Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
22.469 exploits
Exploit-DB
Apple iMessage - DigitalTouch tap Message Processing Out-of-Bounds Read
CVE-2019-862424 jul 2019
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 5.3. A remote attacke
23RIESGO
abrir
Exploit-DB
Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery
CVE-2019-12624HIGH24 jul 2019
Cisco IOS XE NGWC Legacy Wireless Device Manager GUI Cross-Site Request Forgery Vulnerability
46RIESGO
abrir
Exploit-DB
Linux Kernel 4.10 < 5.1.17 - 'PTRACE_TRACEME' pkexec Local Privilege Escalation
CVE-2019-13272HIGHbajo ataque24 jul 2019
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a proce
98RIESGO
abrir
Exploit-DB
Android 7 < 9 - Remote Code Execution
CVE-2019-210724 jul 2019
In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out of bounds write due to a missing bounds check. Th
23RIESGO
abrir
Exploit-DB
BACnet Stack 0.8.6 - Denial of Service
CVE-2019-1248022 jul 2019
BACnet Protocol Stack through 0.8.6 has a segmentation fault leading to denial of service in BACnet APDU Layer because a
35RIESGO
abrir
Exploit-DB
REDCap < 9.1.2 - Cross-Site Scripting
CVE-2019-1302919 jul 2019
Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9
23RIESGO
abrir
Exploit-DB
MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow (EggHunter)
CVE-2019-1357719 jul 2019
SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthenticated Remote Buffer Overflow via a long string
28RIESGO
abrir
Exploit-DB
Microsoft Windows 10 1903/1809 - RPCSS Activation Kernel Security Callback Privilege Escalation
CVE-2019-108918 jul 2019
An elevation of privilege vulnerability exists in rpcss.dll when the RPC service Activation Kernel improperly handles an
23RIESGO
abrir
Exploit-DB
MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow
CVE-2019-1357717 jul 2019
SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthenticated Remote Buffer Overflow via a long string
28RIESGO
abrir
Exploit-DB
Microsoft Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)
CVE-2018-8453HIGHbajo ataqueransomware17 jul 2019
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
98RIESGO
abrir
Exploit-DB
Linux - Broken Permission and Object Lifetime Handling for PTRACE_TRACEME
CVE-2019-13272HIGHbajo ataque17 jul 2019
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a proce
98RIESGO
abrir
Exploit-DB
CentOS Control Web Panel 0.9.8.838 - User Enumeration
CVE-2019-1338316 jul 2019
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a usern
28RIESGO
abrir
Exploit-DB
CentOS Control Web Panel 0.9.8.836 - Authentication Bypass
CVE-2019-1336016 jul 2019
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login pro
28RIESGO
abrir
Exploit-DB
Microsoft Windows 10 < build 17763 - AppXSvc Hard Link Privilege Escalation (Metasploit)
CVE-2019-0841HIGHbajo ataqueransomware16 jul 2019
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard li
98RIESGO
abrir
Exploit-DB
PHP Laravel Framework 5.5.40 / 5.6.x < 5.6.30 - token Unserialize Remote Command Execution (Metasploit)
CVE-2018-15133HIGHbajo ataque16 jul 2019
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unseri
100RIESGO
abrir
Exploit-DB
CentOS Control Web Panel 0.9.8.836 - Privilege Escalation
CVE-2019-1335916 jul 2019
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and uploa
28RIESGO
abrir
Exploit-DB
PHP Laravel Framework 5.5.40 / 5.6.x < 5.6.30 - token Unserialize Remote Command Execution (Metasploit)
CVE-2017-1689416 jul 2019
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwo
60RIESGO
abrir
Exploit-DB
DameWare Remote Support 12.0.0.509 - 'Host' Buffer Overflow (SEH)
CVE-2018-1289716 jul 2019
SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overflow.
23RIESGO
abrir
Exploit-DB
Android 7 - 9 VideoPlayer - 'ihevcd_parse_pps' Out-of-Bounds Write
CVE-2019-210715 jul 2019
In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out of bounds write due to a missing bounds check. Th
23RIESGO
abrir
Exploit-DB
CISCO Small Business 200 / 300 / 500 Switches - Multiple Vulnerabilities
CVE-2019-1943MEDIUM15 jul 2019
Cisco Small Business Series Switches Open Redirect Vulnerability
53RIESGO
abrir
Exploit-DB
Microsoft Windows Remote Desktop - 'BlueKeep' Denial of Service (Metasploit)
CVE-2019-0708CRITICALbajo ataqueransomware15 jul 2019
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unau
100RIESGO
abrir
Exploit-DB
FlightPath < 4.8.2 / < 5.0-rc2 - Local File Inclusion
CVE-2019-1339615 jul 2019
FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an in
50RIESGO
abrir
Exploit-DB
Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution
CVE-2019-12991HIGHbajo ataque12 jul 2019
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of
93RIESGO
abrir
Exploit-DB
Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution
CVE-2019-12989CRITICALbajo ataque12 jul 2019
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.
100RIESGO
abrir
Exploit-DB
Microsoft Windows 10.0.17134.648 - HTTP -> SMB NTLM Reflection Leads to Privilege Elevation
CVE-2019-1019HIGH12 jul 2019
Microsoft Windows Security Feature Bypass Vulnerability
46RIESGO
abrir
Exploit-DB
Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting
CVE-2019-1034912 jul 2019
A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers
23RIESGO
abrir
Exploit-DB
Xymon 4.3.25 - useradm Command Execution (Metasploit)
CVE-2016-205612 jul 2019
xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via
50RIESGO
abrir
Exploit-DB
SNMPc Enterprise Edition 9/10 - Mapping Filename Buffer Overflow
CVE-2019-1349411 jul 2019
nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x before 10.0.9 has a stack-based buffer overflow via a long var
23RIESGO
abrir
Exploit-DB
Sitecore 9.0 rev 171002 - Persistent Cross-Site Scripting
CVE-2019-1349311 jul 2019
In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged u
23RIESGO
abrir
Exploit-DB
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readCharset
CVE-2019-112810 jul 2019
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Rem
28RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.