Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit600
Polycom Shell HDX Series Traceroute Command Execution
CVE-2025-34093HIGH12 nov 2017
Polycom HDX Series Telnet Command Injection via lan traceroute
36RISCO
abrir
Metasploit300
Roundcube TimeZone Authenticated File Disclosure
CVE-2017-16651HIGHsob ataque09 nov 2017
Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary file
98RISCO
abrir
Metasploit600
Synology DiskStation Manager smart.cgi Remote Command Execution
CVE-2017-1588908 nov 2017
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authe
60RISCO
abrir
Metasploit300
Samsung Internet Browser SOP Bypass
CVE-2017-1769208 nov 2017
Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive informat
60RISCO
abrir
Metasploit600
pfSense authenticated group member RCE
CVE-2016-1070906 nov 2017
pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_
30RISCO
abrir
Metasploit300
Brother Debut http Denial Of Service
CVE-2017-1624902 nov 2017
The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST requ
50RISCO
abrir
Metasploit400
Advantech WebAccess Webvrpcs Service Opcode 80061 Stack Buffer Overflow
CVE-2017-1401602 nov 2017
A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The applicati
43RISCO
abrir
Metasploit600
Xplico Remote Code Execution
CVE-2017-1666629 out 2017
Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name
60RISCO
abrir
Metasploit600
Tuleap 9.6 Second-Order PHP Object Injection
CVE-2017-741123 out 2017
An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentEl
50RISCO
abrir
Metasploit300
Ayukov NFTP FTP Client Buffer Overflow
CVE-2017-1522221 out 2017
Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code.
50RISCO
abrir
Metasploit600
Oracle WebLogic wls-wsat Component Deserialization RCE
CVE-2017-10271HIGHsob ataqueransomware19 out 2017
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supporte
100RISCO
abrir
Metasploit300
Easy Chat Server User Registeration Buffer Overflow (SEH)
CVE-2017-954409 out 2017
There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1
23RISCO
abrir
Metasploit600
Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution
CVE-2017-1139207 out 2017
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote att
30RISCO
abrir
Metasploit600
Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution
CVE-2017-1139107 out 2017
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote att
30RISCO
abrir
Metasploit600
Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution
CVE-2017-789607 out 2017
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS.
18RISCO
abrir
Metasploit600
Trend Micro OfficeScan Remote Code Execution
CVE-2017-1139407 out 2017
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitr
50RISCO
abrir
Metasploit600
Tomcat RCE via JSP Upload Bypass
CVE-2017-12617HIGHsob ataque03 out 2017
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTT
100RISCO
abrir
Metasploit600
HP Intelligent Management Java Deserialization RCE
CVE-2017-1255703 out 2017
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and e
60RISCO
abrir
Metasploit600
phpCollab 2.5.1 Unauthenticated File Upload
CVE-2017-609029 set 2017
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authentica
60RISCO
abrir
Metasploit300
Unauthenticated information disclosure such as configuration, credentials and camera snapshots of a vulnerable Hikvision IP Camera
CVE-2017-7921CRITICALsob ataque23 set 2017
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 16
100RISCO
abrir
Metasploit300
Hikvision IP Camera Unauthenticated Password Change Via Improper Authentication Logic
CVE-2017-7921CRITICALsob ataque23 set 2017
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 16
100RISCO
abrir
Metasploit300
CyberLink LabelPrint 2.5 Stack Buffer Overflow
CVE-2017-1462723 set 2017
Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) au
43RISCO
abrir
Metasploit600
DenyAll Web Application Firewall Remote Code Execution
CVE-2017-1470619 set 2017
DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf
23RISCO
abrir
Metasploit300
Apache Optionsbleed Scanner
CVE-2017-979818 set 2017
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user
60RISCO
abrir
Metasploit600
xdebug Unauthenticated OS Command Execution
CVE-2015-10141CRITICAL17 set 2017
Xdebug Remote Debugger Unauthenticated OS Command Execution
63RISCO
abrir
Metasploit600
Kaltura Remote PHP Code Execution over Cookie
CVE-2017-1414312 set 2017
The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, wh
60RISCO
abrir
Metasploit600
Apache Struts 2 REST Plugin XStream RCE
CVE-2017-9805HIGHsob ataque05 set 2017
The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with a
100RISCO
abrir
Metasploit600
Mako Server v2.5, 2.6 OS Command Injection RCE
CVE-2025-34095CRITICAL03 set 2017
Mako Server v2.5 and v2.6 OS Command Injection via examples/save.lsp
63RISCO
abrir
Metasploit600
Zivif Camera iptest.cgi Blind Remote Command Execution
CVE-2017-1710501 set 2017
Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauth
40RISCO
abrir
Metasploit300
IBM Notes encodeURI DOS
CVE-2017-112931 ago 2017
IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it coul
50RISCO
abrir
anteriorpágina 39 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.