Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
4187 exploits
Nucleicritical
Apache Struts2 S2-012 RCE
Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute
40RIESGO
abrir
Nucleimedium
Apache Struts - Multiple Open Redirection Vulnerabilities
Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to
60RIESGO
abrir
Nucleicritical
Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
CVE-2013-2251CRITICALbajo ataque
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a
100RIESGO
abrir
Nucleimedium
WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow
38RIESGO
abrir
Nucleimedium
Telaen => v1.3.1 - Open Redirect
Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victim
43RIESGO
abrir
Nucleimedium
WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earli
43RIESGO
abrir
Nucleimedium
Javafaces LFI
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2;
50RIESGO
abrir
Nucleimedium
WordPress Plugin Category Grid View Gallery 2.3.1 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for
43RIESGO
abrir
Nucleimedium
WordPress Plugin Duplicator < 0.4.5 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPr
43RIESGO
abrir
Nucleilow
AVTECH DVR - Login Verification Code Bypass
AVTECH AVN801 DVR has a security bypass via the administration login captcha
43RIESGO
abrir
Nucleimedium
Cisco Unified Communications Manager 7/8/9 - Directory Traversal
Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager all
43RIESGO
abrir
Nucleimedium
Xibo 1.2.2/1.4.1 - Directory Traversal
Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attacke
43RIESGO
abrir
Nucleimedium
WordPress Spreadsheet - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in codebase/spreadsheet.php in the Spreadsheet (dhtmlxSpreadsheet) plugin 2.0 f
18RIESGO
abrir
Nucleimedium
Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion
Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zim
60RIESGO
abrir
Nucleimedium
WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal
Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote
43RIESGO
abrir
Nucleicritical
XStream <1.4.6/1.4.10 - Remote Code Execution
Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a rem
60RIESGO
abrir
Nucleimedium
Sitecore CMS - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in Sitecore CMS before 7.0 Update-4 (rev. 140120) allows remote attackers to in
18RIESGO
abrir
Nucleihigh
DomPHP 0.83 - Directory Traversal
Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a ..
43RIESGO
abrir
Nucleicritical
Eyou E-Mail <3.6 - Remote Code Execution
The get_login_ip_config_file function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary comman
23RIESGO
abrir
Nucleicritical
ZTE Cable Modem Web Shell
web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd
50RIESGO
abrir
Nucleicritical
Lighttpd 1.4.34 SQL Injection and Path Traversal
SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary
30RIESGO
abrir
Nucleimedium
Dompdf < v0.6.0 - Local File Inclusion
dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroo
50RIESGO
abrir
Nucleimedium
Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x
43RIESGO
abrir
Nucleihigh
Belkin N150 Router 1.00.08/1.00.09 - Path Traversal
Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware befor
50RIESGO
abrir
Nucleimedium
ElasticSearch v1.1.1/1.2 RCE
CVE-2014-3120HIGHbajo ataque
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execut
100RIESGO
abrir
Nucleicritical
Seagate BlackArmor NAS - Command Injection
Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmg
30RIESGO
abrir
Nucleihigh
Drupal SQL Injection
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct
60RIESGO
abrir
Nucleihigh
Node.js st module Directory Traversal
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary fi
30RIESGO
abrir
Nucleimedium
Oracle Weblogic - Server-Side Request Forgery
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allo
30RIESGO
abrir
Nucleimedium
ActiveHelper LiveHelp Server 3.1.0 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin
18RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.