Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit600
GetSimpleCMS Unauthenticated RCE
CVE-2019-1123128 abr 2019
An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows
60RISCO
abrir
Metasploit600
Moodle Admin Shell Upload
CVE-2019-1163128 abr 2019
15RISCO
abrir
Metasploit600
WP Database Backup RCE
CVE-2019-25224CRITICAL24 abr 2019
WP Database Backup < 5.2 - Unauthenticated OS Command Injection
68RISCO
abrir
Metasploit600
Pulse Secure VPN Arbitrary Command Execution
CVE-2019-11539HIGHsob ataqueransomware24 abr 2019
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1R
100RISCO
abrir
Metasploit300
Pulse Secure VPN Arbitrary File Disclosure
CVE-2019-11510CRITICALsob ataqueransomware24 abr 2019
In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthent
100RISCO
abrir
Metasploit600
Oracle Weblogic Server Deserialization RCE - AsyncResponseService
CVE-2019-2725HIGHsob ataqueransomware23 abr 2019
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supporte
100RISCO
abrir
Metasploit600
SmarterTools SmarterMail less than build 6985 - .NET Deserialization Remote Code Execution
CVE-2019-721417 abr 2019
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker co
60RISCO
abrir
Metasploit300
Spring Cloud Config Server Directory Traversal
CVE-2019-379917 abr 2019
Directory Traversal with spring-cloud-config-server
60RISCO
abrir
Metasploit300
Oracle Application Testing Suite Post-Auth DownloadServlet Directory Traversal
CVE-2019-255716 abr 2019
Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponen
18RISCO
abrir
Metasploit300
Remote Mouse RCE
CVE-2022-3365CRITICAL15 abr 2019
Emote Interactive Remote Mouse Server command injection due to weak encoding
63RISCO
abrir
Metasploit600
Kentico CMS Staging SyncServer Unserialize Remote Command Execution
CVE-2019-10068CRITICALsob ataque15 abr 2019
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions
100RISCO
abrir
Metasploit600
Mac OS X TimeMachine (tmdiagnose) Command Injection Privilege Escalation
CVE-2019-851313 abr 2019
This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to
38RISCO
abrir
Metasploit600
Mac OS X Feedback Assistant Race Condition
CVE-2019-856513 abr 2019
A race condition was addressed with additional validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A mali
43RISCO
abrir
Metasploit600
Apache Tomcat CGIServlet enableCmdLineArguments Vulnerability
CVE-2019-023210 abr 2019
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0
60RISCO
abrir
Metasploit300
AppXSvc Hard Link Privilege Escalation
CVE-2019-0841HIGHsob ataqueransomware09 abr 2019
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard li
98RISCO
abrir
Metasploit300
WordPress Google Maps Plugin SQL Injection
CVE-2019-1069202 abr 2019
In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize
40RISCO
abrir
Metasploit600
AwindInc SNMP Service Command Injection
CVE-2017-1670927 mar 2019
Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote
60RISCO
abrir
Metasploit600
AIS logistics ESEL-Server Unauth SQL Injection RCE
CVE-2019-1012327 mar 2019
SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which is the backend for the AIS logistics mobile app)
50RISCO
abrir
Metasploit300
CMS Made Simple Authenticated RCE via object injection
CVE-2019-905526 mar 2019
An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php an
23RISCO
abrir
Metasploit600
Atlassian Confluence Widget Connector Macro Velocity Template Injection
CVE-2019-3396CRITICALsob ataqueransomware25 mar 2019
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from vers
100RISCO
abrir
Metasploit600
Horde Form File Upload Vulnerability
CVE-2019-985824 mar 2019
Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulner
23RISCO
abrir
Metasploit0
Chrome 72.0.3626.119 FileReader UaF exploit for Windows 7 x86
CVE-2019-5786MEDIUMsob ataque21 mar 2019
Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform
90RISCO
abrir
Metasploit600
PostgreSQL COPY FROM PROGRAM Command Execution
CVE-2019-919320 mar 2019
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_serve
60RISCO
abrir
Metasploit300
IBM BigFix Relay Server Sites and Package Enum
CVE-2019-4061MEDIUM18 mar 2019
IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the upd
33RISCO
abrir
Metasploit600
Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability
CVE-2019-542013 mar 2019
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess th
60RISCO
abrir
Metasploit600
Zimbra Collaboration Autodiscover Servlet XXE and ProxyServlet SSRF
CVE-2019-9621HIGHsob ataque13 mar 2019
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x b
100RISCO
abrir
Metasploit600
Zimbra Collaboration Autodiscover Servlet XXE and ProxyServlet SSRF
CVE-2019-9670CRITICALsob ataque13 mar 2019
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XX
100RISCO
abrir
Metasploit300
Microsoft Windows NtUserMNDragOver Local Privilege Elevation
CVE-2019-0808HIGHsob ataque12 mar 2019
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
98RISCO
abrir
Metasploit300
CMS Made Simple (CMSMS) Showtime2 File Upload RCE
CVE-2019-969211 mar 2019
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard
50RISCO
abrir
Metasploit300
Pimcore Unserialize RCE
CVE-2019-1086711 mar 2019
An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/c
50RISCO
abrir
anteriorpágina 33 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.