Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit300
SSL/TLS Version Detection
CVE-2013-2566MEDIUM14 oct 2014
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for
50RIESGO
abrir
Metasploit300
SSL/TLS Version Detection
CVE-2015-4000LOW14 oct 2014
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not pro
45RIESGO
abrir
Metasploit500
Adobe Flash Player casi32 Integer Overflow
CVE-2014-056914 oct 2014
Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and bef
60RIESGO
abrir
Metasploit300
Windows TrackPopupMenu Win32k NULL Pointer Dereference
CVE-2014-4113HIGHbajo ataque14 oct 2014
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 a
100RIESGO
abrir
Metasploit600
MS14-060 Microsoft Windows OLE Package Manager Code Execution
CVE-2014-4114HIGHbajo ataque14 oct 2014
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2
100RIESGO
abrir
Metasploit600
TWiki Debugenableplugins Remote Code Execution
CVE-2014-723609 oct 2014
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary
50RIESGO
abrir
Metasploit600
Numara / BMC Track-It! FileStorageService Arbitrary File Upload
CVE-2014-487207 oct 2014
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbit
60RIESGO
abrir
Metasploit300
BMC / Numara Track-It! Domain Administrator and SQL Server User Password Disclosure
CVE-2014-487207 oct 2014
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbit
60RIESGO
abrir
Metasploit300
Android Open Source Platform (AOSP) Browser UXSS
CVE-2014-604104 oct 2014
The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribu
23RIESGO
abrir
Metasploit300
MS15-001 Microsoft Windows NtApphelpCacheControl Improper Authorization Check
CVE-2015-000230 sep 2014
The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1,
43RIESGO
abrir
Metasploit600
IPFire Bash Environment Variable Injection (Shellshock)
CVE-2014-6271CRITICALbajo ataque29 sep 2014
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir
Metasploit600
Joomla Akeeba Kickstart Unserialize Remote Code Execution
CVE-2014-722829 sep 2014
Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeb
50RIESGO
abrir
Metasploit600
ManageEngine OpManager and Social IT Arbitrary File Upload
CVE-2014-603427 sep 2014
Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in Z
60RIESGO
abrir
Metasploit600
Wordpress InfusionSoft Upload Vulnerability
CVE-2014-644625 sep 2014
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows
50RIESGO
abrir
Metasploit300
Apache mod_cgi Bash Environment Variable Injection (Shellshock) Scanner
CVE-2014-6278HIGHbajo ataque24 sep 2014
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi
100RIESGO
abrir
Metasploit300
Apache mod_cgi Bash Environment Variable Injection (Shellshock) Scanner
CVE-2014-6271CRITICALbajo ataque24 sep 2014
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir
Metasploit600
Pure-FTPd External Authentication Bash Environment Variable Code Injection (Shellshock)
CVE-2014-6271CRITICALbajo ataque24 sep 2014
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir
Metasploit0
Mac OS X IOKit Keyboard Driver Root Privilege Escalation
CVE-2014-4404HIGHbajo ataque24 sep 2014
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitr
98RIESGO
abrir
Metasploit300
OS X VMWare Fusion Privilege Escalation via Bash Environment Code Injection (Shellshock)
CVE-2014-6271CRITICALbajo ataque24 sep 2014
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir
Metasploit600
CUPS Filter Bash Environment Variable Code Injection (Shellshock)
CVE-2014-6271CRITICALbajo ataque24 sep 2014
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir
Metasploit600
CUPS Filter Bash Environment Variable Code Injection (Shellshock)
CVE-2014-6278HIGHbajo ataque24 sep 2014
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi
100RIESGO
abrir
Metasploit300
DHCP Client Bash Environment Variable Code Injection (Shellshock)
CVE-2014-6271CRITICALbajo ataque24 sep 2014
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir
Metasploit600
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
CVE-2014-6271CRITICALbajo ataque24 sep 2014
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir
Metasploit300
Qmail SMTP Bash Environment Variable Injection (Shellshock)
CVE-2014-6271CRITICALbajo ataque24 sep 2014
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir
Metasploit600
Dhclient Bash Environment Variable Injection (Shellshock)
CVE-2014-6271CRITICALbajo ataque24 sep 2014
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir
Metasploit600
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
CVE-2014-6278HIGHbajo ataque24 sep 2014
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi
100RIESGO
abrir
Metasploit500
Adobe Flash Player copyPixelsToByteArray Method Integer Overflow
CVE-2014-055623 sep 2014
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS
60RIESGO
abrir
Metasploit600
Rejetto HttpFileServer Remote Command Execution
CVE-2014-6287CRITICALbajo ataque11 sep 2014
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c a
100RIESGO
abrir
Metasploit600
Phpwiki Ploticus Remote Code Execution
CVE-2014-551911 sep 2014
The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a dev
50RIESGO
abrir
Metasploit300
MS14-052 Microsoft Internet Explorer XMLDOM Filename Disclosure
CVE-2013-7331MEDIUMbajo ataque09 sep 2014
The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the exist
70RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.