Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.002exploits catalogados
31.582CVEs con explotación pública
4185 exploits
Nucleimedium
Microsoft FrontPage Extensions - Information Disclosure
Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST reque
30RIESGO
abrir
Nucleimedium
Jakarta Tomcat 3.1 and 3.0 - Information Disclosure
The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker
50RIESGO
abrir
Nucleicritical
Cisco IOS HTTP Configuration - Authentication Bypass
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when lo
50RIESGO
abrir
Nucleihigh
SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting
Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as othe
43RIESGO
abrir
Nucleimedium
SquirrelMail 1.4.x - Folder Name Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary sc
43RIESGO
abrir
Nucleimedium
Open Bulletin Board (OpenBB) v1.0.6 - Open Redirect/XSS
Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote atta
38RIESGO
abrir
Nucleimedium
Lotus Domino R5 and R6 WebMail - Information Disclosure
Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hid
60RIESGO
abrir
Nucleimedium
SquirrelMail Address Add 1.4.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote att
38RIESGO
abrir
Nucleicritical
Horde Groupware Unauthenticated Admin Access
The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote at
18RIESGO
abrir
Nucleimedium
SAP Web Application Server 6.x/7.0 - Open Redirect
frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log use
43RIESGO
abrir
Nucleimedium
Cofax <=2.0RC3 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in search.htm in Cofax 2.0 RC3 and earlier allows remote attackers to inject ar
38RIESGO
abrir
Nucleimedium
Cherokee HTTPD <=0.5 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary w
18RIESGO
abrir
Nucleihigh
Squirrelmail <=1.4.6 - Local File Inclusion
PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals i
50RIESGO
abrir
Nucleimedium
Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote
60RIESGO
abrir
Nucleimedium
Jira Rainbow.Zen - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extensi
38RIESGO
abrir
Nucleimedium
Apache Tomcat 4.x-7.x - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomca
60RIESGO
abrir
Nucleicritical
Alcatel-Lucent OmniPCX - Remote Command Execution
CVE-2007-3010CRITICALbajo ataque
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows rem
100RIESGO
abrir
Nucleimedium
Joomla! RSfiles <=1.0.2 - Local File Inclusion
Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allo
38RIESGO
abrir
Nucleimedium
OpenSymphony XWork/Apache Struts2 - Remote Code Execution
Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursive
23RIESGO
abrir
Nucleimedium
phpPgAdmin <=4.1.1 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inje
43RIESGO
abrir
Nucleihigh
WordPress Sniplets 1.1.2 - Local File Inclusion
PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordP
50RIESGO
abrir
Nucleimedium
WordPress Sniplets <=1.2.2 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote at
38RIESGO
abrir
Nucleimedium
Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection
Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2
50RIESGO
abrir
Nucleimedium
Bitrix Site Management 2.x - Open Redirect
Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbi
18RIESGO
abrir
Nucleimedium
AppServ Open Project <=2.5.10 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers
38RIESGO
abrir
Nucleimedium
CMSimple 3.1 - Local File Inclusion
Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote a
43RIESGO
abrir
Nucleicritical
Joomla! Image Browser 0.1.5 rc2 - Local File Inclusion
Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote atta
43RIESGO
abrir
Nucleimedium
Joomla! <=2.0.0 RC2 - Local File Inclusion
Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote
43RIESGO
abrir
Nucleimedium
phpPgAdmin <=4.2.1 - Local File Inclusion
Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is ena
43RIESGO
abrir
Nucleimedium
Joomla! ionFiles 4.4.2 - Local File Inclusion
Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remo
43RIESGO
abrir
página 1 / 140siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.