Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit0
Safari Proxy Object Type Confusion
CVE-2018-4233HIGH15 mar 2018
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud
68RISCO
abrir
Metasploit300
SAP Internet Graphics Server (IGS) XMLCHART XXE
CVE-2018-239314 mar 2018
Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML Exter
23RISCO
abrir
Metasploit300
SAP Internet Graphics Server (IGS) XMLCHART XXE
CVE-2018-239214 mar 2018
Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML Exter
50RISCO
abrir
Metasploit600
Unitrends Enterprise Backup bpserverd Privilege Escalation
CVE-2018-632914 mar 2018
It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL i
50RISCO
abrir
Metasploit300
Flexense HTTP Server Denial Of Service
CVE-2018-806509 mar 2018
An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access v
60RISCO
abrir
Metasploit300
HTTP SickRage Password Leak
CVE-2018-916008 mar 2018
SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses.
60RISCO
abrir
Metasploit600
ManageEngine Applications Manager Remote Code Execution
CVE-2018-789007 mar 2018
A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The pu
60RISCO
abrir
Metasploit600
ClipBucket beats_uploader Unauthenticated Arbitrary File Upload
CVE-2018-766503 mar 2018
An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter
23RISCO
abrir
Metasploit300
Memcached Stats Amplification Scanner
CVE-2018-100011527 fev 2018
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vuln
60RISCO
abrir
Metasploit600
Nanopool Claymore Dual Miner APIs RCE
CVE-2018-100004909 fev 2018
Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner
60RISCO
abrir
Metasploit300
Claymore Dual GPU Miner Format String dos attack
CVE-2018-631706 fev 2018
The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format strin
50RISCO
abrir
Metasploit0
Exodus Wallet (ElectronJS Framework) remote Code Execution
CVE-2018-100000625 jan 2018
GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the pro
60RISCO
abrir
Metasploit600
AsusWRT LAN Unauthenticated Remote Code Execution
CVE-2018-600022 jan 2018
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpn
60RISCO
abrir
Metasploit600
AsusWRT LAN Unauthenticated Remote Code Execution
CVE-2018-599922 jan 2018
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, pro
60RISCO
abrir
Metasploit500
CloudMe Sync v1.10.9
CVE-2018-689217 jan 2018
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sy
60RISCO
abrir
Metasploit300
glibc 'realpath()' Privilege Escalation
CVE-2018-100000116 jan 2018
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before th
43RISCO
abrir
Metasploit300
GitStack Unauthenticated REST API Requests
CVE-2018-595515 jan 2018
An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unau
60RISCO
abrir
Metasploit500
GitStack Unsanitized Argument RCE
CVE-2018-595515 jan 2018
An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unau
60RISCO
abrir
Metasploit600
Monstra CMS Authenticated Arbitrary File Upload
CVE-2017-1804818 dez 2017
Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for exa
30RISCO
abrir
Metasploit600
Cambium ePMP1000 'get_chart' Shell via Command Injection (v3.1-3.5-RC7)
CVE-2017-525518 dez 2017
In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web
60RISCO
abrir
Metasploit600
GoAhead Web Server LD_PRELOAD Arbitrary Module Load
CVE-2017-17562HIGHsob ataque18 dez 2017
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. T
100RISCO
abrir
Metasploit600
Linksys WVBR0-25 User-Agent Command Execution
CVE-2017-1741113 dez 2017
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authe
60RISCO
abrir
Metasploit600
Apache Spark Unauthenticated Command Execution
CVE-2018-1177012 dez 2017
From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the su
50RISCO
abrir
Metasploit400
Commvault Communications Service (cvd) Command Injection
CVE-2017-1804412 dez 2017
A Command Injection issue was discovered in ContentStore/Base/CVDataPipe.dll in Commvault before v11 SP6. A certain mess
30RISCO
abrir
Metasploit600
Palo Alto Networks readSessionVarsFromFile() Session Corruption
CVE-2017-15944CRITICALsob ataque11 dez 2017
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote
100RISCO
abrir
Metasploit600
Mac OS X Root Privilege Escalation
CVE-2017-1387229 nov 2017
An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The is
50RISCO
abrir
Metasploit300
Clickjacking Vulnerability In CSRF Error Page pfSense
CVE-2017-100047921 nov 2017
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged e
30RISCO
abrir
Metasploit0
Microsoft Office CVE-2017-11882
CVE-2017-11882HIGHsob ataqueransomware15 nov 2017
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Mi
100RISCO
abrir
Metasploit500
Dup Scout Enterprise Login Buffer Overflow
CVE-2017-1369614 nov 2017
A buffer overflow vulnerability lies in the web server component of Dup Scout Enterprise 9.9.14, Disk Savvy Enterprise 9
40RISCO
abrir
Metasploit500
Linux BPF Sign Extension Local Privilege Escalation
CVE-2017-1699512 nov 2017
The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial
50RISCO
abrir
anteriorpágina 38 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.