Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
4.187 exploits
Nucleimedium
AWStats < 6.95 - Open Redirect
Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary
18RISCO
abrir
Nucleimedium
WebGlimpse 2.18.7 - Directory Traversal
Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbit
43RISCO
abrir
Nucleihigh
Joomla! Component com_biblestudy - Local File Inclusion
Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers
43RISCO
abrir
Nucleicritical
Apache Axis2 Default Login
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products
60RISCO
abrir
Nucleimedium
Joomla! Component CCNewsLetter - Local File Inclusion
Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attac
50RISCO
abrir
Nucleimedium
Joomla! Component Jw_allVideos - Arbitrary File Retrieval
Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 throug
43RISCO
abrir
Nucleihigh
Joomla! Plugin Core Design Scriptegrator - Local File Inclusion
Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Desi
43RISCO
abrir
Nucleimedium
Joomla! Component com_jvideodirect - Directory Traversal
Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers t
38RISCO
abrir
Nucleimedium
Joomla! Component com_jashowcase - Directory Traversal
Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to r
43RISCO
abrir
Nucleimedium
Joomla! Component com_jcollection - Directory Traversal
Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to
43RISCO
abrir
Nucleihigh
Joomla! Component com_gcalendar Suite 2.1.5 - Local File Inclusion
Directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers t
43RISCO
abrir
Nucleimedium
Joomla! Component com_cartweberp - Local File Inclusion
Directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attacke
38RISCO
abrir
Nucleihigh
Joomla! Component com_abbrev - Local File Inclusion
Directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote atta
43RISCO
abrir
Nucleimedium
Joomla! Component com_rokdownloads - Local File Inclusion
Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remot
43RISCO
abrir
Nucleimedium
Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion
Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for
43RISCO
abrir
Nucleimedium
Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion
Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is
38RISCO
abrir
Nucleimedium
Joomla! Component com_janews - Local File Inclusion
Directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read
38RISCO
abrir
Nucleihigh
Zyxel VMG1312-B10D 5.13AAXA.8 - Local File Inclusion
Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd.
18RISCO
abrir
Nucleicritical
Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal
The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via
23RISCO
abrir
Nucleimedium
SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting
SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component,
18RISCO
abrir
Nucleicritical
PRTG Network Monitor - Local File Inclusion
CVE-2018-19410CRITICALsob ataque
PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privile
100RISCO
abrir
Nucleimedium
Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting
XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later vers
23RISCO
abrir
Nucleihigh
PHP Proxy 3.0.3 - Local File Inclusion
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI UR
50RISCO
abrir
Nucleimedium
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field.
38RISCO
abrir
Nucleimedium
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields.
38RISCO
abrir
Nucleimedium
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar.
38RISCO
abrir
Nucleihigh
Tarantella Enterprise <3.11 - Local File Inclusion
Tarantella Enterprise before 3.11 allows Directory Traversal.
23RISCO
abrir
Nucleimedium
Adiscon LogAnalyzer <4.1.7 - Cross-Site Scripting
login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field.
43RISCO
abrir
Nucleimedium
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field.
18RISCO
abrir
Nucleimedium
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field.
38RISCO
abrir
anteriorpágina 22 / 140próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.