Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit300
OpenSSL Server-Side ChangeCipherSpec Injection Scanner
CVE-2014-022405 jun 2014
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph
60RIESGO
abrir
Metasploit0
Chkrootkit Local Privilege Escalation
CVE-2014-047604 jun 2014
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute a
38RIESGO
abrir
Metasploit300
Ericom AccessNow Server Buffer Overflow
CVE-2014-391302 jun 2014
Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrar
50RIESGO
abrir
Metasploit300
Yokogawa CS3000 BKFSim_vhfd.exe Buffer Overflow
CVE-2014-388823 may 2014
Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM V
50RIESGO
abrir
Metasploit300
D-Link info.cgi POST Request Buffer Overflow
CVE-2014-125117CRITICAL22 may 2014
D-Link info.cgi POST Request Stack-Based Buffer Overflow RCE
63RIESGO
abrir
Metasploit300
Easy File Management Web Server Stack Buffer Overflow
CVE-2014-379120 may 2014
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code
60RIESGO
abrir
Metasploit300
D-Link HNAP Request Remote Buffer Overflow
CVE-2014-393615 may 2014
Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06
60RIESGO
abrir
Metasploit600
Symantec Workspace Streaming ManagementAgentServer.putFile XMLRPC Request Arbitrary File Upload
CVE-2014-164912 may 2014
The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functional
50RIESGO
abrir
Metasploit300
AlienVault Authenticated SQL Injection Arbitrary File Read
CVE-2014-538309 may 2014
SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL
43RIESGO
abrir
Metasploit300
Belkin Play N750 login.cgi Buffer Overflow
CVE-2014-163509 may 2014
Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote a
50RIESGO
abrir
Metasploit600
AlienVault OSSIM av-centerd Command Injection
CVE-2014-380405 may 2014
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a
60RIESGO
abrir
Metasploit600
Android 'Towelroot' Futex Requeue Kernel Exploit
CVE-2014-3153HIGHbajo ataque03 may 2014
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two diff
98RIESGO
abrir
Metasploit0
Cogent DataHub Command Injection
CVE-2014-378929 abr 2014
GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary
50RIESGO
abrir
Metasploit500
Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free
CVE-2015-0311HIGHbajo ataque28 abr 2014
Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Window
100RIESGO
abrir
Metasploit500
Adobe Flash Player Shader Buffer Overflow
CVE-2014-051528 abr 2014
Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS
60RIESGO
abrir
Metasploit300
Wireshark CAPWAP Dissector DoS
CVE-2013-407428 abr 2014
The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.
50RIESGO
abrir
Metasploit600
AlienVault OSSIM SQL Injection and Remote Code Execution
CVE-2016-858124 abr 2014
A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5
43RIESGO
abrir
Metasploit600
Oracle Event Processing FileUploadServlet Arbitrary File Upload
CVE-2014-242421 abr 2014
Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7.0 allows remote
50RIESGO
abrir
Metasploit500
Adobe Flash Player domainMemory ByteArray Use After Free
CVE-2015-035914 abr 2014
Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and
60RIESGO
abrir
Metasploit400
Adobe Reader for Android addJavascriptInterface Exploit
CVE-2014-051413 abr 2014
The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows r
60RIESGO
abrir
Metasploit300
Cisco ASA SSL VPN Privilege Escalation Vulnerability
CVE-2014-212709 abr 2014
Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 be
23RIESGO
abrir
Metasploit600
Sophos Web Protection Appliance Interface Authenticated Arbitrary Command Execution
CVE-2014-284908 abr 2014
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users
50RIESGO
abrir
Metasploit300
Advantech WebAccess DBVisitor.dll ChartThemeConfig SQL Injection
CVE-2014-076308 abr 2014
Advantech WebAccess SQL Injection
41RIESGO
abrir
Metasploit600
Sophos Web Protection Appliance Interface Authenticated Arbitrary Command Execution
CVE-2014-285008 abr 2014
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrator
50RIESGO
abrir
Metasploit300
OpenSSL Heartbeat (Heartbleed) Client Memory Exposure
CVE-2014-0160HIGHbajo ataque07 abr 2014
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe
100RIESGO
abrir
Metasploit300
OpenSSL Heartbeat (Heartbleed) Information Leak
CVE-2014-0160HIGHbajo ataque07 abr 2014
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe
100RIESGO
abrir
Metasploit600
eScan Web Management Console Command Injection
CVE-2014-125118CRITICAL04 abr 2014
eScan 5.5-2 Web Management Console Command Injection
63RIESGO
abrir
Metasploit600
Belkin Wemo UPnP Remote Code Execution
CVE-2019-1278004 abr 2014
The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetS
40RIESGO
abrir
Metasploit300
MS14-017 Microsoft Word RTF Object Confusion
CVE-2014-1761HIGHbajo ataque01 abr 2014
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Offi
100RIESGO
abrir
Metasploit300
EMC CTA v10.0 Unauthenticated XXE Arbitrary File Read
CVE-2014-064431 mar 2014
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login reques
50RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.