Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.105exploits catalogados
31.648CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit300
IBM Data Risk Manager Arbitrary File Download
CVE-2020-4427CRITICALsob ataque21 abr 2020
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security rest
95RISCO
abrir
Metasploit600
IBM Data Risk Manager Unauthenticated Remote Code Execution
CVE-2020-4429CRITICAL21 abr 2020
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrativ
65RISCO
abrir
Metasploit600
IBM Data Risk Manager Unauthenticated Remote Code Execution
CVE-2020-4428CRITICALsob ataque21 abr 2020
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary co
85RISCO
abrir
Metasploit600
IBM Data Risk Manager a3user Default Password
CVE-2020-4429CRITICAL21 abr 2020
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrativ
65RISCO
abrir
Metasploit300
SpamTitan Unauthenticated RCE
CVE-2020-1169817 abr 2020
An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp
60RISCO
abrir
Metasploit0
Kibana Upgrade Assistant Telemetry Collector Prototype Pollution
CVE-2020-701217 abr 2020
Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authen
23RISCO
abrir
Metasploit600
Cisco UCS Director Cloupia Script RCE
CVE-2020-3243CRITICAL15 abr 2020
Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
85RISCO
abrir
Metasploit300
Veeam ONE Agent .NET Deserialization
CVE-2020-10915CRITICAL15 abr 2020
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.
85RISCO
abrir
Metasploit600
Cisco UCS Director Cloupia Script RCE
CVE-2020-3250CRITICAL15 abr 2020
Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data
75RISCO
abrir
Metasploit300
Veeam ONE Agent .NET Deserialization
CVE-2020-10914CRITICAL15 abr 2020
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.
75RISCO
abrir
Metasploit300
Zen Load Balancer Directory Traversal
CVE-2020-1149110 abr 2020
Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attac
18RISCO
abrir
Metasploit300
VMware vCenter Server vmdir Authentication Bypass
CVE-2020-3952CRITICALsob ataque09 abr 2020
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Servi
100RISCO
abrir
Metasploit300
VMware vCenter Server vmdir Information Disclosure
CVE-2020-3952CRITICALsob ataque09 abr 2020
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Servi
100RISCO
abrir
Metasploit300
LimeSurvey Zip Path Traversals
CVE-2019-996002 abr 2020
The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relati
23RISCO
abrir
Metasploit300
LimeSurvey Zip Path Traversals
CVE-2020-1145502 abr 2020
LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileM
60RISCO
abrir
Metasploit600
Nexus Repository Manager Java EL Injection RCE
CVE-2020-10199HIGHsob ataque31 mar 2020
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
100RISCO
abrir
Metasploit300
Grandstream UCM62xx IP PBX WebSocket Blind SQL Injection Credential Dump
CVE-2020-572330 mar 2020
The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an atta
18RISCO
abrir
Metasploit300
Grandstream UCM62xx IP PBX WebSocket Blind SQL Injection Credential Dump
CVE-2020-572430 mar 2020
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpo
23RISCO
abrir
Metasploit400
Pi-Hole DHCP MAC OS Command Execution
CVE-2020-8816CRITICALsob ataque28 mar 2020
Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static l
100RISCO
abrir
Metasploit600
GitLab File Read Remote Code Execution
CVE-2020-1097726 mar 2020
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.
30RISCO
abrir
Metasploit600
TP-Link Archer A7/C7 Unauthenticated LAN Remote Code Execution
CVE-2020-10884HIGH25 mar 2020
This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer
61RISCO
abrir
Metasploit600
TP-Link Archer A7/C7 Unauthenticated LAN Remote Code Execution
CVE-2020-2834725 mar 2020
tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the sl
40RISCO
abrir
Metasploit600
TP-Link Archer A7/C7 Unauthenticated LAN Remote Code Execution
CVE-2020-10883MEDIUM25 mar 2020
This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware
48RISCO
abrir
Metasploit600
TP-Link Archer A7/C7 Unauthenticated LAN Remote Code Execution
CVE-2020-10882HIGH25 mar 2020
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Arch
68RISCO
abrir
Metasploit600
Grandstream UCM62xx IP PBX sendPasswordEmail RCE
CVE-2020-5722CRITICALsob ataque23 mar 2020
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafte
100RISCO
abrir
Metasploit0
Safari in Operator Side Effect Exploit
CVE-2020-985018 mar 2020
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, wa
40RISCO
abrir
Metasploit600
macOS cfprefsd Arbitrary File Write Local Privilege Escalation
CVE-2020-983918 mar 2020
A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Cata
18RISCO
abrir
Metasploit0
Safari in Operator Side Effect Exploit
CVE-2020-985618 mar 2020
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. An application may be able
18RISCO
abrir
Metasploit0
Safari in Operator Side Effect Exploit
CVE-2020-980118 mar 2020
A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.1. A malicious process may ca
18RISCO
abrir
Metasploit600
VMware Fusion USB Arbitrator Setuid Privilege Escalation
CVE-2020-3950HIGHsob ataque17 mar 2020
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for
86RISCO
abrir
anteriorpágina 28 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.