RIESGO
abrir ↗Metasploit600
ABRT raceabrt Privilege Escalation
Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impac
38RIESGO
abrir ↗Metasploit600
Lenovo System Update Privilege Escalation
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allo
38RIESGO
abrir ↗Metasploit600
Wordpress N-Media Website Contact Form Upload Vulnerability
Website Contact Form With File Upload <= 1.3.4 - Arbitrary File Upload
63RIESGO
abrir ↗Metasploit500
Apple OS X Rootpipe Privilege Escalation
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and o
86RIESGO
abrir ↗Metasploit300
Archer C7 Directory Traversal Vulnerability
Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before
100RIESGO
abrir ↗Metasploit300
Apple OSX/iOS/Windows Safari Non-HTTPOnly Cookie Theft
WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not
18RIESGO
abrir ↗Metasploit600
Novell ZENworks Configuration Management Arbitrary File Upload
Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11
60RIESGO
abrir ↗Metasploit600
Ceragon FibeAir IP-10 SSH Private Key Exposure
Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remot
60RIESGO
abrir ↗Metasploit0
Firefox PDF.js Privileged Javascript Injection
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl
50RIESGO
abrir ↗Metasploit300
Airties login-cgi Buffer Overflow
Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 502
60RIESGO
abrir ↗Metasploit600
Apport / ABRT chroot Privilege Escalation
The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a craf
38RIESGO
abrir ↗Metasploit0
Firefox PDF.js Privileged Javascript Injection
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource
50RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.