Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
22.469 exploits
Exploit-DB
Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal
CVE-2019-19781CRITICALsob ataqueransomware16 jan 2020
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. Th
100RISCO
abrir
Exploit-DB
WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting
CVE-2019-2020416 jan 2020
The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/* at the beginn
23RISCO
abrir
Exploit-DB
Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting
CVE-2020-209616 jan 2020
Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a ref
60RISCO
abrir
Exploit-DB
Barco WePresent - file_transfer.cgi Command Injection (Metasploit)
CVE-2019-3929CRITICALsob ataque15 jan 2020
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Ba
100RISCO
abrir
Exploit-DB
Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing Certificate
CVE-2020-0601HIGHsob ataque15 jan 2020
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) c
93RISCO
abrir
Exploit-DB
Citrix Application Delivery Controller and Gateway 10.5 - Remote Code Execution (Metasploit)
CVE-2019-19781CRITICALsob ataqueransomware13 jan 2020
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. Th
100RISCO
abrir
Exploit-DB
Digi AnywhereUSB 14 - Reflective Cross-Site Scripting
CVE-2019-1885913 jan 2020
Digi AnywhereUSB 14 allows XSS via a link for the Digi Page.
23RISCO
abrir
Exploit-DB
Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution (PoC)
CVE-2019-19781CRITICALsob ataqueransomware11 jan 2020
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. Th
100RISCO
abrir
Exploit-DB
Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution
CVE-2019-1978MEDIUM11 jan 2020
Cisco Firepower Threat Defense Software Stream Reassembly Bypass Vulnerability
33RISCO
abrir
Exploit-DB
PixelStor 5000 K:4.0.1580-20150629 - Remote Code Execution
CVE-2020-6756CRITICAL10 jan 2020
languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows unauthenticated attackers to re
53RISCO
abrir
Exploit-DB
TotalAV 2020 4.14.31 - Privilege Escalation
CVE-2019-1819410 jan 2020
TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junctio
23RISCO
abrir
Exploit-DB
Oracle Weblogic 10.3.6.0.0 - Remote Command Execution
CVE-2019-2729CRITICAL09 jan 2020
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supporte
85RISCO
abrir
Exploit-DB
Cisco DCNM JBoss 10.4 - Credential Leakage
CVE-2019-15999MEDIUM08 jan 2020
Cisco Data Center Network Manager JBoss EAP Unauthorized Access Vulnerability
33RISCO
abrir
Exploit-DB
JetBrains TeamCity 2018.2.4 - Remote Code Execution
CVE-2019-1503908 jan 2020
An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in
28RISCO
abrir
Exploit-DB
EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow
CVE-2017-362308 jan 2020
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel RPC). For supported ve
28RISCO
abrir
Exploit-DB
Microsoft Windows 10 (19H1 1901 x64) - 'ws2ifsl.sys' Use After Free Local Privilege Escalation (kASLR kCFG SMEP)
CVE-2019-1215HIGHsob ataqueransomware07 jan 2020
An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Win
76RISCO
abrir
Exploit-DB
piSignage 2.6.4 - Directory Traversal
CVE-2019-2035407 jan 2020
The web application component of piSignage before 2.6.4 allows a remote attacker (authenticated as a low-privilege user)
23RISCO
abrir
Exploit-DB
Microsoft Windows - Shell COM Server Registrar Local Privilege Escalation
CVE-2019-1184MEDIUM02 jan 2020
Windows Elevation of Privilege Vulnerability
55RISCO
abrir
Exploit-DB
nostromo 1.9.6 - Remote Code Execution
CVE-2019-16278CRITICALsob ataque01 jan 2020
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote co
100RISCO
abrir
Exploit-DB
Sony Playstation 4 (PS4) < 6.72 - WebKit Code Execution (PoC)
CVE-2018-438631 dez 2019
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iO
23RISCO
abrir
Exploit-DB
Microsoft UPnP - Local Privilege Elevation (Metasploit)
CVE-2019-1322HIGHsob ataqueransomware30 dez 2019
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft W
91RISCO
abrir
Exploit-DB
OpenBSD - Dynamic Loader chpass Privilege Escalation (Metasploit)
CVE-2019-1972630 dez 2019
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be
38RISCO
abrir
Exploit-DB
Microsoft UPnP - Local Privilege Elevation (Metasploit)
CVE-2019-1405HIGHsob ataqueransomware30 dez 2019
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows
91RISCO
abrir
Exploit-DB
FreeBSD-SA-19:02.fd - Privilege Escalation
CVE-2019-559630 dez 2019
In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEAS
23RISCO
abrir
Exploit-DB
Django < 3.0 < 2.2 < 1.11 - Account Hijack
CVE-2019-1984424 dez 2019
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address
35RISCO
abrir
Exploit-DB
Rumpus FTP Web File Manager 8.2.9.1 - Reflected Cross-Site Scripting
CVE-2019-1936818 dez 2019
A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker ca
43RISCO
abrir
Exploit-DB
OpenMRS - Java Deserialization RCE (Metasploit)
CVE-2018-19276CRITICAL18 dez 2019
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated use
85RISCO
abrir
Exploit-DB
Telerik UI - Remote Code Execution via Insecure Deserialization
CVE-2019-18935CRITICALsob ataqueransomware18 dez 2019
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUp
100RISCO
abrir
Exploit-DB
OpenBSD 6.x - Dynamic Loader Privilege Escalation
CVE-2019-1972616 dez 2019
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be
38RISCO
abrir
Exploit-DB
Roxy Fileman 1.4.5 - Directory Traversal
CVE-2019-1973116 dez 2019
Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary loc
28RISCO
abrir
anteriorpágina 50 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.