Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
3462 exploits
Metasploit300
AlienVault Authenticated SQL Injection Arbitrary File Read
CVE-2013-596730 mar 2014
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier
43RIESGO
abrir
Metasploit300
Katello (Red Hat Satellite) users/update_roles Missing Authorization
CVE-2013-214324 mar 2014
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update
50RIESGO
abrir
Metasploit600
FreePBX config.php Remote Code Execution
CVE-2014-190321 mar 2014
admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12
50RIESGO
abrir
Metasploit400
Wireshark wiretap/mpeg.c Stack Buffer Overflow
CVE-2014-229920 mar 2014
Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10
50RIESGO
abrir
Metasploit600
SePortal SQLi Remote Code Execution
CVE-2008-519120 mar 2014
Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the
43RIESGO
abrir
Metasploit600
Firefox WebIDL Privileged Javascript Injection
CVE-2014-151117 mar 2014
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remo
60RIESGO
abrir
Metasploit600
Firefox WebIDL Privileged Javascript Injection
CVE-2014-151017 mar 2014
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and Se
60RIESGO
abrir
Metasploit200
VirtualBox 3D Acceleration Virtual Machine Escape
CVE-2014-098311 mar 2014
Multiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/s
38RIESGO
abrir
Metasploit300
MS14-012 Microsoft Internet Explorer TextRange Use-After-Free
CVE-2014-030711 mar 2014
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause
60RIESGO
abrir
Metasploit300
Yokogawa CENTUM CS 3000 BKCLogSvr.exe Heap Buffer Overflow
CVE-2014-078110 mar 2014
Yokogawa CENTUM CS 3000 Heap-based Buffer Overflow
48RIESGO
abrir
Metasploit200
Yokogawa CENTUM CS 3000 BKHOdeq.exe Buffer Overflow
CVE-2014-078310 mar 2014
Yokogawa CENTUM CS 3000 Stack-based Buffer Overflow
75RIESGO
abrir
Metasploit600
ifwatchd Privilege Escalation
CVE-2014-253310 mar 2014
/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arb
38RIESGO
abrir
Metasploit300
Yokogawa CENTUM CS 3000 BKBCopyD.exe Buffer Overflow
CVE-2014-078410 mar 2014
Yokogawa CENTUM CS 3000 Stack-based Buffer Overflow
68RIESGO
abrir
Metasploit300
Yokogawa CS3000 BKESimmgr.exe Buffer Overflow
CVE-2014-078210 mar 2014
Yokogawa CENTUM CS 3000 Stack-based Buffer Overflow
68RIESGO
abrir
Metasploit300
GetGo Download Manager HTTP Response Buffer Overflow
CVE-2014-220609 mar 2014
Stack-based buffer overflow in GetGo Download Manager 4.9.0.1982, 4.8.2.1346, 4.4.5.502, and earlier allows remote attac
50RIESGO
abrir
Metasploit600
Dell KACE K1000 File Upload
CVE-2014-125113CRITICAL07 mar 2014
Dell/Quest KACE K1000 Unauthenticated File Upload RCE
43RIESGO
abrir
Metasploit0
Apache Struts ClassLoader Manipulation Remote Code Execution
CVE-2014-011206 mar 2014
ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which all
60RIESGO
abrir
Metasploit0
Apache Struts ClassLoader Manipulation Remote Code Execution
CVE-2014-011406 mar 2014
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in o
60RIESGO
abrir
Metasploit0
Apache Struts ClassLoader Manipulation Remote Code Execution
CVE-2014-009406 mar 2014
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via t
60RIESGO
abrir
Metasploit0
Vtiger Install Unauthenticated Remote Command Execution
CVE-2014-226805 mar 2014
views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which all
50RIESGO
abrir
Metasploit300
Joomla weblinks-categories Unauthenticated SQL Injection Arbitrary File Read
CVE-2014-798102 mar 2014
SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL
18RIESGO
abrir
Metasploit300
MantisBT Admin SQL Injection Arbitrary File Read
CVE-2014-223828 feb 2014
SQL injection vulnerability in the manage configuration page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.16 a
23RIESGO
abrir
Metasploit300
Oracle Demantra Database Credentials Leak
CVE-2013-588028 feb 2014
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 12.2.
50RIESGO
abrir
Metasploit300
Oracle Demantra Arbitrary File Retrieval with Authentication Bypass
CVE-2013-587728 feb 2014
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0
50RIESGO
abrir
Metasploit300
Oracle Demantra Database Credentials Leak
CVE-2013-579528 feb 2014
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0
50RIESGO
abrir
Metasploit300
Oracle Demantra Arbitrary File Retrieval with Authentication Bypass
CVE-2013-588028 feb 2014
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 12.2.
50RIESGO
abrir
Metasploit300
JIRA Issues Collector Directory Traversal
CVE-2014-231426 feb 2014
Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers t
43RIESGO
abrir
Metasploit600
Symantec Endpoint Protection Manager /servlet/ConsoleServlet Remote Command Execution
CVE-2013-501524 feb 2014
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.74
43RIESGO
abrir
Metasploit600
Symantec Endpoint Protection Manager /servlet/ConsoleServlet Remote Command Execution
CVE-2013-501424 feb 2014
The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.40
50RIESGO
abrir
Metasploit400
SolidWorks Workgroup PDM 2014 pdmwService.exe Arbitrary File Write
CVE-2014-10001522 feb 2014
Directory traversal vulnerability in pdmwService.exe in SolidWorks Workgroup PDM 2014 allows remote attackers to write t
50RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.