Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
4.187 exploits
Nucleihigh
Spring Security OAuth2 Remote Command Execution
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1
60RISCO
abrir
Nucleicritical
NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure
Netgear DGN2200 and DGND3700 disclose the administrator password
23RISCO
abrir
Nucleicritical
NUUO NVR camera `debugging_center_utils_.php` - Command Execution
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR Rea
60RISCO
abrir
Nucleicritical
vBulletin <= 4.2.3 - SQL Injection
SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 bef
50RISCO
abrir
Nucleihigh
NETGEAR Routers - Remote Code Execution
CVE-2016-6277HIGHsob ataque
NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.B
100RISCO
abrir
Nucleihigh
ZOHO WebNMS Framework <5.2 SP1 - Local File Inclusion
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows rem
60RISCO
abrir
Nucleicritical
Trend Micro Threat Discovery Appliance 2.6.1062r1 - Authentication Bypass
On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows
40RISCO
abrir
Nucleihigh
Sony IPELA Engine IP Camera - Hardcoded Account
SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC
18RISCO
abrir
Nucleimedium
SPIP <3.1.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject
18RISCO
abrir
Nucleimedium
Aruba Airwave <8.2.3.1 - Cross-Site Scripting
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). Th
43RISCO
abrir
Nucleihigh
DotNetNuke (DNN) ImageHandler <9.2.0 - Server-Side Request Forgery
DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler
23RISCO
abrir
Nucleihigh
Oracle GlassFish Server Open Source Edition 4.1 - Local File Inclusion
Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Trave
60RISCO
abrir
Nucleihigh
Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion
Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that
18RISCO
abrir
Nucleimedium
Phoenix Framework - Open Redirect
The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to u
18RISCO
abrir
Nucleihigh
WordPress Delightful Downloads Jquery File Tree 2.1.5 - Local File Inclusion
jqueryFileTree 2.1.5 and older Directory Traversal
50RISCO
abrir
Nucleicritical
Primetek Primefaces 5.x - Remote Code Execution
CVE-2017-1000486CRITICALsob ataque
Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution
100RISCO
abrir
Nucleihigh
Oracle Content Server - Cross-Site Scripting
Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supp
23RISCO
abrir
Nucleihigh
Oracle WebLogic Server - Remote Command Execution
CVE-2017-10271HIGHsob ataqueransomware
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supporte
100RISCO
abrir
Nucleihigh
Yaws 1.91 - Local File Inclusion
Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: th
60RISCO
abrir
Nucleimedium
phpLDAPadmin <= 1.2.3 - Reflected XSS
phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter.
18RISCO
abrir
Nucleicritical
DataTaker DT80 dEX 1.50.012 - Information Disclosure
dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a d
50RISCO
abrir
Nucleicritical
Subrion CMS <4.1.5.10 - SQL Injection
Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.
23RISCO
abrir
Nucleihigh
ManageEngine ServiceDesk 9.3.9328 - Arbitrary File Retrieval
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the path
40RISCO
abrir
Nucleimedium
FineCMS <5.0.9 - Open Redirect
dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php.
18RISCO
abrir
Nucleihigh
XML-RPC Server - Remote Code Execution
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows rem
60RISCO
abrir
Nucleimedium
FineCMS <=5.0.10 - Cross-Site Scripting
dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=ap
18RISCO
abrir
Nucleimedium
XOOPS Core 2.5.8 - Open Redirect
XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter.
18RISCO
abrir
Nucleicritical
Jboss Application Server - Remote Code Execution
CVE-2017-12149CRITICALsob ataqueransomware
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter
100RISCO
abrir
Nucleicritical
HPE Integrated Lights-out 4 (ILO4) <2.53 - Authentication Bypass
A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53
60RISCO
abrir
Nucleimedium
HPE System Management - Cross-Site Scripting
A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was
18RISCO
abrir
anteriorpágina 14 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.