Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit300
ManageEngine Multiple Products Arbitrary File Download
CVE-2014-786328 ene 2015
The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, O
60RIESGO
abrir
Metasploit500
Exim GHOST (glibc gethostbyname) Buffer Overflow
CVE-2015-023527 ene 2015
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18,
60RIESGO
abrir
Metasploit600
IPass Control Pipe Remote Command Execution
CVE-2015-092521 ene 2015
The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via
50RIESGO
abrir
Metasploit600
WordPress Platform Theme File Upload Vulnerability
CVE-2015-10143CRITICAL21 ene 2015
Platform < 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Options Update
43RIESGO
abrir
Metasploit300
Java Secure Socket Extension (JSSE) SKIP-TLS MITM Proxy
CVE-2014-659320 ene 2015
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.
50RIESGO
abrir
Metasploit600
WordPress Pixabay Images PHP Code Upload
CVE-2015-137619 ene 2015
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remot
50RIESGO
abrir
Metasploit400
MS15-004 Microsoft Remote Desktop Services Web Proxy IE Sandbox Escape
CVE-2015-0016HIGHbajo ataque13 ene 2015
Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7
100RIESGO
abrir
Metasploit600
WordPress WP EasyCart Unrestricted File Upload
CVE-2014-930808 ene 2015
Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka Wor
50RIESGO
abrir
Metasploit300
McAfee ePolicy Orchestrator Authenticated XXE Credentials Exposure
CVE-2015-092206 ene 2015
McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers'
23RIESGO
abrir
Metasploit300
McAfee ePolicy Orchestrator Authenticated XXE Credentials Exposure
CVE-2015-092106 ene 2015
XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x
23RIESGO
abrir
Metasploit600
ASUS infosvr Auth Bypass Command Execution
CVE-2014-958304 ene 2015
common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC
60RIESGO
abrir
Metasploit300
ManageEngine Desktop Central Administrator Account Creation
CVE-2014-786231 dic 2014
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote at
60RIESGO
abrir
Metasploit300
Achat Unicode SEH Buffer Overflow
CVE-2025-34127CRITICAL18 dic 2014
Achat v0.150 SEH Buffer Overflow via UDP
63RIESGO
abrir
Metasploit600
Malicious Git and Mercurial HTTP Server For CVE-2014-9390
CVE-2014-939018 dic 2014
Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS
30RIESGO
abrir
Metasploit300
Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Scanner
CVE-2014-922217 dic 2014
AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows re
30RIESGO
abrir
Metasploit300
Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Authentication Bypass
CVE-2014-922217 dic 2014
AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows re
30RIESGO
abrir
Metasploit400
Malwarebytes Anti-Malware and Anti-Exploit Update Remote Code Execution
CVE-2014-493616 dic 2014
The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE)
43RIESGO
abrir
Metasploit600
Symantec Web Gateway 5 restore.php Post Authentication Command Injection
CVE-2014-728516 dic 2014
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to exe
50RIESGO
abrir
Metasploit600
ManageEngine Multiple Products Authenticated File Upload
CVE-2014-530115 dic 2014
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 t
60RIESGO
abrir
Metasploit600
WordPress WP Symposium 14.11 Shell Upload
CVE-2014-1002111 dic 2014
Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote
50RIESGO
abrir
Metasploit300
BMC TrackIt! Unauthenticated Arbitrary User Password Change
CVE-2014-827009 dic 2014
BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose na
23RIESGO
abrir
Metasploit600
Lexmark MarkVision Enterprise Arbitrary File Upload
CVE-2014-874109 dic 2014
Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allo
60RIESGO
abrir
Metasploit600
ProjectSend Arbitrary File Upload
CVE-2014-956702 dic 2014
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows rem
50RIESGO
abrir
Metasploit300
ManageEngine NetFlow Analyzer Arbitrary File Download
CVE-2014-544530 nov 2014
Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 a
60RIESGO
abrir
Metasploit600
Tuleap PHP Unserialize Code Execution
CVE-2014-879127 nov 2014
project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated
43RIESGO
abrir
Metasploit600
WordPress RevSlider File Upload and Execute Vulnerability
CVE-2014-973526 nov 2014
The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier
60RIESGO
abrir
Metasploit300
Arris VAP2500 tools_command.php Command Execution
CVE-2014-842325 nov 2014
Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute ar
50RIESGO
abrir
Metasploit300
Arris VAP2500 tools_command.php Command Execution
CVE-2014-842425 nov 2014
ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authenticatio
50RIESGO
abrir
Metasploit300
Adobe Flash Player PCRE Regex Vulnerability
CVE-2015-031825 nov 2014
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442
60RIESGO
abrir
Metasploit300
WordPress Long Password DoS
CVE-2014-901620 nov 2014
The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x
60RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.