Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.622exploits catalogados
32.030CVEs con explotación pública
1932probados en laboratorio
22.786 exploits
Exploit-DB
LayerBB 1.1.1 - Persistent Cross-Site Scripting
CVE-2018-1799707 ene 2019
LayerBB 1.1.1 allows XSS via the titles of conversations (PMs).
23RIESGO
abrir
Exploit-DB
PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting
CVE-2018-2032607 ene 2019
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have XSS via the cgi-bin/webproc?getpage
23RIESGO
abrir
Exploit-DB
Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (dbus Method)
CVE-2018-1895504 ene 2019
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalat
38RIESGO
abrir
Exploit-DB
Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (polkit Method)
CVE-2018-1895504 ene 2019
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalat
38RIESGO
abrir
Exploit-DB
WebKit JSC - 'AbstractValue::set' Use-After-Free
CVE-2018-444302 ene 2019
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1,
23RIESGO
abrir
Exploit-DB
Ayukov NFTP FTP Client 2.0 - Buffer Overflow
CVE-2017-1522202 ene 2019
Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code.
50RIESGO
abrir
Exploit-DB
WebKit JSC - 'JSArray::shiftCountWithArrayStorage' Out-of-Bounds Read/Write
CVE-2018-444102 ene 2019
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1,
28RIESGO
abrir
Exploit-DB
Frog CMS 0.9.5 - Cross-Site Scripting
CVE-2018-2044802 ene 2019
Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI.
23RIESGO
abrir
Exploit-DB
VMware Workstation/Player < 12.5.5 - Local Privilege Escalation
CVE-2017-491530 dic 2018
VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration fil
38RIESGO
abrir
Exploit-DB
Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x64) - 'AF_PACKET' Race Condition Privilege Escalation
CVE-2016-865529 dic 2018
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cau
43RIESGO
abrir
Exploit-DB
Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation
CVE-2017-730829 dic 2018
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate cer
43RIESGO
abrir
Exploit-DB
Linux Kernel < 4.4.0/ < 4.8.0 (Ubuntu 14.04/16.04 / Linux Mint 17/18 / Zorin) - Local Privilege Escalation (KASLR / SMEP)
CVE-2017-100011229 dic 2018
Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE
43RIESGO
abrir
Exploit-DB
Craft CMS 3.0.25 - Cross-Site Scripting
CVE-2018-2041827 dic 2018
index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab.
23RIESGO
abrir
Exploit-DB
bludit Pages Editor 3.0.0 - Arbitrary File Upload
CVE-2018-100081127 dic 2018
bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages
35RIESGO
abrir
Exploit-DB
Adobe Flash ActiveX Plugin 28.0.0.137 - Remote Code Execution (PoC)
CVE-2018-15982HIGHbajo ataqueransomware24 dic 2018
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful
93RIESGO
abrir
Exploit-DB
WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin)
CVE-2018-1913824 dic 2018
WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI.
23RIESGO
abrir
Exploit-DB
Netatalk 3.1.12 - Authentication Bypass
CVE-2018-1160CRITICAL21 dic 2018
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking
70RIESGO
abrir
Exploit-DB
Netatalk 3.1.12 - Authentication Bypass (PoC)
CVE-2018-1160CRITICAL21 dic 2018
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking
70RIESGO
abrir
Exploit-DB
VBScript - VbsErase Reference Leak Use-After-Free
CVE-2018-862520 dic 2018
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows
35RIESGO
abrir
Exploit-DB
VBScript - MSXML Execution Policy Bypass
CVE-2018-861920 dic 2018
A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly rest
35RIESGO
abrir
Exploit-DB
Yeswiki Cercopitheque - 'id' SQL Injection
CVE-2018-1304519 dic 2018
SQL injection vulnerability in the "Bazar" page in Yeswiki Cercopitheque 2018-06-19-1 and earlier allows attackers to ex
23RIESGO
abrir
Exploit-DB
Bolt CMS < 3.6.2 - Cross-Site Scripting
CVE-2018-1993319 dic 2018
Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and Ne
23RIESGO
abrir
Exploit-DB
Integria IMS 5.0.83 - Cross-Site Request Forgery
CVE-2018-1982919 dic 2018
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary
23RIESGO
abrir
Exploit-DB
Linux Kernel 4.4 - 'rtnetlink' Stack Memory Disclosure
CVE-2016-448619 dic 2018
The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain
23RIESGO
abrir
Exploit-DB
Integria IMS 5.0.83 - 'search_string' Cross-Site Scripting
CVE-2018-1982819 dic 2018
Artica Integria IMS 5.0.83 has XSS via the search_string parameter.
23RIESGO
abrir
Exploit-DB
IBM Operational Decision Manager 8.x - XML External Entity Injection
CVE-2018-1821HIGH19 dic 2018
IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) a
46RIESGO
abrir
Exploit-DB
MiniShare 1.4.1 - 'HEAD/POST' Remote Buffer Overflow
CVE-2018-1986118 dic 2018
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP HEAD re
28RIESGO
abrir
Exploit-DB
MiniShare 1.4.1 - 'HEAD/POST' Remote Buffer Overflow
CVE-2018-1986218 dic 2018
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP POST re
28RIESGO
abrir
Exploit-DB
Microsoft Windows - 'jscript!JsArrayFunctionHeapSort' Out-of-Bounds Write
CVE-2018-863118 dic 2018
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet
35RIESGO
abrir
Exploit-DB
SDL Web Content Manager 8.5.0 - XML External Entity Injection
CVE-2018-1937118 dic 2018
The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allows reading sensitive
23RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.