Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
22.469 exploits
Exploit-DB
runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout (1)
CVE-2019-573612 feb 2019
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc b
60RIESGO
abrir
Exploit-DB
Skyworth GPON HomeGateways and Optical Network Terminals - Stack Overflow
CVE-2018-1952412 feb 2019
An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTB
35RIESGO
abrir
Exploit-DB
BlogEngine.NET 3.3.6 - Directory Traversal / Remote Code Execution
CVE-2019-671412 feb 2019
An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in Po
35RIESGO
abrir
Exploit-DB
CentOS Web Panel 0.9.8.763 - Persistent Cross-Site Scripting
CVE-2019-764611 feb 2019
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package
23RIESGO
abrir
Exploit-DB
Evince - CBT File Command Injection (Metasploit)
CVE-2017-100008311 feb 2019
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to e
50RIESGO
abrir
Exploit-DB
Adobe Flash Player - DeleteRangeTimelineOperation Type Confusion (Metasploit)
CVE-2016-4117HIGHbajo ataque11 feb 2019
Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as
100RIESGO
abrir
Exploit-DB
Indusoft Web Studio 8.1 SP2 - Remote Code Execution
CVE-2019-654311 feb 2019
AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition)
28RIESGO
abrir
Exploit-DB
NUUO NVRmini - upgrade_handle.php Remote Command Execution (Metasploit)
CVE-2018-14933CRITICALbajo ataque11 feb 2019
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir par
100RIESGO
abrir
Exploit-DB
Indusoft Web Studio 8.1 SP2 - Remote Code Execution
CVE-2019-654511 feb 2019
AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition)
28RIESGO
abrir
Exploit-DB
Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery
CVE-2019-739105 feb 2019
ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF.
28RIESGO
abrir
Exploit-DB
OpenMRS Platform < 2.24.0 - Insecure Object Deserialization
CVE-2018-19276CRITICAL05 feb 2019
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated use
85RIESGO
abrir
Exploit-DB
SureMDM < 2018-11 Patch - Local / Remote File Inclusion
CVE-2018-1565701 feb 2019
An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter.
23RIESGO
abrir
Exploit-DB
macOS < 10.14.3 / iOS < 12.1.3 - Sandbox Escapes due to Type Confusions and Memory Safety Issues in iohideventsystem
CVE-2019-621431 ene 2019
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.1
23RIESGO
abrir
Exploit-DB
macOS < 10.14.3 / iOS < 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics
CVE-2019-621331 ene 2019
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3,
23RIESGO
abrir
Exploit-DB
macOS < 10.14.3 / iOS < 12.1.3 - Arbitrary mach Port Name Deallocation in XPC Services due to Invalid mach Message Parsing in _xpc_serializer_unpack
CVE-2019-621831 ene 2019
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave
23RIESGO
abrir
Exploit-DB
macOS XNU - Copy-on-Write Behaviour Bypass via Partial-Page Truncation of File
CVE-2019-620831 ene 2019
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Moja
23RIESGO
abrir
Exploit-DB
macOS < 10.14.3 / iOS < 12.1.3 XNU - 'vm_map_copy' Optimization which Requires Atomicity isn't Atomic
CVE-2019-620531 ene 2019
A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 12.1.3, macOS Moja
23RIESGO
abrir
Exploit-DB
iOS/macOS 10.13.6 - 'if_ports_used_update_wakeuuid()' 16-byte Uninitialized Kernel Stack Disclosure
CVE-2019-620930 ene 2019
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input
23RIESGO
abrir
Exploit-DB
Cisco Firepower Management Center 6.2.2.2 / 6.2.3 - Cross-Site Scripting
CVE-2019-1642MEDIUM28 ene 2019
Cisco Firepower Management Center Cross-Site Scripting Vulnerability
33RIESGO
abrir
Exploit-DB
CloudMe Sync 1.11.2 Buffer Overflow - WoW64 (DEP Bypass)
CVE-2018-689228 ene 2019
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sy
60RIESGO
abrir
Exploit-DB
Sricam gSOAP 2.8 - Denial of Service
CVE-2019-697328 ene 2019
Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server
28RIESGO
abrir
Exploit-DB
MyBB IP History Logs Plugin 1.0.2 - Cross-Site Scripting
CVE-2019-697928 ene 2019
An issue was discovered in the User IP History Logs (aka IP_History_Logs) plugin 1.0.2 for MyBB. There is XSS via the ad
23RIESGO
abrir
Exploit-DB
AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery
CVE-2019-696728 ene 2019
AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF.
28RIESGO
abrir
Exploit-DB
Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting
CVE-2019-680428 ene 2019
An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascrip
23RIESGO
abrir
Exploit-DB
Cisco RV300 / RV320 - Information Disclosure
CVE-2019-1653HIGHbajo ataque28 ene 2019
Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
100RIESGO
abrir
Exploit-DB
LogonBox Limited / Hypersocket Nervepoint Access Manager - (Unauthenticated) Insecure Direct Object Reference
CVE-2019-671628 ene 2019
An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 thr
23RIESGO
abrir
Exploit-DB
WordPress Plugin Wisechat 2.6.3 - Reverse Tabnabbing
CVE-2019-678025 ene 2019
The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPost
23RIESGO
abrir
Exploit-DB
iOS/macOS - 'task_swap_mach_voucher()' Use-After-Free
CVE-2019-622525 ene 2019
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.
28RIESGO
abrir
Exploit-DB
Lua 5.3.5 - 'debug.upvaluejoin' Use After Free
CVE-2019-670625 ene 2019
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attack
28RIESGO
abrir
Exploit-DB
Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection
CVE-2019-1652HIGHbajo ataque25 ene 2019
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.