Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit600
Microsoft UPnP Local Privilege Elevation Vulnerability
CVE-2019-1322HIGHsob ataqueransomware12 nov 2019
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft W
91RISCO
abrir
Metasploit600
Microsoft UPnP Local Privilege Elevation Vulnerability
CVE-2019-1405HIGHsob ataqueransomware12 nov 2019
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows
91RISCO
abrir
Metasploit600
Optergy Proton and Enterprise BMS Command Injection using a backdoor
CVE-2019-727605 nov 2019
Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console.
60RISCO
abrir
Metasploit600
Windows Update Orchestrator unchecked ScheduleWork call
CVE-2020-131304 nov 2019
An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file oper
30RISCO
abrir
Metasploit600
Microsoft Spooler Local Privilege Elevation Vulnerability
CVE-2020-1337HIGH04 nov 2019
Windows Print Spooler Elevation of Privilege Vulnerability
41RISCO
abrir
Metasploit300
Microsoft Spooler Local Privilege Elevation Vulnerability
CVE-2020-104804 nov 2019
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writin
43RISCO
abrir
Metasploit600
FreeSWITCH Event Socket Command Execution
CVE-2019-1949203 nov 2019
FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.
43RISCO
abrir
Metasploit0
Kibana Timelion Prototype Pollution RCE
CVE-2019-7609CRITICALsob ataque30 out 2019
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker
100RISCO
abrir
Metasploit600
Linear eMerge E3-Series Access Controller Command Injection
CVE-2019-7256CRITICALsob ataque29 out 2019
Linear eMerge E3-Series devices allow Command Injections.
100RISCO
abrir
Metasploit600
Apache Solr Remote Code Execution via Velocity Template
CVE-2019-17558HIGHsob ataque29 out 2019
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A V
100RISCO
abrir
Metasploit600
rConfig install Command Execution
CVE-2019-1666228 out 2019
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to a
60RISCO
abrir
Metasploit300
PHP-FPM Underflow RCE
CVE-2019-11043HIGHsob ataqueransomware22 out 2019
Underflow in PHP-FPM can lead to RCE
100RISCO
abrir
Metasploit400
Nostromo Directory Traversal Remote Command Execution
CVE-2019-16278CRITICALsob ataque20 out 2019
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote co
100RISCO
abrir
Metasploit300
ThinVNC Directory Traversal
CVE-2019-1766216 out 2019
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exi
60RISCO
abrir
Metasploit600
Solaris xscreensaver log Privilege Escalation
CVE-2019-3010HIGHsob ataque16 out 2019
Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is a
91RISCO
abrir
Metasploit600
Ajenti auth username Command Injection
CVE-2019-25066MEDIUM14 out 2019
ajenti API privileges management
28RISCO
abrir
Metasploit600
Android Binder Use-After-Free Exploit
CVE-2019-2215HIGHsob ataque26 set 2019
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interacti
100RISCO
abrir
Metasploit300
File Sharing Wizard - POST SEH Overflow
CVE-2019-1672424 set 2019
File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Excepti
60RISCO
abrir
Metasploit600
vBulletin widgetConfig RCE
CVE-2019-16759CRITICALsob ataque23 set 2019
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widge
100RISCO
abrir
Metasploit600
PHPStudy Backdoor Remote Code execution
CVE-2025-34061CRITICAL20 set 2019
PHPStudy 2016-2018 Backdoor Remote Code Execution Vulnerability
63RISCO
abrir
Metasploit600
Micro Focus (HPE) Data Protector SUID Privilege Escalation
CVE-2019-1166013 set 2019
Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30,
38RISCO
abrir
Metasploit600
Bludit Directory Traversal Image File Upload Vulnerability
CVE-2019-1611307 set 2019
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .j
60RISCO
abrir
Metasploit300
Metasploit HTTP(S) handler DoS
CVE-2019-5645HIGH04 set 2019
Rapid7 Metasploit HTTP Handler Denial of Service
48RISCO
abrir
Metasploit600
Total.js CMS 12 Widget JavaScript Code Injection
CVE-2019-1595430 ago 2019
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote
60RISCO
abrir
Metasploit600
Plantronics Hub SpokesUpdateService Privilege Escalation
CVE-2019-1574230 ago 2019
A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application
38RISCO
abrir
Metasploit600
Cisco UCS Director Unauthenticated Remote Code Execution
CVE-2019-1936HIGH21 ago 2019
Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Command Injection Vulnerability
48RISCO
abrir
Metasploit600
Cisco UCS Director default scpuser password
CVE-2019-1935CRITICAL21 ago 2019
Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data SCP User Default Credentials Vulnerability
85RISCO
abrir
Metasploit600
Cisco UCS Director Unauthenticated Remote Code Execution
CVE-2019-1937CRITICAL21 ago 2019
Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability
85RISCO
abrir
Metasploit300
Grafana 2.0 through 5.2.2 authentication bypass for LDAP and OAuth
CVE-2018-1572714 ago 2019
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generat
30RISCO
abrir
Metasploit600
Webmin password_change.cgi Backdoor
CVE-2019-15107CRITICALsob ataqueransomware10 ago 2019
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnera
100RISCO
abrir
anteriorpágina 31 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.