Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
4187 exploits
Nucleimedium
Skysa App Bar 1.04 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly befor
38RIESGO
abrir
Nucleimedium
ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress
43RIESGO
abrir
Nucleimedium
Orchard 'ReturnUrl' Parameter URI - Open Redirect
Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.
43RIESGO
abrir
Nucleimedium
Featurific For WordPress 1.6.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress
38RIESGO
abrir
Nucleimedium
Apache Struts2 S2-008 RCE
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows
60RIESGO
abrir
Nucleimedium
Apache Struts <2.3.1.1 - Remote Code Execution
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers
60RIESGO
abrir
Nucleimedium
Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access
Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remo
43RIESGO
abrir
Nucleimedium
YouSayToo auto-publishing 1.0 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows r
38RIESGO
abrir
Nucleimedium
phpShowtime 2.0 - Directory Traversal
Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image fil
43RIESGO
abrir
Nucleilow
OpenEMR 4.1 - Local File Inclusion
Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files v
43RIESGO
abrir
Nucleimedium
11in1 CMS 1.2.1 - Local File Inclusion (LFI)
Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary f
38RIESGO
abrir
Nucleihigh
WordPress Mapplic <= 6.1 / Mapplic Lite <= 1.0 - Authenticated Stored XSS via SVG File Upload
Mapplic Lite and Mapplic <= (Various Versions) - Server Side Request Forgery to Cross-Site Scirpting
36RIESGO
abrir
Nucleihigh
Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities
Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files
43RIESGO
abrir
Nucleihigh
PHP CGI v5.3.12/5.4.2 Remote Code Execution
CVE-2012-1823CRITICALbajo ataque
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not
100RIESGO
abrir
Nucleimedium
WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress al
38RIESGO
abrir
Nucleimedium
WP-FaceThumb 0.1 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attacke
43RIESGO
abrir
Nucleimedium
Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153)
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and
60RIESGO
abrir
Nucleimedium
WebsitePanel before v1.2.2.1 - Open Redirect
Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users t
38RIESGO
abrir
Nucleimedium
WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to in
38RIESGO
abrir
Nucleimedium
MySQLDumper 1.24.4 - Directory Traversal
Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a
38RIESGO
abrir
Nucleimedium
2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for Wor
18RIESGO
abrir
Nucleimedium
AWStats 6.95/7.0 - 'awredir.pl' Cross-Site Scripting
Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors.
18RIESGO
abrir
Nucleimedium
WordPress Plugin Download Monitor < 3.3.5.9 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attac
43RIESGO
abrir
Nucleimedium
FlatnuX CMS - Directory Traversal
Absolute path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to r
38RIESGO
abrir
Nucleimedium
ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inje
38RIESGO
abrir
Nucleimedium
Axigen Mail Server Filename Directory Traversal
Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote att
60RIESGO
abrir
Nucleimedium
Forescout CounterACT 6.3.4.1 - Open Redirect
Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to
38RIESGO
abrir
Nucleimedium
TikiWiki CMS Groupware v8.3 - Open Redirect
tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frame
43RIESGO
abrir
Nucleimedium
WordPress Integrator 1.32 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allo
38RIESGO
abrir
Nucleimedium
WordPress Plugin Age Verification v0.4 - Open Redirect
Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows
43RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.