Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit300
Joomla com_contenthistory Error-Based SQL Injection
CVE-2015-729722 out 2015
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via un
60RISCO
abrir
Metasploit0
Safari User-Assisted Applescript Exec Attack
CVE-2015-700716 out 2015
Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement f
50RISCO
abrir
Metasploit300
Limesurvey Unauthenticated File Download
CVE-2025-34120HIGH12 out 2015
LimeSurvey 2.0+ - 2.06+ Unauthenticated Arbitrary File Download via Serialized Backup Payload
36RISCO
abrir
Metasploit600
Wordpress Ajax Load More PHP Upload Vulnerability
CVE-2015-10140HIGH10 out 2015
Ajax Load More < 2.8.1.2 - Subscriber+ File Upload & Deletion
36RISCO
abrir
Metasploit300
ManageEngine ServiceDesk Plus Path Traversal
CVE-2011-275703 out 2015
Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remot
50RISCO
abrir
Metasploit300
PDF Shaper Buffer Overflow
CVE-2025-34106HIGH03 out 2015
PDF Shaper v3.5/3.6 Buffer Overflow via Convert to Image Feature
36RISCO
abrir
Metasploit300
Mac OS X 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation
CVE-2015-588901 out 2015
rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors inv
38RISCO
abrir
Metasploit300
Apache James Server 2.3.2 Insecure User Creation Arbitrary File Write
CVE-2015-761101 out 2015
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary syst
50RISCO
abrir
Metasploit600
Vtiger CRM - Authenticated Logo Upload RCE
CVE-2016-171328 set 2015
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger
43RISCO
abrir
Metasploit600
Vtiger CRM - Authenticated Logo Upload RCE
CVE-2015-600028 set 2015
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger
50RISCO
abrir
Metasploit300
PCMan FTP Server 2.0.7 Directory Traversal Information Disclosure
CVE-2015-760128 set 2015
Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..//
50RISCO
abrir
Metasploit300
BisonWare BisonFTP Server 3.5 Directory Traversal Information Disclosure
CVE-2015-760228 set 2015
Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (d
50RISCO
abrir
Metasploit600
Kaseya VSA uploader.aspx Arbitrary File Upload
CVE-2015-692223 set 2015
Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before
60RISCO
abrir
Metasploit300
Kaseya VSA Master Administrator Account Creation
CVE-2015-692223 set 2015
Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before
60RISCO
abrir
Metasploit300
Konica Minolta FTP Utility 1.00 Directory Traversal Information Disclosure
CVE-2015-760322 set 2015
Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via
50RISCO
abrir
Metasploit0
ManageEngine OpManager Remote Code Execution
CVE-2015-776614 set 2015
PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL q
60RISCO
abrir
Metasploit0
ManageEngine OpManager Remote Code Execution
CVE-2015-776514 set 2015
ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser a
50RISCO
abrir
Metasploit600
MS15-100 Microsoft Windows Media Center MCL Vulnerability
CVE-2015-250908 set 2015
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows user-assisted remo
60RISCO
abrir
Metasploit600
F5 iControl iCall::Script Root Command Execution
CVE-2015-362803 set 2015
The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 before 11.5.3 HF2 and 11.6.
50RISCO
abrir
Metasploit600
Nibbleblog File Upload Vulnerability
CVE-2015-696701 set 2015
Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to
50RISCO
abrir
Metasploit300
Boxoft WAV to MP3 Converter v1.1 Buffer Overflow
CVE-2015-724331 ago 2015
Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly
50RISCO
abrir
Metasploit600
WordPress Responsive Thumbnail Slider Arbitrary File Upload
CVE-2015-10144HIGH28 ago 2015
Responsive Thumbnail Slider < 1.0.1 - Authenticated (Subscriber+) Arbitrary File Upload
36RISCO
abrir
Metasploit600
phpFileManager 0.9.8 Remote Code Execution
CVE-2015-595828 ago 2015
phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL.
23RISCO
abrir
Metasploit600
MVPower DVR Shell Unauthenticated Command Execution
CVE-2016-20016CRITICAL23 ago 2015
MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /
85RISCO
abrir
Metasploit300
Konica Minolta FTP Utility 1.00 Post Auth CWD Command SEH Overflow
CVE-2015-776823 ago 2015
Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code via a long CWD comma
50RISCO
abrir
Metasploit600
ManageEngine ServiceDesk Plus Arbitrary File Upload
CVE-2019-8394HIGHsob ataque20 ago 2015
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via l
98RISCO
abrir
Metasploit600
Apache ActiveMQ 5.x-5.11.1 Directory Traversal Shell Upload
CVE-2015-183019 ago 2015
Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5
60RISCO
abrir
Metasploit300
WordPress Symposium Plugin SQL Injection
CVE-2015-652218 ago 2015
SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbi
60RISCO
abrir
Metasploit600
CMS Bolt File Upload Vulnerability
CVE-2015-730917 ago 2015
The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authent
50RISCO
abrir
Metasploit300
Android Stagefright MP4 tx3g Integer Overflow
CVE-2015-386413 ago 2015
Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in A
60RISCO
abrir
anteriorpágina 49 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.