Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
22.469 exploits
Exploit-DB
IceWarp WebMail 11.4.4.1 - Reflective Cross-Site Scripting
CVE-2020-851203 fev 2020
In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.
43RISCO
abrir
Exploit-DB
Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection
CVE-2018-777703 fev 2020
The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Ele
35RISCO
abrir
Exploit-DB
BearFTP 0.1.0 - 'PASV' Denial of Service
CVE-2020-841603 fev 2020
IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial of service via a large volume of connections to th
28RISCO
abrir
Exploit-DB
School ERP System 1.0 - Cross Site Request Forgery (Add Admin)
CVE-2020-850503 fev 2020
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user.
23RISCO
abrir
Exploit-DB
School ERP System 1.0 - Cross Site Request Forgery (Add Admin)
CVE-2020-850403 fev 2020
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrati
23RISCO
abrir
Exploit-DB
OpenSMTPD 6.6.1 - Remote Code Execution
CVE-2020-7247CRITICALsob ataque30 jan 2020
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to
100RISCO
abrir
Exploit-DB
rConfig 3.9.3 - Authenticated Remote Code Execution
CVE-2019-1950930 jan 2020
An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a
60RISCO
abrir
Exploit-DB
Satellian 1.12 - Remote Code Execution
CVE-2020-798029 jan 2020
Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to th
60RISCO
abrir
Exploit-DB
XMLBlueprint 16.191112 - XML External Entity Injection
CVE-2019-1903229 jan 2020
XMLBlueprint through 16.191112 is affected by XML External Entity Injection. The impact is: Arbitrary File Read when an
23RISCO
abrir
Exploit-DB
Microsoft Windows 10 - Theme API 'ThemePack' File Parsing
CVE-2018-841329 jan 2020
A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files, aka "Windows T
35RISCO
abrir
Exploit-DB
Cups Easy 1.0 - Cross Site Request Forgery (Password Reset)
CVE-2020-842529 jan 2020
Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account deletion via userdelete.php.
23RISCO
abrir
Exploit-DB
Cups Easy 1.0 - Cross Site Request Forgery (Password Reset)
CVE-2020-842429 jan 2020
Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account takeover via passwordmychange.php
23RISCO
abrir
Exploit-DB
Adive Framework 2.0.8 - Cross-Site Request Forgery (Change Admin Password)
CVE-2020-799128 jan 2020
Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password.
23RISCO
abrir
Exploit-DB
Octeth Oempro 4.8 - 'CampaignID' SQL Injection
CVE-2019-1974028 jan 2020
Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get is vulnerable.
23RISCO
abrir
Exploit-DB
Microsoft Windows Kernel - Information Disclosure
CVE-2019-1125MEDIUM27 jan 2020
Windows Kernel Information Disclosure Vulnerability
33RISCO
abrir
Exploit-DB
Genexis Platinum-4410 2.1 - Authentication Bypass
CVE-2020-617024 jan 2020
An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cl
23RISCO
abrir
Exploit-DB
TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot
CVE-2019-1689324 jan 2020
The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated attacker to reboot the
35RISCO
abrir
Exploit-DB
qdPM 9.1 - Remote Code Execution
CVE-2020-724623 jan 2020
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code
60RISCO
abrir
Exploit-DB
Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)
CVE-2020-061023 jan 2020
A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated atta
35RISCO
abrir
Exploit-DB
Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)
CVE-2020-060923 jan 2020
A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated atta
45RISCO
abrir
Exploit-DB
Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)
CVE-2020-061023 jan 2020
A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated atta
35RISCO
abrir
Exploit-DB
Reliable Datagram Sockets (RDS) - rds_atomic_free_op NULL pointer dereference Privilege Escalation (Metasploit)
CVE-2018-533323 jan 2020
In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning
38RISCO
abrir
Exploit-DB
Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)
CVE-2020-060923 jan 2020
A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated atta
45RISCO
abrir
Exploit-DB
Reliable Datagram Sockets (RDS) - rds_atomic_free_op NULL pointer dereference Privilege Escalation (Metasploit)
CVE-2019-921323 jan 2020
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which make
38RISCO
abrir
Exploit-DB
Ricoh Printer Drivers - Local Privilege Escalation
CVE-2019-1936322 jan 2020
An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attacker
38RISCO
abrir
Exploit-DB
Citrix XenMobile Server 10.8 - XML External Entity Injection
CVE-2018-1065322 jan 2020
There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 befor
23RISCO
abrir
Exploit-DB
Microsoft SharePoint - Deserialization Remote Code Execution
CVE-2019-0604CRITICALsob ataqueransomware21 jan 2020
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup
100RISCO
abrir
Exploit-DB
Centreon 19.04 - Authenticated Remote Code Execution (Metasploit)
CVE-2019-1640520 jan 2020
Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code
28RISCO
abrir
Exploit-DB
Easy XML Editor 1.7.8 - XML External Entity Injection
CVE-2019-1903120 jan 2020
Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. The impact is: Arbitrary File Read and DoS
23RISCO
abrir
Exploit-DB
Plantronics Hub 3.13.2 - SpokesUpdateService Privilege Escalation (Metasploit)
CVE-2019-1574217 jan 2020
A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application
38RISCO
abrir
anteriorpágina 49 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.