Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
22.469 exploits
Exploit-DB
ManageEngine ServiceDesk Plus 9.3 - User Enumeration
CVE-2019-1027308 abr 2019
Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticat
23RIESGO
abrir
Exploit-DB
WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit)
CVE-2019-894205 abr 2019
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry ca
60RIESGO
abrir
Exploit-DB
WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit)
CVE-2019-894305 abr 2019
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can
60RIESGO
abrir
Exploit-DB
WebKit JavaScriptCore - CodeBlock Dangling Watchpoints Use-After-Free
CVE-2019-855803 abr 2019
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12
23RIESGO
abrir
Exploit-DB
iOS < 12.2 / macOS < 10.14.4 XNU - pidversion Increment During execve is Unsafe
CVE-2019-851403 abr 2019
A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS
23RIESGO
abrir
Exploit-DB
Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit)
CVE-2019-1652HIGHbajo ataque03 abr 2019
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
100RIESGO
abrir
Exploit-DB
WebKit JavaScriptCore - Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Before the Bounds Check
CVE-2019-851803 abr 2019
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12
28RIESGO
abrir
Exploit-DB
Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit)
CVE-2019-1653HIGHbajo ataque03 abr 2019
Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
100RIESGO
abrir
Exploit-DB
SpiderMonkey - IonMonkey Compiled Code Fails to Update Inferred Property Types (Type Confusion)
CVE-2019-981303 abr 2019
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbi
23RIESGO
abrir
Exploit-DB
WebKit JavaScriptCore - 'createRegExpMatchesArray' Type Confusion
CVE-2019-8506HIGHbajo ataque03 abr 2019
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS
76RIESGO
abrir
Exploit-DB
WordPress Plugin PayPal Checkout Payment Gateway 1.6.8 - Parameter Tampering
CVE-2019-744102 abr 2019
cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter
23RIESGO
abrir
Exploit-DB
CMS Made Simple < 2.2.10 - SQL Injection
CVE-2019-905302 abr 2019
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RIESGO
abrir
Exploit-DB
LimeSurvey < 3.16 - Remote Code Execution
CVE-2018-1705702 abr 2019
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar://
28RIESGO
abrir
Exploit-DB
CMS Made Simple (CMSMS) Showtime2 - File Upload Remote Code Execution (Metasploit)
CVE-2019-969228 mar 2019
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard
50RIESGO
abrir
Exploit-DB
Thomson Reuters Concourse & Firm Central < 2.13.0097 - Directory Traversal / Local File Inclusion
CVE-2019-838528 mar 2019
An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated directory traversal and loca
28RIESGO
abrir
Exploit-DB
Oracle Weblogic Server Deserialization RCE - Raw Object (Metasploit)
CVE-2015-4852CRITICALbajo ataque28 mar 2019
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers
100RIESGO
abrir
Exploit-DB
i-doit 1.12 - 'qr.php' Cross-Site Scripting
CVE-2019-696528 mar 2019
An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/qr/qr.php url parameter.
23RIESGO
abrir
Exploit-DB
Fat Free CRM 0.19.0 - HTML Injection
CVE-2019-1022628 mar 2019
HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to th
23RIESGO
abrir
Exploit-DB
Firefox < 66.0.1 - 'Array.prototype.slice' Buffer Overflow
CVE-2019-981026 mar 2019
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check
28RIESGO
abrir
Exploit-DB
Microsoft Windows 7/2008 - 'Win32k' Denial of Service (PoC)
CVE-2019-0808HIGHbajo ataque26 mar 2019
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
98RIESGO
abrir
Exploit-DB
Spidermonkey - IonMonkey Type Inference is Incorrect for Constructors Entered via OSR
CVE-2019-979126 mar 2019
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects w
28RIESGO
abrir
Exploit-DB
Rukovoditel ERP & CRM 2.4.1 - 'path' Cross-Site Scripting
CVE-2019-740026 mar 2019
Rukovoditel before 2.4.1 allows XSS.
23RIESGO
abrir
Exploit-DB
VMware Workstation 14.1.5 / VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation
CVE-2019-551225 mar 2019
VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle COM classes appropriately
23RIESGO
abrir
Exploit-DB
VMware Workstation 14.1.5 / VMware Player 15.0.2 - Host VMX Process Impersonation Hijack Privilege Escalation
CVE-2018-551125 mar 2019
On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Manageme
28RIESGO
abrir
Exploit-DB
Canarytokens 2019-03-01 - Detection Bypass
CVE-2019-976821 mar 2019
Thinkst Canarytokens through commit hash 4e89ee0 (2019-03-01) relies on limited variation in size, metadata, and timesta
28RIESGO
abrir
Exploit-DB
Rails 5.2.1 - Arbitrary File Content Disclosure
CVE-2019-5418HIGHbajo ataque21 mar 2019
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where spe
100RIESGO
abrir
Exploit-DB
DVD X Player 5.5.3 - '.plf' Buffer Overflow
CVE-2018-912821 mar 2019
DVD X Player Standard 5.5.3.9 has a Buffer Overflow via a crafted .plf file, a related issue to CVE-2007-3068.
23RIESGO
abrir
Exploit-DB
PLC Wireless Router GPN2.4P21-C-CN - Incorrect Access Control
CVE-2019-627920 mar 2019
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have an Incorrect Access Control vulnera
23RIESGO
abrir
Exploit-DB
PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Request Forgery
CVE-2019-628220 mar 2019
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the cgi-bin/webproc?getpag
23RIESGO
abrir
Exploit-DB
Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming Remote Code Execution (Metasploit)
CVE-2019-100300119 mar 2019
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins
60RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.