Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit300
Web-Dorado ECommerce WD for Joomla! search_category_id SQL Injection Scanner
CVE-2015-256220 mar 2015
Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allo
50RIESGO
abrir
Metasploit600
Wordpress Work The Flow Upload Vulnerability
CVE-2015-10138CRITICAL14 mar 2015
Work The Flow File Upload <= 2.5.2 - Arbitrary File Upload
63RIESGO
abrir
Metasploit600
Solarwinds Firewall Security Manager 6.6.5 Client Session Handling Vulnerability
CVE-2015-228413 mar 2015
userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privile
60RIESGO
abrir
Metasploit600
iPass Mobile Client Service Privilege Escalation
CVE-2015-092512 mar 2015
The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via
50RIESGO
abrir
Metasploit500
Adobe Flash Player NetConnection Type Confusion
CVE-2015-033612 mar 2015
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451
60RIESGO
abrir
Metasploit600
Microsoft Windows Shell LNK Code Execution
CVE-2015-009610 mar 2015
Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and
60RIESGO
abrir
Metasploit600
Microsoft Windows Shell LNK Code Execution
CVE-2015-009610 mar 2015
Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and
60RIESGO
abrir
Metasploit600
WordPress WPshop eCommerce Arbitrary File Upload Vulnerability
CVE-2015-10135CRITICAL09 mar 2015
WPshop 2 – E-Commerce < 1.3.9.6 - Arbitrary File Upload
43RIESGO
abrir
Metasploit300
WordPress CP Multi-View Calendar Unauthenticated SQL Injection Scanner
CVE-2014-858603 mar 2015
SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to exe
50RIESGO
abrir
Metasploit600
PHPMoAdmin 1.1.2 Remote Code Execution
CVE-2015-220803 mar 2015
The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via she
50RIESGO
abrir
Metasploit300
Seagate Business NAS Unauthenticated Remote Command Execution
CVE-2014-868401 mar 2015
CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof
60RIESGO
abrir
Metasploit300
Seagate Business NAS Unauthenticated Remote Command Execution
CVE-2014-868601 mar 2015
CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-
50RIESGO
abrir
Metasploit300
Seagate Business NAS Unauthenticated Remote Command Execution
CVE-2014-868701 mar 2015
Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root
50RIESGO
abrir
Metasploit300
D-Link/TRENDnet NCC Service Command Injection
CVE-2015-1187CRITICALbajo ataque26 feb 2015
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr
100RIESGO
abrir
Metasploit300
WordPress WP EasyCart Plugin Privilege Escalation
CVE-2015-267325 feb 2015
The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyC
23RIESGO
abrir
Metasploit300
WordPress Contus Video Gallery Unauthenticated SQL Injection Scanner
CVE-2015-206524 feb 2015
SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery (contus-video-gallery) plugin b
50RIESGO
abrir
Metasploit300
Solarwinds Orion AccountManagement.asmx GetAccounts Admin Creation
CVE-2014-956624 feb 2015
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwin
50RIESGO
abrir
Metasploit500
D-Link DCS-931L File Upload
CVE-2015-204923 feb 2015
Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated use
50RIESGO
abrir
Metasploit300
D-Link Devices HNAP SOAPAction-Header Command Execution
CVE-2015-2051HIGHbajo ataque13 feb 2015
The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute ar
100RIESGO
abrir
Metasploit400
SixApart MovableType Storable Perl Code Execution
CVE-2015-159211 feb 2015
Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use
60RIESGO
abrir
Metasploit600
ElasticSearch Search Groovy Sandbox Bypass
CVE-2015-1427CRITICALbajo ataque11 feb 2015
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the s
100RIESGO
abrir
Metasploit600
WordPress Holding Pattern Theme Arbitrary File Upload
CVE-2015-117211 feb 2015
Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme (aka holding_pattern) 0.6 a
50RIESGO
abrir
Metasploit600
Maarch LetterBox Unrestricted File Upload
CVE-2015-158711 feb 2015
Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earl
50RIESGO
abrir
Metasploit300
WordPress WPLMS Theme Privilege Escalation
CVE-2015-10139HIGH09 feb 2015
WPLMS Learning Management System for WordPress, WordPress LMS <= 1.8.4.1 - Privilege Escalation
36RIESGO
abrir
Metasploit600
Ektron 8.5, 8.7, 9.0 XSLT Transform Remote Code Execution
CVE-2015-092305 feb 2015
The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before
23RIESGO
abrir
Metasploit500
Adobe Flash Player ByteArray With Workers Use After Free
CVE-2015-0313HIGHbajo ataque02 feb 2015
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows
100RIESGO
abrir
Metasploit300
MS15-018 Microsoft Internet Explorer 10 and 11 Cross-Domain JavaScript Injection
CVE-2015-007201 feb 2015
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass t
60RIESGO
abrir
Metasploit300
X360 VideoPlayer ActiveX Control Buffer Overflow
CVE-2025-34128HIGH30 ene 2015
X360 VideoPlayer ActiveX Control Buffer Overflow via ConvertFile()
36RIESGO
abrir
Metasploit300
ManageEngine Multiple Products Arbitrary Directory Listing
CVE-2014-786328 ene 2015
The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, O
60RIESGO
abrir
Metasploit300
ManageEngine Multiple Products Arbitrary File Download
CVE-2014-786328 ene 2015
The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, O
60RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.