Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
22.469 exploits
Exploit-DB
Jenkins build-metrics plugin 1.3 - 'label' Cross-Site Scripting
CVE-2019-1047508 nov 2019
A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML
50RISCO
abrir
Exploit-DB
Android Janus - APK Signature Bypass (Metasploit)
CVE-2017-1315608 nov 2019
An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0,
43RISCO
abrir
Exploit-DB
Adive Framework 2.0.7 - Privilege Escalation
CVE-2019-1434708 nov 2019
Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an ad
23RISCO
abrir
Exploit-DB
rConfig - install Command Execution (Metasploit)
CVE-2019-1666208 nov 2019
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to a
60RISCO
abrir
Exploit-DB
JavaScriptCore - Type Confusion During Bailout when Reconstructing Arguments Objects
CVE-2019-882005 nov 2019
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPad
23RISCO
abrir
Exploit-DB
Micro Focus (HPE) Data Protector - SUID Privilege Escalation (Metasploit)
CVE-2019-1166004 nov 2019
Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30,
38RISCO
abrir
Exploit-DB
Nostromo - Directory Traversal Remote Command Execution (Metasploit)
CVE-2019-16278CRITICALsob ataque01 nov 2019
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote co
100RISCO
abrir
Exploit-DB
Apache Solr 8.2.0 - Remote Code Execution
CVE-2019-17558HIGHsob ataque01 nov 2019
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A V
100RISCO
abrir
Exploit-DB
MikroTik RouterOS 6.45.6 - DNS Cache Poisoning
CVE-2019-397831 out 2019
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queri
28RISCO
abrir
Exploit-DB
JavaScriptCore - GetterSetter Type Confusion During DFG Compilation
CVE-2019-876530 out 2019
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Proc
23RISCO
abrir
Exploit-DB
Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass (MS15-014)
CVE-2015-000929 out 2019
The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, W
23RISCO
abrir
Exploit-DB
rConfig 3.9.2 - Remote Code Execution
CVE-2019-1666229 out 2019
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to a
60RISCO
abrir
Exploit-DB
Microsoft Windows Server 2012 - 'Group Policy' Remote Code Execution (MS15-011)
CVE-2015-000829 out 2019
The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Wind
28RISCO
abrir
Exploit-DB
PHP-FPM + Nginx - Remote Code Execution
CVE-2019-11043HIGHsob ataqueransomware28 out 2019
Underflow in PHP-FPM can lead to RCE
100RISCO
abrir
Exploit-DB
ClonOs WEB UI 19.09 - Improper Access Control
CVE-2019-1841825 out 2019
clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests be
23RISCO
abrir
Exploit-DB
Linux Polkit - pkexec helper PTRACE_TRACEME local root (Metasploit)
CVE-2019-13272HIGHsob ataque24 out 2019
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a proce
98RISCO
abrir
Exploit-DB
Rocket.Chat 2.1.0 - Cross-Site Scripting
CVE-2019-1722023 out 2019
Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line.
23RISCO
abrir
Exploit-DB
Total.js CMS 12 - Widget JavaScript Code Injection (Metasploit)
CVE-2019-1595422 out 2019
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote
60RISCO
abrir
Exploit-DB
Moxa EDR-810 - Command Injection / Information Disclosure
CVE-2019-1096922 out 2019
Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthor
23RISCO
abrir
Exploit-DB
Moxa EDR-810 - Command Injection / Information Disclosure
CVE-2019-1096322 out 2019
Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from
23RISCO
abrir
Exploit-DB
Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution
CVE-2019-949121 out 2019
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to
28RISCO
abrir
Exploit-DB
Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed JP2 Stream (2)
CVE-2019-819721 out 2019
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier,
28RISCO
abrir
Exploit-DB
Solaris 11.4 - xscreensaver Privilege Escalation
CVE-2019-3010HIGHsob ataque21 out 2019
Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is a
91RISCO
abrir
Exploit-DB
ThinVNC 1.0b1 - Authentication Bypass
CVE-2019-1766217 out 2019
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exi
60RISCO
abrir
Exploit-DB
Whatsapp 2.19.216 - Remote Code Execution
CVE-2019-1193216 out 2019
A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version
35RISCO
abrir
Exploit-DB
sudo 1.8.27 - Security Bypass
CVE-2019-1428715 out 2019
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and se
35RISCO
abrir
Exploit-DB
Kirona-DRS 5.5.3.5 - Information Disclosure
CVE-2019-1750314 out 2019
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REG
50RISCO
abrir
Exploit-DB
WordPress Core < 5.2.3 - Viewing Unauthenticated/Password/Private Posts
CVE-2019-1767114 out 2019
In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is m
50RISCO
abrir
Exploit-DB
Apache Httpd mod_rewrite - Open Redirects
CVE-2019-1009814 out 2019
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential m
60RISCO
abrir
Exploit-DB
Apache Httpd mod_proxy - Error Page Cross-Site Scripting
CVE-2019-1009214 out 2019
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page
60RISCO
abrir
anteriorpágina 53 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.