Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit0
Google Chrome 72 and 73 Array.map exploit
CVE-2019-5825MEDIUMsob ataque07 mar 2019
Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploi
90RISCO
abrir
Metasploit400
Cisco RV110W/RV130(W)/RV215W Routers Management Interface Remote Command Execution
CVE-2019-1663CRITICAL27 fev 2019
Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability
85RISCO
abrir
Metasploit600
elFinder PHP Connector exiftran Command Injection
CVE-2019-919426 fev 2019
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
60RISCO
abrir
Metasploit300
Drupal RESTful Web Services unserialize() RCE
CVE-2019-6340HIGHsob ataque20 fev 2019
Drupal core - Highly critical - Remote Code Execution
100RISCO
abrir
Metasploit600
WordPress Crop-image Shell Upload
CVE-2019-894219 fev 2019
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry ca
60RISCO
abrir
Metasploit600
WordPress Crop-image Shell Upload
CVE-2019-894319 fev 2019
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can
60RISCO
abrir
Metasploit300
Total.js prior to 3.2.4 Directory Traversal
CVE-2019-890318 fev 2019
index.js in Total.js Platform before 3.2.3 allows path traversal.
40RISCO
abrir
Metasploit600
RARLAB WinRAR ACE Format Input Validation Remote Code Execution
CVE-2018-20250HIGHsob ataqueransomware05 fev 2019
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field o
100RISCO
abrir
Metasploit300
OpenMRS Java Deserialization RCE
CVE-2018-19276CRITICAL04 fev 2019
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated use
85RISCO
abrir
Metasploit600
Schneider Electric Pelco Endura NET55XX Encoder
CVE-2019-681425 jan 2019
A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 wh
50RISCO
abrir
Metasploit300
Cisco RV320/RV326 Configuration Disclosure
CVE-2019-1653HIGHsob ataque24 jan 2019
Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
100RISCO
abrir
Metasploit300
Microsoft Exchange Privilege Escalation Exploit
CVE-2019-072421 jan 2019
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of
23RISCO
abrir
Metasploit600
Webmin Upload Authenticated RCE
CVE-2019-962417 jan 2019
Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Dow
43RISCO
abrir
Metasploit600
BMC Patrol Agent Privilege Escalation Cmd Execution
CVE-2018-2073517 jan 2019
An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for l
38RISCO
abrir
Metasploit300
ES File Explorer Open Port
CVE-2019-644716 jan 2019
The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary fi
50RISCO
abrir
Metasploit600
Jenkins ACL Bypass and Metaprogramming RCE
CVE-2019-100300108 jan 2019
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins
60RISCO
abrir
Metasploit600
Jenkins ACL Bypass and Metaprogramming RCE
CVE-2019-100300508 jan 2019
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/
23RISCO
abrir
Metasploit600
Jenkins ACL Bypass and Metaprogramming RCE
CVE-2019-1003029CRITICALsob ataque08 jan 2019
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/
100RISCO
abrir
Metasploit600
Jenkins ACL Bypass and Metaprogramming RCE
CVE-2019-100300208 jan 2019
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src
60RISCO
abrir
Metasploit600
Jenkins ACL Bypass and Metaprogramming RCE
CVE-2018-1000861CRITICALsob ataque08 jan 2019
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and ea
100RISCO
abrir
Metasploit600
Jenkins ACL Bypass and Metaprogramming RCE
CVE-2019-100300008 jan 2019
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/
60RISCO
abrir
Metasploit0
Docker Container Escape Via runC Overwrite
CVE-2019-573601 jan 2019
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc b
60RISCO
abrir
Metasploit600
Mailcleaner Remote Code Execution
CVE-2018-2032319 dez 2018
www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitra
30RISCO
abrir
Metasploit600
LibreNMS addhost Command Injection
CVE-2018-2043416 dez 2018
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to htm
60RISCO
abrir
Metasploit600
ThinkPHP Multiple PHP Injection RCEs
CVE-2019-9082HIGHsob ataque10 dez 2018
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public/
100RISCO
abrir
Metasploit600
ThinkPHP Multiple PHP Injection RCEs
CVE-2018-20062CRITICALsob ataque10 dez 2018
An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP
100RISCO
abrir
Metasploit600
Cisco Prime Infrastructure Runrshell Privilege Escalation
CVE-2018-15439CRITICAL08 dez 2018
Cisco Small Business Switches Privileged Access Vulnerability
55RISCO
abrir
Metasploit500
Linux Nested User Namespace idmap Limit Local Privilege Escalation
CVE-2018-1895515 nov 2018
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalat
38RISCO
abrir
Metasploit600
Nagios XI Magpie_debug.php Root Remote Code Execution
CVE-2018-1571014 nov 2018
Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.
50RISCO
abrir
Metasploit600
Nagios XI Magpie_debug.php Root Remote Code Execution
CVE-2018-1570814 nov 2018
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP r
60RISCO
abrir
anteriorpágina 34 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.