Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
3462 exploits
Metasploit300
SSL/TLS Version Detection
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for
50RIESGO
abrir ↗Metasploit300
SSL/TLS Version Detection
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not pro
45RIESGO
abrir ↗Metasploit500
Adobe Flash Player casi32 Integer Overflow
Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and bef
60RIESGO
abrir ↗Metasploit300
Windows TrackPopupMenu Win32k NULL Pointer Dereference
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 a
100RIESGO
abrir ↗Metasploit600
MS14-060 Microsoft Windows OLE Package Manager Code Execution
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2
100RIESGO
abrir ↗Metasploit600
TWiki Debugenableplugins Remote Code Execution
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary
50RIESGO
abrir ↗Metasploit600
Numara / BMC Track-It! FileStorageService Arbitrary File Upload
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbit
60RIESGO
abrir ↗Metasploit300
BMC / Numara Track-It! Domain Administrator and SQL Server User Password Disclosure
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbit
60RIESGO
abrir ↗Metasploit300
Android Open Source Platform (AOSP) Browser UXSS
The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribu
23RIESGO
abrir ↗Metasploit300
MS15-001 Microsoft Windows NtApphelpCacheControl Improper Authorization Check
The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1,
43RIESGO
abrir ↗Metasploit600
IPFire Bash Environment Variable Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir ↗Metasploit600
Joomla Akeeba Kickstart Unserialize Remote Code Execution
Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeb
50RIESGO
abrir ↗Metasploit600
ManageEngine OpManager and Social IT Arbitrary File Upload
Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in Z
60RIESGO
abrir ↗Metasploit600
Wordpress InfusionSoft Upload Vulnerability
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows
50RIESGO
abrir ↗Metasploit300
Apache mod_cgi Bash Environment Variable Injection (Shellshock) Scanner
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi
100RIESGO
abrir ↗Metasploit300
Apache mod_cgi Bash Environment Variable Injection (Shellshock) Scanner
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir ↗Metasploit600
Pure-FTPd External Authentication Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir ↗Metasploit0
Mac OS X IOKit Keyboard Driver Root Privilege Escalation
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitr
98RIESGO
abrir ↗Metasploit300
OS X VMWare Fusion Privilege Escalation via Bash Environment Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir ↗Metasploit600
CUPS Filter Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir ↗Metasploit600
CUPS Filter Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi
100RIESGO
abrir ↗Metasploit300
DHCP Client Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir ↗Metasploit600
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir ↗Metasploit300
Qmail SMTP Bash Environment Variable Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir ↗Metasploit600
Dhclient Bash Environment Variable Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir ↗Metasploit600
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi
100RIESGO
abrir ↗Metasploit500
Adobe Flash Player copyPixelsToByteArray Method Integer Overflow
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS
60RIESGO
abrir ↗Metasploit600
Rejetto HttpFileServer Remote Command Execution
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c a
100RIESGO
abrir ↗Metasploit600
Phpwiki Ploticus Remote Code Execution
The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a dev
50RIESGO
abrir ↗Metasploit300
MS14-052 Microsoft Internet Explorer XMLDOM Filename Disclosure
The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the exist
70RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.