Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
22.469 exploits
Exploit-DB
OpenSMTPD - OOB Read Local Privilege Escalation (Metasploit)
CVE-2020-879409 mar 2020
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for mult
60RISCO
abrir
Exploit-DB
PHP-FPM - Underflow Remote Code Execution (Metasploit)
CVE-2019-11043HIGHsob ataqueransomware09 mar 2020
Underflow in PHP-FPM can lead to RCE
100RISCO
abrir
Exploit-DB
Google Chrome 72 and 73 - Array.map Out-of-Bounds Write (Metasploit)
CVE-2019-5825MEDIUMsob ataque09 mar 2020
Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploi
90RISCO
abrir
Exploit-DB
Google Chrome 67_ 68 and 69 - Object.create Type Confusion (Metasploit)
CVE-2018-17463HIGHsob ataque09 mar 2020
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbit
100RISCO
abrir
Exploit-DB
EyesOfNetwork - AutoDiscovery Target Command Execution (Metasploit)
CVE-2020-865405 mar 2020
An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoD
60RISCO
abrir
Exploit-DB
Exchange Control Panel - Viewstate Deserialization (Metasploit)
CVE-2020-0688HIGHsob ataqueransomware05 mar 2020
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle o
100RISCO
abrir
Exploit-DB
EyesOfNetwork - AutoDiscovery Target Command Execution (Metasploit)
CVE-2020-865605 mar 2020
An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthe
60RISCO
abrir
Exploit-DB
EyesOfNetwork - AutoDiscovery Target Command Execution (Metasploit)
CVE-2020-8657CRITICALsob ataque05 mar 2020
An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include
100RISCO
abrir
Exploit-DB
EyesOfNetwork - AutoDiscovery Target Command Execution (Metasploit)
CVE-2020-8655HIGHsob ataque05 mar 2020
An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability
98RISCO
abrir
Exploit-DB
Microsoft Windows - 'WizardOpium' Local Privilege Escalation
CVE-2019-1458HIGHsob ataqueransomware03 mar 2020
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
100RISCO
abrir
Exploit-DB
Alfresco 5.2.4 - Persistent Cross-Site Scripting
CVE-2020-877703 mar 2020
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a user profile photo,
23RISCO
abrir
Exploit-DB
Alfresco 5.2.4 - Persistent Cross-Site Scripting
CVE-2020-877603 mar 2020
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a
23RISCO
abrir
Exploit-DB
Alfresco 5.2.4 - Persistent Cross-Site Scripting
CVE-2020-877803 mar 2020
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document,
23RISCO
abrir
Exploit-DB
TL-WR849N 0.9.1 4.16 - Authentication Bypass (Upload Firmware)
CVE-2019-1914302 mar 2020
TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to replace the firmware via a POST request to the cgi
23RISCO
abrir
Exploit-DB
Joplin Desktop 1.0.184 - Cross-Site Scripting
CVE-2020-903802 mar 2020
Joplin through 1.0.184 allows Arbitrary File Read via XSS.
23RISCO
abrir
Exploit-DB
WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)
CVE-2020-861502 mar 2020
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves a
38RISCO
abrir
Exploit-DB
Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution
CVE-2020-0688HIGHsob ataqueransomware02 mar 2020
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle o
100RISCO
abrir
Exploit-DB
TP LINK TL-WR849N - Remote Code Execution
CVE-2020-937402 mar 2020
On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploit
35RISCO
abrir
Exploit-DB
Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload)
CVE-2019-1914202 mar 2020
Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmwa
23RISCO
abrir
Exploit-DB
CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow
CVE-2020-801202 mar 2020
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerabi
60RISCO
abrir
Exploit-DB
qdPM < 9.1 - Remote Code Execution
CVE-2020-724628 fev 2020
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code
60RISCO
abrir
Exploit-DB
OpenSMTPD < 6.6.3p1 - Local Privilege Escalation + Remote Code Execution
CVE-2020-879426 fev 2020
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for mult
60RISCO
abrir
Exploit-DB
Go SSH servers 0.0.2 - Denial of Service (PoC)
CVE-2020-928324 fev 2020
golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the
28RISCO
abrir
Exploit-DB
Avaya IP Office Application Server 11.0.0.0 - Reflective Cross-Site Scripting
CVE-2019-7004MEDIUM24 fev 2020
Avaya IP Office XSS Vulnerability
33RISCO
abrir
Exploit-DB
Android Binder - Use-After-Free (Metasploit)
CVE-2019-2215HIGHsob ataque24 fev 2020
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interacti
100RISCO
abrir
Exploit-DB
Apache James Server 2.3.2 - Insecure User Creation Arbitrary File Write (Metasploit)
CVE-2015-761124 fev 2020
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary syst
50RISCO
abrir
Exploit-DB
ManageEngine EventLog Analyzer 10.0 - Information Disclosure
CVE-2019-1977424 fev 2020
An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetai
28RISCO
abrir
Exploit-DB
Apache Tomcat - AJP 'Ghostcat File Read/Inclusion
CVE-2020-1938CRITICALsob ataque20 fev 2020
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RISCO
abrir
Exploit-DB
Anviz CrossChex - Buffer Overflow (Metasploit)
CVE-2019-1251817 fev 2020
Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability.
50RISCO
abrir
Exploit-DB
MSI Packages Symbolic Links Processing - Windows 10 Privilege Escalation
CVE-2020-0683HIGHsob ataque17 fev 2020
An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'W
71RISCO
abrir
anteriorpágina 47 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.