Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.284exploits catalogados
31.741CVEs con explotación pública
0probados en laboratorio
22.469 exploits
Exploit-DB
NTPsec 1.1.2 - 'config' (Authenticated) Out-of-Bounds Write Denial of Service (PoC)
CVE-2019-644216 ene 2019
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a
28RIESGO
abrir
Exploit-DB
WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free
CVE-2018-444216 ene 2019
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1,
23RIESGO
abrir
Exploit-DB
1Password < 7.0 - Denial of Service
CVE-2018-1304215 ene 2019
The 1Password application 6.8 for Android is affected by a Denial Of Service vulnerability. By starting the activity com
23RIESGO
abrir
Exploit-DB
xorg-x11-server < 1.20.3 (Solaris 11) - 'inittab Local Privilege Escalation
CVE-2018-1466514 ene 2019
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options wh
43RIESGO
abrir
Exploit-DB
Microsoft Windows 10 - SSPI Network Authentication Session 0 Privilege Escalation
CVE-2019-0543HIGHbajo ataqueransomware14 ene 2019
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft W
71RIESGO
abrir
Exploit-DB
Hucart CMS 5.7.4 - Cross-Site Request Forgery (Add Administrator Account)
CVE-2019-624914 ene 2019
An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/inde
23RIESGO
abrir
Exploit-DB
Microsoft Windows 10 - COM Desktop Broker Privilege Escalation
CVE-2019-055214 ene 2019
An elevation of privilege exists in Windows COM Desktop Broker, aka "Windows COM Elevation of Privilege Vulnerability."
23RIESGO
abrir
Exploit-DB
Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation
CVE-2019-056614 ene 2019
An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object, aka "Microsoft Edge Elevatio
28RIESGO
abrir
Exploit-DB
AudioCode 400HD - Command Injection
CVE-2018-1009314 ene 2019
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.
50RIESGO
abrir
Exploit-DB
Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation
CVE-2018-541014 ene 2019
Dokan file system driver contains a stack-based buffer overflow
23RIESGO
abrir
Exploit-DB
Portier Vision 4.4.4.2 / 4.4.4.6 - SQL Injection
CVE-2019-572214 ene 2019
An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to a lack of user input validation in parameter handl
23RIESGO
abrir
Exploit-DB
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Open Privilege Escalation
CVE-2019-057214 ene 2019
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations,
28RIESGO
abrir
Exploit-DB
Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass
CVE-2019-057114 ene 2019
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations,
28RIESGO
abrir
Exploit-DB
Microsoft Windows 10 - DSSVC MoveFileInheritSecurity Privilege Escalation
CVE-2019-057414 ene 2019
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations,
28RIESGO
abrir
Exploit-DB
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation
CVE-2019-057314 ene 2019
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations,
28RIESGO
abrir
Exploit-DB
Serv-U FTP Server < 15.1.7 - Local Privilege Escalation (2)
CVE-2019-1218113 ene 2019
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.
50RIESGO
abrir
Exploit-DB
S-nail < 14.8.16 - Local Privilege Escalation
CVE-2017-589913 ene 2019
Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local
23RIESGO
abrir
Exploit-DB
OpenSSH SCP Client - Write Arbitrary Files
CVE-2019-6110MEDIUM11 ene 2019
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-T
38RIESGO
abrir
Exploit-DB
OpenSSH SCP Client - Write Arbitrary Files
CVE-2019-6111MEDIUM11 ene 2019
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses wh
45RIESGO
abrir
Exploit-DB
PEAR Archive_Tar < 1.4.4 - PHP Object Injection
CVE-2018-100088810 ene 2019
PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are
28RIESGO
abrir
Exploit-DB
OpenSource ERP 6.3.1. - SQL Injection
CVE-2019-589310 ene 2019
Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter.
28RIESGO
abrir
Exploit-DB
Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit)
CVE-2018-826909 ene 2019
A denial of service vulnerability exists when OData Library improperly handles web requests, aka "OData Denial of Servic
28RIESGO
abrir
Exploit-DB
ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting
CVE-2018-735509 ene 2019
All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scrip
23RIESGO
abrir
Exploit-DB
BlogEngine 3.3 - XML External Entity Injection
CVE-2018-1448509 ene 2019
BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd.
28RIESGO
abrir
Exploit-DB
Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion
CVE-2018-858409 ene 2019
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (A
23RIESGO
abrir
Exploit-DB
Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal
CVE-2018-2052607 ene 2019
Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php.
60RIESGO
abrir
Exploit-DB
Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal
CVE-2018-2052507 ene 2019
Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php.
28RIESGO
abrir
Exploit-DB
Ajera Timesheets 9.10.16 - Deserialization of Untrusted Data
CVE-2018-2022107 ene 2019
Secure/SAService.rem in Deltek Ajera Timesheets 9.10.16 and prior are vulnerable to remote code execution via deserializ
28RIESGO
abrir
Exploit-DB
PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting
CVE-2018-2032607 ene 2019
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have XSS via the cgi-bin/webproc?getpage
23RIESGO
abrir
Exploit-DB
LayerBB 1.1.1 - Persistent Cross-Site Scripting
CVE-2018-1799707 ene 2019
LayerBB 1.1.1 allows XSS via the titles of conversations (PMs).
23RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.