Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
22.469 exploits
Exploit-DB
Evernote 7.9 - Code Execution via Path Traversal
CVE-2019-1003818 abr 2019
Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file
23RIESGO
abrir
Exploit-DB
ASUS HG100 - Denial of Service
CVE-2018-1149217 abr 2019
ASUS HG100 devices allow denial of service via an IPv4 packet flood.
28RIESGO
abrir
Exploit-DB
Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in GlyphIterator::setCurrGlyphID
CVE-2019-269817 abr 2019
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Ja
28RIESGO
abrir
Exploit-DB
Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in sc_FindExtrema4
CVE-2019-269717 abr 2019
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Ja
28RIESGO
abrir
Exploit-DB
Microsoft Windows 10 1809 - LUAFV NtSetCachedSigningLevel Device Guard Bypass
CVE-2019-073216 abr 2019
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Wind
23RIESGO
abrir
Exploit-DB
Microsoft Windows 10 1809 - LUAFV LuafvCopyShortName Arbitrary Short Name Privilege Escalation
CVE-2019-079616 abr 2019
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), ak
23RIESGO
abrir
Exploit-DB
Joomla! Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion
CVE-2019-1094516 abr 2019
An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder param
35RIESGO
abrir
Exploit-DB
Microsoft Windows 10 1809 - LUAFV PostLuafvPostReadWrite SECTION_OBJECT_POINTERS Race Condition Privilege Escalation
CVE-2019-083616 abr 2019
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), ak
23RIESGO
abrir
Exploit-DB
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization MAXIMUM_ACCESS DesiredAccess Privilege Escalation
CVE-2019-073016 abr 2019
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), ak
23RIESGO
abrir
Exploit-DB
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cross Process Handle Duplication Privilege Escalation
CVE-2019-073116 abr 2019
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), ak
23RIESGO
abrir
Exploit-DB
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cache Manager Poisoning Privilege Escalation
CVE-2019-080516 abr 2019
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), ak
23RIESGO
abrir
Exploit-DB
Microsoft Windows 10 1809 / 1709 - CSRSS SxSSrv Cached Manifest Privilege Escalation
CVE-2019-073516 abr 2019
An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to proper
23RIESGO
abrir
Exploit-DB
Zoho ManageEngine ADManager Plus 6.6 (Build < 6659) - Privilege Escalation
CVE-2018-1937416 abr 2019
Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Troj
23RIESGO
abrir
Exploit-DB
Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 - Login Page Cross-Site Scripting
CVE-2019-995516 abr 2019
On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, U
43RIESGO
abrir
Exploit-DB
CuteNews 2.1.2 - 'avatar' Remote Code Execution (Metasploit)
CVE-2019-1144715 abr 2019
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload proce
35RIESGO
abrir
Exploit-DB
Cisco RV130W Routers - Management Interface Remote Command Execution (Metasploit)
CVE-2019-1663CRITICAL15 abr 2019
Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability
85RIESGO
abrir
Exploit-DB
Zimbra Collaboration - Autodiscover Servlet XXE and ProxyServlet SSRF (Metasploit)
CVE-2019-9621HIGHbajo ataque12 abr 2019
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x b
100RIESGO
abrir
Exploit-DB
ATutor < 2.2.4 - 'file_manager' Remote Code Execution (Metasploit)
CVE-2019-1144612 abr 2019
An issue was discovered in ATutor through 2.2.4. It allows the user to run commands on the server with the teacher user
23RIESGO
abrir
Exploit-DB
CyberArk EPM 10.2.1.603 - Security Restrictions Bypass
CVE-2018-1489412 abr 2019
CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit permissions of a file
23RIESGO
abrir
Exploit-DB
Zimbra Collaboration - Autodiscover Servlet XXE and ProxyServlet SSRF (Metasploit)
CVE-2019-9670CRITICALbajo ataque12 abr 2019
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XX
100RIESGO
abrir
Exploit-DB
Apache Axis 1.4 - Remote Code Execution
CVE-2019-022709 abr 2019
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2
45RIESGO
abrir
Exploit-DB
Microsoft Windows - AppX Deployment Service Privilege Escalation
CVE-2019-0841HIGHbajo ataqueransomware09 abr 2019
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard li
98RIESGO
abrir
Exploit-DB
TP-LINK TL-WR940N / TL-WR941ND - Buffer Overflow
CVE-2019-698909 abr 2019
TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ipAddrDispos
28RIESGO
abrir
Exploit-DB
ShoreTel Connect ONSITE < 19.49.1500.0 - Multiple Vulnerabilities
CVE-2019-959308 abr 2019
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 18.82.2000.0 allows remote attackers to
23RIESGO
abrir
Exploit-DB
QNAP Netatalk < 3.1.12 - Authentication Bypass
CVE-2018-1160CRITICAL08 abr 2019
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking
70RIESGO
abrir
Exploit-DB
ManageEngine ServiceDesk Plus 9.3 - User Enumeration
CVE-2019-1027308 abr 2019
Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticat
23RIESGO
abrir
Exploit-DB
ShoreTel Connect ONSITE < 19.49.1500.0 - Multiple Vulnerabilities
CVE-2019-959108 abr 2019
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE before 19.49.1500.0 allows remote attack
23RIESGO
abrir
Exploit-DB
SaLICru -SLC-20-cube3(5) - HTML Injection
CVE-2019-1088708 abr 2019
A reflected HTML injection vulnerability on Salicru SLC-20-cube3(5) devices running firmware version cs121-SNMP v4.54.82
23RIESGO
abrir
Exploit-DB
Apache 2.4.17 < 2.4.38 - 'apache2ctl graceful' 'logrotate' Local Privilege Escalation
CVE-2019-0211HIGHbajo ataque08 abr 2019
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privilege
83RIESGO
abrir
Exploit-DB
Bolt CMS 3.6.6 - Cross-Site Request Forgery / Remote Code Execution
CVE-2019-1087408 abr 2019
Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to ex
23RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.