Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit600
EyesOfNetwork 5.1-5.3 AutoDiscovery Target Command Execution
CVE-2020-865406 fev 2020
An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoD
60RISCO
abrir
Metasploit600
EyesOfNetwork 5.1-5.3 AutoDiscovery Target Command Execution
CVE-2020-946506 fev 2020
An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL
40RISCO
abrir
Metasploit600
EyesOfNetwork 5.1-5.3 AutoDiscovery Target Command Execution
CVE-2020-8655HIGHsob ataque06 fev 2020
An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability
98RISCO
abrir
Metasploit600
PlaySMS index.php Unauthenticated Template Injection Code Execution
CVE-2020-8644CRITICALsob ataque05 fev 2020
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
100RISCO
abrir
Metasploit600
CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow
CVE-2020-801205 fev 2020
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerabi
60RISCO
abrir
Metasploit600
CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow
CVE-2020-801005 fev 2020
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vu
30RISCO
abrir
Metasploit500
Arista restricted shell escape (with privesc)
CVE-2020-901502 fev 2020
Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7280SRAM-48C6-R 4.22.0.1F devices (and possibly oth
23RISCO
abrir
Metasploit600
OpenSMTPD MAIL FROM Remote Code Execution
CVE-2020-7247CRITICALsob ataque28 jan 2020
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to
100RISCO
abrir
Metasploit600
Centreon Poller Authenticated Remote Command Execution
CVE-2019-1969927 jan 2020
There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers mi
23RISCO
abrir
Metasploit300
Ricoh Driver Privilege Escalation
CVE-2019-1936322 jan 2020
An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attacker
38RISCO
abrir
Metasploit300
WebLogic Server Deserialization RCE - BadAttributeValueExpException
CVE-2020-2555CRITICALsob ataque15 jan 2020
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Su
100RISCO
abrir
Metasploit0
WordPress InfiniteWP Client Authentication Bypass
CVE-2020-877214 jan 2020
The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in in
40RISCO
abrir
Metasploit300
"Cablehaunt" Cable Modem WebSocket DoS
CVE-2019-1949407 jan 2020
Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker
23RISCO
abrir
Metasploit600
D-Link Devices Unauthenticated Remote Command Execution in ssdpcgi
CVE-2019-2021524 dez 2019
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the
60RISCO
abrir
Metasploit600
D-Link DIR-859 Unauthenticated Remote Command Execution
CVE-2019-17621CRITICALsob ataque24 dez 2019
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated rem
100RISCO
abrir
Metasploit600
IBM TM1 / Planning Analytics Unauthenticated Remote Code Execution
CVE-2019-4716CRITICALsob ataque19 dez 2019
IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated use
100RISCO
abrir
Metasploit600
Citrix ADC (NetScaler) Directory Traversal RCE
CVE-2019-19781CRITICALsob ataqueransomware17 dez 2019
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. Th
100RISCO
abrir
Metasploit300
Citrix ADC (NetScaler) Directory Traversal Scanner
CVE-2019-19781CRITICALsob ataqueransomware17 dez 2019
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. Th
100RISCO
abrir
Metasploit300
TVT NVMS-1000 Directory Traversal
CVE-2019-20085HIGHsob ataque12 dez 2019
TVT NVMS-1000 devices allow GET /.. Directory Traversal
100RISCO
abrir
Metasploit600
OpenBSD Dynamic Loader chpass Privilege Escalation
CVE-2019-1972611 dez 2019
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be
38RISCO
abrir
Metasploit300
Microsoft Windows Uninitialized Variable Local Privilege Elevation
CVE-2019-1458HIGHsob ataqueransomware10 dez 2019
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
100RISCO
abrir
Metasploit600
Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization
CVE-2017-11317CRITICALsob ataque09 dez 2019
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload
100RISCO
abrir
Metasploit600
Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization
CVE-2019-18935CRITICALsob ataqueransomware09 dez 2019
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUp
100RISCO
abrir
Metasploit300
Anviz CrossChex Buffer Overflow
CVE-2019-1251828 nov 2019
Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability.
50RISCO
abrir
Metasploit300
QNAP QTS and Photo Station Local File Inclusion
CVE-2019-7194CRITICALsob ataqueransomware25 nov 2019
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fi
100RISCO
abrir
Metasploit600
Liferay Portal Java Unmarshalling via JSONWS RCE
CVE-2020-7961CRITICALsob ataque25 nov 2019
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary c
100RISCO
abrir
Metasploit300
QNAP QTS and Photo Station Local File Inclusion
CVE-2019-7192CRITICALsob ataqueransomware25 nov 2019
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix the
100RISCO
abrir
Metasploit300
QNAP QTS and Photo Station Local File Inclusion
CVE-2019-7195CRITICALsob ataqueransomware25 nov 2019
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fi
100RISCO
abrir
Metasploit600
OpenNetAdmin Ping Command Injection
CVE-2019-25065MEDIUM19 nov 2019
OpenNetAdmin os command injection
48RISCO
abrir
Metasploit300
WordPress Email Subscribers and Newsletter Hash SQLi Scanner
CVE-2019-20361HIGH13 nov 2019
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to b
78RISCO
abrir
anteriorpágina 30 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.