Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit300
MS14-052 Microsoft Internet Explorer XMLDOM Filename Disclosure
CVE-2013-7331MEDIUMbajo ataque09 sep 2014
The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the exist
70RIESGO
abrir
Metasploit600
ManageEngine Desktop Central StatusUpdate Arbitrary File Upload
CVE-2014-500531 ago 2014
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers
60RIESGO
abrir
Metasploit600
ManageEngine Eventlog Analyzer Arbitrary File Upload
CVE-2014-603731 ago 2014
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8
60RIESGO
abrir
Metasploit600
ActualAnalyzer 'ant' Cookie Command Execution
CVE-2014-5470CRITICAL28 ago 2014
Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for pa
68RIESGO
abrir
Metasploit300
ManageEngine DeviceExpert User Credentials
CVE-2014-537728 ago 2014
ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 build 5981 allows remote attackers to obtain user acc
50RIESGO
abrir
Metasploit600
Wordpress SlideShow Gallery Authenticated File Upload
CVE-2014-546028 ago 2014
Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remot
60RIESGO
abrir
Metasploit600
Railo Remote File Include
CVE-2014-546826 ago 2014
A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cf
50RIESGO
abrir
Metasploit300
NTP Mode 7 PEER_LIST DoS Scanner
CVE-2013-521125 ago 2014
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service
60RIESGO
abrir
Metasploit300
NTP Mode 7 PEER_LIST_SUM DoS Scanner
CVE-2013-521125 ago 2014
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service
60RIESGO
abrir
Metasploit300
NTP Mode 7 GET_RESTRICT DRDoS Scanner
CVE-2013-521125 ago 2014
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service
60RIESGO
abrir
Metasploit300
NTP Mode 6 REQ_NONCE DRDoS Scanner
CVE-2013-521125 ago 2014
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service
60RIESGO
abrir
Metasploit300
NTP Mode 6 UNSETTRAP DRDoS Scanner
CVE-2013-521125 ago 2014
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service
60RIESGO
abrir
Metasploit300
Netcore Router Udp 53413 Backdoor
CVE-2025-34117CRITICAL25 ago 2014
Netcore / Netis Routers RCE via UDP Port 53413 Backdoor
68RIESGO
abrir
Metasploit600
SolarWinds Storage Manager Authentication Bypass
CVE-2015-537119 ago 2014
The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scr
40RIESGO
abrir
Metasploit300
Yokogawa BKBCopyD.exe Client
CVE-2014-520809 ago 2014
BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00
23RIESGO
abrir
Metasploit300
Wordpress XMLRPC DoS
CVE-2014-526606 ago 2014
The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, doe
23RIESGO
abrir
Metasploit0
HybridAuth install.php PHP Code Execution
CVE-2014-125116CRITICAL04 ago 2014
HybridAuth 2.0.9 - 2.2.2 Unauthenticated RCE via install.php Configuration Injection
63RIESGO
abrir
Metasploit600
Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection
CVE-2014-497724 jul 2014
Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute
60RIESGO
abrir
Metasploit300
BulletProof FTP Client BPS Buffer Overflow
CVE-2014-297324 jul 2014
15RIESGO
abrir
Metasploit200
MQAC.sys Arbitrary Write Privilege Escalation
CVE-2014-497122 jul 2014
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write
43RIESGO
abrir
Metasploit200
MS14-062 Microsoft Bluetooth Personal Area Networking (BthPan.sys) Privilege Escalation
CVE-2014-497118 jul 2014
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write
43RIESGO
abrir
Metasploit300
Advantech WebAccess dvs.ocx GetColor Buffer Overflow
CVE-2014-236417 jul 2014
Advantech WebAccess Stack-Based Buffer Overflow
68RIESGO
abrir
Metasploit200
VirtualBox Guest Additions VBoxGuest.sys Privilege Escalation
CVE-2014-247715 jul 2014
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.2
38RIESGO
abrir
Metasploit300
Flash "Rosetta" JSONP GET/POST Response Disclosure
CVE-2014-467108 jul 2014
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Ad
23RIESGO
abrir
Metasploit600
Wordpress MailPoet Newsletters (wysija-newsletters) Unauthenticated File Upload
CVE-2014-472501 jul 2014
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authen
50RIESGO
abrir
Metasploit600
Gitlist Unauthenticated Remote Command Execution
CVE-2014-451130 jun 2014
Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in
60RIESGO
abrir
Metasploit600
VMTurbo Operations Manager vmtadmin.cgi Remote Command Execution
CVE-2014-507325 jun 2014
vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands
60RIESGO
abrir
Metasploit600
Wing FTP Server Authenticated Command Execution
CVE-2025-47812CRITICALbajo ataque19 jun 2014
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RIESGO
abrir
Metasploit600
ManageEngine Desktop Central / Password Manager LinkViewFetchServlet.dat SQL Injection
CVE-2014-399608 jun 2014
SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central
50RIESGO
abrir
Metasploit300
OpenSSL DTLS Fragment Buffer Overflow DoS
CVE-2014-019505 jun 2014
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0
40RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.