Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
22.469 exploits
Exploit-DB
PANDORAFMS 7.0 - Authenticated Remote Code Execution
CVE-2020-894713 fev 2020
functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metac
28RISCO
abrir
Exploit-DB
HP System Event Utility - Local Privilege Escalation
CVE-2019-1891512 fev 2020
A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version
23RISCO
abrir
Exploit-DB
OpenSMTPD 6.4.0 < 6.6.1 - Local Privilege Escalation + Remote Code Execution
CVE-2020-7247CRITICALsob ataque11 fev 2020
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to
100RISCO
abrir
Exploit-DB
CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting
CVE-2020-883911 fev 2020
Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter devices before 1.16.00, as demonstrated by the /if.cg
23RISCO
abrir
Exploit-DB
Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting
CVE-2020-882511 fev 2020
index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS.
23RISCO
abrir
Exploit-DB
WordPress Plugin LearnDash LMS 3.1.2 - Reflective Cross-Site Scripting
CVE-2020-710810 fev 2020
The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field.
23RISCO
abrir
Exploit-DB
Dota 2 7.23f - Denial of Service (PoC)
CVE-2020-794910 fev 2020
schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by
23RISCO
abrir
Exploit-DB
OpenSMTPD - MAIL FROM Remote Code Execution (Metasploit)
CVE-2020-7247CRITICALsob ataque10 fev 2020
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to
100RISCO
abrir
Exploit-DB
iOS/macOS - Out-of-Bounds Timestamp Write in IOAccelCommandQueue2::processSegmentKernelCommand()
CVE-2020-3837HIGHsob ataque10 fev 2020
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3
76RISCO
abrir
Exploit-DB
D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi (Metasploit)
CVE-2019-2021510 fev 2020
D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the
60RISCO
abrir
Exploit-DB
Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting
CVE-2019-614610 fev 2020
It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version 8.x, via host heade
23RISCO
abrir
Exploit-DB
Ricoh Driver - Privilege Escalation (Metasploit)
CVE-2019-1936310 fev 2020
An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attacker
38RISCO
abrir
Exploit-DB
EyesOfNetwork 5.3 - Remote Code Execution
CVE-2020-8655HIGHsob ataque07 fev 2020
An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability
98RISCO
abrir
Exploit-DB
Windscribe - WindscribeService Named Pipe Privilege Escalation (Metasploit)
CVE-2018-1147907 fev 2020
The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe s
38RISCO
abrir
Exploit-DB
EyesOfNetwork 5.3 - Remote Code Execution
CVE-2020-865407 fev 2020
An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoD
60RISCO
abrir
Exploit-DB
EyesOfNetwork 5.3 - Remote Code Execution
CVE-2020-865607 fev 2020
An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthe
60RISCO
abrir
Exploit-DB
Cisco Data Center Network Manager 11.2 - Remote Code Execution
CVE-2019-15975CRITICAL06 fev 2020
Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
85RISCO
abrir
Exploit-DB
Cisco Data Center Network Manager 11.2.1 - 'LanFabricImpl' Command Injection
CVE-2019-15977CRITICAL06 fev 2020
Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
60RISCO
abrir
Exploit-DB
Cisco Data Center Network Manager 11.2.1 - 'getVmHostData' SQL Injection
CVE-2019-15976CRITICAL06 fev 2020
Cisco Data Center Network Manager Authentication Bypass Vulnerabilities
70RISCO
abrir
Exploit-DB
Cisco Data Center Network Manager 11.2.1 - 'LanFabricImpl' Command Injection
CVE-2019-15978HIGH06 fev 2020
Cisco Data Center Network Manager Command Injection Vulnerabilities
53RISCO
abrir
Exploit-DB
Cisco Data Center Network Manager 11.2.1 - 'getVmHostData' SQL Injection
CVE-2019-15984HIGH06 fev 2020
Cisco Data Center Network Manager SQL Injection Vulnerabilities
53RISCO
abrir
Exploit-DB
Sudo 1.8.25p - 'pwfeedback' Buffer Overflow
CVE-2019-1863406 fev 2020
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the
28RISCO
abrir
Exploit-DB
xglance-bin 11.00 - Privilege Escalation
CVE-2014-263005 fev 2020
Unspecified vulnerability in HP Operations Agent 11.00, when Glance is used, allows local users to gain privileges via u
38RISCO
abrir
Exploit-DB
Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure (PoC)
CVE-2019-1071605 fev 2020
An Information Disclosure issue in Verodin Director 3.5.3.1 and earlier reveals usernames and passwords of integrated se
23RISCO
abrir
Exploit-DB
Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation
CVE-2020-8493MEDIUM05 fev 2020
A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions before 4.0 via
33RISCO
abrir
Exploit-DB
Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation
CVE-2020-8495HIGH05 fev 2020
In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate se
41RISCO
abrir
Exploit-DB
Sudo 1.8.25p - 'pwfeedback' Buffer Overflow (PoC)
CVE-2019-1863404 fev 2020
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the
28RISCO
abrir
Exploit-DB
IceWarp WebMail 11.4.4.1 - Reflective Cross-Site Scripting
CVE-2020-851203 fev 2020
In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.
43RISCO
abrir
Exploit-DB
School ERP System 1.0 - Cross Site Request Forgery (Add Admin)
CVE-2020-850403 fev 2020
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrati
23RISCO
abrir
Exploit-DB
Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection
CVE-2018-777703 fev 2020
The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Ele
35RISCO
abrir
anteriorpágina 48 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.