Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
22.469 exploits
Exploit-DB
EA Origin < 10.5.38 - Remote Code Execution
CVE-2019-1282821 jun 2019
An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and orig
28RIESGO
abrir
Exploit-DB
Cisco Prime Infrastructure Health Monitor - TarArchive Directory Traversal (Metasploit)
CVE-2019-1821HIGH20 jun 2019
Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities
78RIESGO
abrir
Exploit-DB
Serv-U FTP Server < 15.1.7 - Local Privilege Escalation (1)
CVE-2019-1218118 jun 2019
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.
50RIESGO
abrir
Exploit-DB
Sahi pro 8.x - Cross-Site Scripting
CVE-2018-2047218 jun 2019
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. The logs web interface is vulnerable to stored XSS.
23RIESGO
abrir
Exploit-DB
Sahi pro 7.x/8.x - Directory Traversal
CVE-2018-2047018 jun 2019
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerab
50RIESGO
abrir
Exploit-DB
Sahi pro 8.x - SQL Injection
CVE-2018-2046918 jun 2019
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to
28RIESGO
abrir
Exploit-DB
Thunderbird ESR < 60.7.XXX - Type Confusion
CVE-2019-1170617 jun 2019
A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when pro
23RIESGO
abrir
Exploit-DB
Exim 4.87 - 4.91 - Local Privilege Escalation
CVE-2019-10149CRITICALbajo ataque17 jun 2019
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message(
100RIESGO
abrir
Exploit-DB
Thunderbird ESR < 60.7.XXX - 'parser_get_next_char' Heap-Based Buffer Overflow
CVE-2019-1170317 jun 2019
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing cer
28RIESGO
abrir
Exploit-DB
Spring Security OAuth - Open Redirector
CVE-2019-11269MEDIUM17 jun 2019
Open Redirector in spring-security-oauth2
33RIESGO
abrir
Exploit-DB
HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write
CVE-2019-1232317 jun 2019
The HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS.
23RIESGO
abrir
Exploit-DB
Spring Security OAuth - Open Redirector
CVE-2019-377817 jun 2019
Open Redirect in spring-security-oauth2
28RIESGO
abrir
Exploit-DB
Thunderbird ESR < 60.7.XXX - 'icalmemorystrdupanddequote' Heap-Based Buffer Overflow
CVE-2019-1170417 jun 2019
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when proce
28RIESGO
abrir
Exploit-DB
Thunderbird ESR < 60.7.XXX - 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow
CVE-2019-1170517 jun 2019
A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processin
23RIESGO
abrir
Exploit-DB
Sitecore 8.x - Deserialization Remote Code Execution
CVE-2019-1108013 jun 2019
Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS # 2
28RIESGO
abrir
Exploit-DB
Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API - Cross-Site Scripting
CVE-2019-658811 jun 2019
In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsani
23RIESGO
abrir
Exploit-DB
phpMyAdmin 4.8 - Cross-Site Request Forgery
CVE-2019-1261611 jun 2019
An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF
28RIESGO
abrir
Exploit-DB
ProShow 9.0.3797 - Local Privilege Escalation
CVE-2019-1278811 jun 2019
An issue was discovered in Photodex ProShow Producer v9.0.3797 (an application that runs with Administrator privileges).
23RIESGO
abrir
Exploit-DB
UliCMS 2019.1 'Spitting Lama' - Persistent Cross-Site Scripting
CVE-2019-1139810 jun 2019
Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitra
23RIESGO
abrir
Exploit-DB
Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3)
CVE-2019-0841HIGHbajo ataqueransomware07 jun 2019
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard li
98RIESGO
abrir
Exploit-DB
Supra Smart Cloud TV - 'openLiveURL()' Remote File Inclusion
CVE-2019-1247706 jun 2019
Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcas
43RIESGO
abrir
Exploit-DB
VMware WorkStation 12.5.3 - Virtual Machine Escape
CVE-2017-490506 jun 2019
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi
23RIESGO
abrir
Exploit-DB
IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit)
CVE-2019-835205 jun 2019
By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sen
23RIESGO
abrir
Exploit-DB
Exim 4.87 < 4.91 - (Local / Remote) Command Execution
CVE-2019-10149CRITICALbajo ataque05 jun 2019
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message(
100RIESGO
abrir
Exploit-DB
IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit)
CVE-2019-4279CRITICAL05 jun 2019
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with
85RIESGO
abrir
Exploit-DB
LibreNMS - addhost Command Injection (Metasploit)
CVE-2018-2043405 jun 2019
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to htm
60RIESGO
abrir
Exploit-DB
Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery
CVE-2019-9621HIGHbajo ataque05 jun 2019
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x b
100RIESGO
abrir
Exploit-DB
Zoho ManageEngine ServiceDesk Plus 9.3 - 'SearchN.do' Cross-Site Scripting
CVE-2019-1254204 jun 2019
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID paramete
23RIESGO
abrir
Exploit-DB
Zoho ManageEngine ServiceDesk Plus 9.3 - 'PurchaseRequest.do' Cross-Site Scripting
CVE-2019-1254304 jun 2019
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceReques
23RIESGO
abrir
Exploit-DB
Zoho ManageEngine ServiceDesk Plus 9.3 - 'SiteLookup.do' Cross-Site Scripting
CVE-2019-1253804 jun 2019
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field.
23RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.