Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
22.469 exploits
Exploit-DB
Microsoft VBScript - VbsErase Memory Corruption
CVE-2019-066719 mar 2019
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows
35RIESGO
abrir
Exploit-DB
Gila CMS 1.9.1 - Cross-Site Scripting
CVE-2019-964719 mar 2019
Gila CMS 1.9.1 has XSS.
23RIESGO
abrir
Exploit-DB
Microsoft Internet Explorer 11 - VBScript Execution Policy Bypass in MSHTML
CVE-2019-076819 mar 2019
A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restri
35RIESGO
abrir
Exploit-DB
MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting
CVE-2019-965019 mar 2019
An XSS issue was discovered in upcoming_events.php in the Upcoming Events plugin before 1.33 for MyBB via a crafted name
23RIESGO
abrir
Exploit-DB
Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming Remote Code Execution (Metasploit)
CVE-2019-100300219 mar 2019
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src
60RIESGO
abrir
Exploit-DB
Google Chrome < M73 - Data Race in ExtensionsGuestViewMessageFilter
CVE-2019-579619 mar 2019
Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially explo
23RIESGO
abrir
Exploit-DB
Google Chrome < M73 - Double-Destruction Race in StoragePartitionService
CVE-2019-5797HIGH19 mar 2019
Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap c
41RIESGO
abrir
Exploit-DB
Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming Remote Code Execution (Metasploit)
CVE-2019-100300119 mar 2019
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins
60RIESGO
abrir
Exploit-DB
Google Chrome < M73 - MidiManagerWin Use-After-Free
CVE-2019-578919 mar 2019
An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed
23RIESGO
abrir
Exploit-DB
Google Chrome < M73 - FileSystemOperationRunner Use-After-Free
CVE-2019-578819 mar 2019
An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allo
23RIESGO
abrir
Exploit-DB
Microsoft Edge - Flash click2play Bypass with CObjectElement::FinalCreateObject
CVE-2019-061219 mar 2019
A security feature bypass vulnerability exists when Click2Play protection in Microsoft Edge improperly handles flash obj
28RIESGO
abrir
Exploit-DB
BMC Patrol Agent - Privilege Escalation Code Execution Execution (Metasploit)
CVE-2018-2073518 mar 2019
An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for l
38RIESGO
abrir
Exploit-DB
Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities
CVE-2014-1007915 mar 2019
In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hid
23RIESGO
abrir
Exploit-DB
Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities
CVE-2014-1007815 mar 2019
Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfa
23RIESGO
abrir
Exploit-DB
Moodle 3.4.1 - Remote Code Execution
CVE-2018-113315 mar 2019
An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code exec
35RIESGO
abrir
Exploit-DB
CMS Made Simple Showtime2 Module 3.6.2 - (Authenticated) Arbitrary File Upload
CVE-2019-969215 mar 2019
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard
50RIESGO
abrir
Exploit-DB
FTPGetter Standard 5.97.0.177 - Remote Code Execution
CVE-2019-976014 mar 2019
FTPGetter Standard v.5.97.0.177 allows remote code execution when a user initiates an FTP connection to an attacker-cont
50RIESGO
abrir
Exploit-DB
elFinder PHP Connector < 2.1.48 - 'exiftran' Command Injection (Metasploit)
CVE-2019-919413 mar 2019
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
60RIESGO
abrir
Exploit-DB
Apache Tika-server < 1.18 - Command Injection
CVE-2018-133513 mar 2019
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to
60RIESGO
abrir
Exploit-DB
WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion
CVE-2019-961813 mar 2019
The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the "cfg" parameter.
50RIESGO
abrir
Exploit-DB
Microsoft Windows MSHTML Engine - 'Edit' Remote Code Execution
CVE-2019-0541HIGHbajo ataque13 mar 2019
A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML E
83RIESGO
abrir
Exploit-DB
pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting
CVE-2019-895313 mar 2019
The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, re
35RIESGO
abrir
Exploit-DB
Linux Kernel 4.4 (Ubuntu 16.04) - 'snd_timer_user_ccallback()' Kernel Pointer Leak
CVE-2016-457811 mar 2019
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local us
23RIESGO
abrir
Exploit-DB
Flexpaper PHP Publish Service 2.3.6 - Remote Code Execution
CVE-2018-1168611 mar 2019
The Publish Service in FlexPaper (later renamed FlowPaper) 2.3.6 allows remote code execution via setup.php and change_c
50RIESGO
abrir
Exploit-DB
PRTG Network Monitor 18.2.38 - (Authenticated) Remote Code Execution
CVE-2018-9276HIGHbajo ataque11 mar 2019
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administra
100RIESGO
abrir
Exploit-DB
DirectAdmin 1.55 - 'CMD_ACCOUNT_ADMIN' Cross-Site Request Forgery
CVE-2019-962508 mar 2019
JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to create a new admin account.
23RIESGO
abrir
Exploit-DB
McAfee ePO 5.9.1 - Registered Executable Local Access Bypass
CVE-2018-6671MEDIUM08 mar 2019
SB10240 - ePolicy Orchestrator (ePO) - Application Protection Bypass vulnerability
33RIESGO
abrir
Exploit-DB
Sony Playstation 4 (PS4) < 6.20 - WebKit Code Execution (PoC)
CVE-2018-444108 mar 2019
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1,
28RIESGO
abrir
Exploit-DB
FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)
CVE-2012-021707 mar 2019
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and
50RIESGO
abrir
Exploit-DB
Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit)
CVE-2019-6340HIGHbajo ataque07 mar 2019
Drupal core - Highly critical - Remote Code Execution
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.