Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
22.469 exploits
Exploit-DB
Bio Star 2.8.2 - Local File Inclusion
CVE-2020-1505026 jul 2020
An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary fi
50RISCO
abrir
Exploit-DB
WordPress Plugin Email Subscribers & Newsletters 4.2.2 - 'hash' SQL Injection (Unauthenticated)
CVE-2019-20361HIGH26 jul 2020
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to b
78RISCO
abrir
Exploit-DB
Bludit 3.9.2 - Directory Traversal
CVE-2019-1611326 jul 2020
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .j
60RISCO
abrir
Exploit-DB
ManageEngine Applications Manager 13 - 'MenuHandlerServlet' SQL Injection
CVE-2016-948826 jul 2020
ManageEngine Applications Manager versions 12 and 13 suffer from remote SQL injection vulnerabilities
23RISCO
abrir
Exploit-DB
F5 Big-IP 13.1.3 Build 0.0.6 - Local File Inclusion
CVE-2020-5902CRITICALsob ataqueransomware26 jul 2020
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic
100RISCO
abrir
Exploit-DB
pfSense 2.4.4-p3 - Cross-Site Request Forgery
CVE-2019-1666726 jul 2020
diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executi
35RISCO
abrir
Exploit-DB
INNEO Startup TOOLS 2018 M040 13.0.70.3804 - Remote Code Execution
CVE-2020-1549226 jul 2020
An issue was discovered in INNEO Startup TOOLS 2017 M021 12.0.66.3784 through 2018 M040 13.0.70.3804. The sut_srv.exe we
28RISCO
abrir
Exploit-DB
WordPress Theme NexosReal Estate 1.7 - 'search_order' SQL Injection
CVE-2020-1536322 jul 2020
The Nexos theme through 1.7 for WordPress allows side-map/?search_order= SQL Injection.
23RISCO
abrir
Exploit-DB
Docsify.js 4.11.4 - Reflective Cross-Site Scripting
CVE-2020-768022 jul 2020
docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). Docsify.js uses fragment identifiers (parameters a
23RISCO
abrir
Exploit-DB
WordPress Theme NexosReal Estate 1.7 - 'search_order' SQL Injection
CVE-2020-1536422 jul 2020
The Nexos theme through 1.7 for WordPress allows top-map/?search_location= reflected XSS.
23RISCO
abrir
Exploit-DB
CMSUno 1.6 - Cross-Site Request Forgery (Change Admin Password)
CVE-2020-1560017 jul 2020
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
23RISCO
abrir
Exploit-DB
Zyxel Armor X1 WAP6806 - Directory Traversal
CVE-2020-1446115 jul 2020
Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI.
23RISCO
abrir
Exploit-DB
SuperMicro IPMI WebInterface 03.40 - Cross-Site Request Forgery (Add Admin)
CVE-2020-1504615 jul 2020
The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to
23RISCO
abrir
Exploit-DB
BSA Radar 1.6.7234.24750 - Local File Inclusion
CVE-2020-1494614 jul 2020
downloadFile.ashx in the Administrator section of the Surveillance module in Global RADAR BSA Radar 1.6.7234.24750 and e
23RISCO
abrir
Exploit-DB
Trend Micro Web Security Virtual Appliance 6.5 SP2 Patch 4 Build 1901 - Remote Code Execution (Metasploit)
CVE-2020-860514 jul 2020
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitr
60RISCO
abrir
Exploit-DB
Aruba ClearPass Policy Manager 6.7.0 - Unauthenticated Remote Command Execution
CVE-2020-711510 jul 2020
The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon succ
35RISCO
abrir
Exploit-DB
CompleteFTP Professional 12.1.3 - Remote Code Execution
CVE-2019-1611609 jul 2020
EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in the Bootstrap.log file.
23RISCO
abrir
Exploit-DB
BSA Radar 1.6.7234.24750 - Cross-Site Request Forgery (Change Password)
CVE-2020-1494408 jul 2020
Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authorization controls in multiple functions. This can all
23RISCO
abrir
Exploit-DB
SuperMicro IPMI 03.40 - Cross-Site Request Forgery (Add Admin)
CVE-2020-1504608 jul 2020
The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to
23RISCO
abrir
Exploit-DB
Exhibitor Web UI 1.7.1 - Remote Code Execution
CVE-2019-5029CRITICAL07 jul 2020
An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7
60RISCO
abrir
Exploit-DB
RSA IG&L Aveksa 7.1.1 - Remote Code Execution
CVE-2019-3759MEDIUM06 jul 2020
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 cont
33RISCO
abrir
Exploit-DB
BIG-IP 15.0.0 < 15.1.0.3 / 14.1.0 < 14.1.2.5 / 13.1.0 < 13.1.3.3 / 12.1.0 < 12.1.5.1 / 11.6.1 < 11.6.5.1 - Traffic Management User Interface 'TMUI' Remote Code Execution
CVE-2020-5902CRITICALsob ataqueransomware06 jul 2020
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic
100RISCO
abrir
Exploit-DB
Grafana 7.0.1 - Denial of Service (PoC)
CVE-2020-1337906 jul 2020
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows
60RISCO
abrir
Exploit-DB
BIG-IP 15.0.0 < 15.1.0.3 / 14.1.0 < 14.1.2.5 / 13.1.0 < 13.1.3.3 / 12.1.0 < 12.1.5.1 / 11.6.1 < 11.6.5.1 - Traffic Management User Interface 'TMUI' Remote Code Execution (PoC)
CVE-2020-5902CRITICALsob ataqueransomware05 jul 2020
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic
100RISCO
abrir
Exploit-DB
OCS Inventory NG 2.7 - Remote Code Execution
CVE-2020-1494702 jul 2020
OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php bec
28RISCO
abrir
Exploit-DB
mySCADA myPRO 7 - Hardcoded Credentials
CVE-2018-1131125 jun 2020
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attack
28RISCO
abrir
Exploit-DB
Lansweeper 7.2 - Incorrect Access Control
CVE-2020-1401123 jun 2020
Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin accoun
28RISCO
abrir
Exploit-DB
WebPort 1.19.1 - 'setup' Reflected Cross-Site Scripting
CVE-2019-1246022 jun 2020
Web Port 1.19.1 allows XSS via the /access/setup type parameter.
23RISCO
abrir
Exploit-DB
FileRun 2019.05.21 - Reflected Cross-Site Scripting
CVE-2019-1290522 jun 2020
FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman&section=do&page=up URI. This issue has been fixed
23RISCO
abrir
Exploit-DB
WebPort 1.19.1 - Reflected Cross-Site Scripting
CVE-2019-1246122 jun 2020
Web Port 1.19.1 allows XSS via the /log type parameter.
38RISCO
abrir
anteriorpágina 43 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.