Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
22.469 exploits
Exploit-DB
Linux < 4.20.14 - Virtual Address 0 is Mappable via Privileged write() to /proc/*/mem
CVE-2019-921306 mar 2019
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which make
38RIESGO
abrir
Exploit-DB
Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution
CVE-2019-738504 mar 2019
An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and
28RIESGO
abrir
Exploit-DB
Microsoft Edge Chakra 1.11.4 - Read Permission via Type Confusion
CVE-2019-053904 mar 2019
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Mi
45RIESGO
abrir
Exploit-DB
elFinder 2.1.47 - 'PHP connector' Command Injection
CVE-2019-919404 mar 2019
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
60RIESGO
abrir
Exploit-DB
zzzphp CMS 1.6.1 - Cross-Site Request Forgery
CVE-2019-9082HIGHbajo ataque04 mar 2019
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public/
100RIESGO
abrir
Exploit-DB
WordPress Core 5.0 - Remote Code Execution
CVE-2019-894201 mar 2019
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry ca
60RIESGO
abrir
Exploit-DB
WordPress Core 5.0 - Remote Code Execution
CVE-2019-894301 mar 2019
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can
60RIESGO
abrir
Exploit-DB
Linux < 4.14.103 / < 4.19.25 - Out-of-Bounds Read and Write in SNMP NAT Module
CVE-2019-916201 mar 2019
In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient
23RIESGO
abrir
Exploit-DB
Cisco WebEx Meetings < 33.6.6 / < 33.9.1 - Privilege Escalation
CVE-2019-1674HIGH01 mar 2019
Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools Update Service Command Injection Vulnerability
46RIESGO
abrir
Exploit-DB
Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
CVE-2019-392128 feb 2019
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via
28RIESGO
abrir
Exploit-DB
Joomla! Component J2Store < 3.3.7 - SQL Injection
CVE-2019-918428 feb 2019
SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitr
23RIESGO
abrir
Exploit-DB
WebKitGTK 2.23.90 / WebKitGTK+ 2.22.6 - Denial of Service
CVE-2019-837528 feb 2019
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products
28RIESGO
abrir
Exploit-DB
PHP 7.2 - 'imagecolormatch()' Out of Band Heap Write
CVE-2019-697727 feb 2019
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch funct
35RIESGO
abrir
Exploit-DB
Drupal < 8.6.9 - REST Module Remote Code Execution
CVE-2019-6340HIGHbajo ataque25 feb 2019
Drupal core - Highly critical - Remote Code Execution
100RIESGO
abrir
Exploit-DB
Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 - Remote Code Execution
CVE-2019-100300025 feb 2019
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/
60RIESGO
abrir
Exploit-DB
Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 - Remote Code Execution
CVE-2018-199900225 feb 2019
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framewor
45RIESGO
abrir
Exploit-DB
zzzphp CMS 1.6.1 - Remote Code Execution
CVE-2019-904125 feb 2019
An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filter
50RIESGO
abrir
Exploit-DB
Drupal < 8.6.10 / < 8.5.11 - REST Module Remote Code Execution
CVE-2019-6340HIGHbajo ataque23 feb 2019
Drupal core - Highly critical - Remote Code Execution
100RIESGO
abrir
Exploit-DB
Micro Focus Filr 3.4.0.217 - Path Traversal / Local Privilege Escalation
CVE-2019-3474MEDIUM22 feb 2019
Path traversal vulnerability in Filr web application
33RIESGO
abrir
Exploit-DB
WinRAR 5.61 - Path Traversal
CVE-2018-20250HIGHbajo ataqueransomware22 feb 2019
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field o
100RIESGO
abrir
Exploit-DB
Nuuo Central Management - (Authenticated) SQL Server SQL Injection (Metasploit)
CVE-2018-1898222 feb 2019
NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can b
50RIESGO
abrir
Exploit-DB
Teracue ENC-400 - Command Injection / Missing Authentication
CVE-2018-2022022 feb 2019
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authen
28RIESGO
abrir
Exploit-DB
Teracue ENC-400 - Command Injection / Missing Authentication
CVE-2018-2021822 feb 2019
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input direct
28RIESGO
abrir
Exploit-DB
Quest NetVault Backup Server < 11.4.5 - Process Manager Service SQL Injection / Remote Code Execution
CVE-2017-1741722 feb 2019
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backu
28RIESGO
abrir
Exploit-DB
WebKit JSC - reifyStaticProperty Needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter
CVE-2019-621522 feb 2019
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safa
23RIESGO
abrir
Exploit-DB
Teracue ENC-400 - Command Injection / Missing Authentication
CVE-2018-2021922 feb 2019
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the de
28RIESGO
abrir
Exploit-DB
MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT Bypass
CVE-2019-392421 feb 2019
MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The so
28RIESGO
abrir
Exploit-DB
FaceTime - Texture Processing Memory Corruption
CVE-2019-622420 feb 2019
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.
23RIESGO
abrir
Exploit-DB
HotelDruid 2.3 - Cross-Site Scripting
CVE-2019-893720 feb 2019
HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabel
43RIESGO
abrir
Exploit-DB
Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting
CVE-2019-892619 feb 2019
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zon
23RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.