Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
4.187 exploits
Nucleimedium
AWStats < 6.95 - Open Redirect
Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary
18RISCO
abrir ↗Nucleimedium
WebGlimpse 2.18.7 - Directory Traversal
Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbit
43RISCO
abrir ↗Nucleihigh
Joomla! Component com_biblestudy - Local File Inclusion
Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers
43RISCO
abrir ↗Nucleicritical
Apache Axis2 Default Login
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products
60RISCO
abrir ↗Nucleimedium
Joomla! Component CCNewsLetter - Local File Inclusion
Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attac
50RISCO
abrir ↗Nucleimedium
Joomla! Component Jw_allVideos - Arbitrary File Retrieval
Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 throug
43RISCO
abrir ↗Nucleihigh
Joomla! Plugin Core Design Scriptegrator - Local File Inclusion
Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Desi
43RISCO
abrir ↗Nucleimedium
Joomla! Component com_jvideodirect - Directory Traversal
Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers t
38RISCO
abrir ↗Nucleimedium
Joomla! Component com_jashowcase - Directory Traversal
Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to r
43RISCO
abrir ↗Nucleimedium
Joomla! Component com_jcollection - Directory Traversal
Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to
43RISCO
abrir ↗Nucleihigh
Joomla! Component com_gcalendar Suite 2.1.5 - Local File Inclusion
Directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers t
43RISCO
abrir ↗Nucleimedium
Joomla! Component com_cartweberp - Local File Inclusion
Directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attacke
38RISCO
abrir ↗Nucleihigh
Joomla! Component com_abbrev - Local File Inclusion
Directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote atta
43RISCO
abrir ↗Nucleimedium
Joomla! Component com_rokdownloads - Local File Inclusion
Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remot
43RISCO
abrir ↗Nucleimedium
Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion
Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for
43RISCO
abrir ↗Nucleimedium
Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion
Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is
38RISCO
abrir ↗Nucleimedium
Joomla! Component com_janews - Local File Inclusion
Directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read
38RISCO
abrir ↗Nucleihigh
Zyxel VMG1312-B10D 5.13AAXA.8 - Local File Inclusion
Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd.
18RISCO
abrir ↗Nucleicritical
Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal
The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via
23RISCO
abrir ↗Nucleimedium
SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting
SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component,
18RISCO
abrir ↗Nucleicritical
PRTG Network Monitor - Local File Inclusion
PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privile
100RISCO
abrir ↗Nucleimedium
Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting
XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later vers
23RISCO
abrir ↗Nucleihigh
PHP Proxy 3.0.3 - Local File Inclusion
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI UR
50RISCO
abrir ↗Nucleimedium
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field.
38RISCO
abrir ↗Nucleimedium
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields.
38RISCO
abrir ↗Nucleimedium
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar.
38RISCO
abrir ↗Nucleihigh
Tarantella Enterprise <3.11 - Local File Inclusion
Tarantella Enterprise before 3.11 allows Directory Traversal.
23RISCO
abrir ↗Nucleimedium
Adiscon LogAnalyzer <4.1.7 - Cross-Site Scripting
login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field.
43RISCO
abrir ↗Nucleimedium
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field.
18RISCO
abrir ↗Nucleimedium
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field.
38RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.