Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit300
ManageEngine Multiple Products Arbitrary File Download
The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine Applications Manager before 11.9 build 11912, O
60RISCO
abrir ↗Metasploit500
Exim GHOST (glibc gethostbyname) Buffer Overflow
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18,
60RISCO
abrir ↗Metasploit600
IPass Control Pipe Remote Command Execution
The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via
50RISCO
abrir ↗Metasploit600
WordPress Platform Theme File Upload Vulnerability
Platform < 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Options Update
43RISCO
abrir ↗Metasploit300
Java Secure Socket Extension (JSSE) SKIP-TLS MITM Proxy
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.
50RISCO
abrir ↗Metasploit600
WordPress Pixabay Images PHP Code Upload
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remot
50RISCO
abrir ↗Metasploit400
MS15-004 Microsoft Remote Desktop Services Web Proxy IE Sandbox Escape
Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7
100RISCO
abrir ↗Metasploit600
WordPress WP EasyCart Unrestricted File Upload
Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka Wor
50RISCO
abrir ↗Metasploit300
McAfee ePolicy Orchestrator Authenticated XXE Credentials Exposure
McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers'
23RISCO
abrir ↗Metasploit300
McAfee ePolicy Orchestrator Authenticated XXE Credentials Exposure
XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x
23RISCO
abrir ↗Metasploit600
ASUS infosvr Auth Bypass Command Execution
common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC
60RISCO
abrir ↗Metasploit300
ManageEngine Desktop Central Administrator Account Creation
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote at
60RISCO
abrir ↗Metasploit600
Malicious Git and Mercurial HTTP Server For CVE-2014-9390
Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS
30RISCO
abrir ↗Metasploit300
Achat Unicode SEH Buffer Overflow
Achat v0.150 SEH Buffer Overflow via UDP
63RISCO
abrir ↗Metasploit300
Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Scanner
AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows re
30RISCO
abrir ↗Metasploit300
Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Authentication Bypass
AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows re
30RISCO
abrir ↗Metasploit400
Malwarebytes Anti-Malware and Anti-Exploit Update Remote Code Execution
The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE)
43RISCO
abrir ↗Metasploit600
Symantec Web Gateway 5 restore.php Post Authentication Command Injection
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to exe
50RISCO
abrir ↗Metasploit600
ManageEngine Multiple Products Authenticated File Upload
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 t
60RISCO
abrir ↗Metasploit600
WordPress WP Symposium 14.11 Shell Upload
Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote
50RISCO
abrir ↗Metasploit300
BMC TrackIt! Unauthenticated Arbitrary User Password Change
BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose na
23RISCO
abrir ↗Metasploit600
Lexmark MarkVision Enterprise Arbitrary File Upload
Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allo
60RISCO
abrir ↗Metasploit600
ProjectSend Arbitrary File Upload
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows rem
50RISCO
abrir ↗Metasploit300
ManageEngine NetFlow Analyzer Arbitrary File Download
Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 a
60RISCO
abrir ↗Metasploit600
Tuleap PHP Unserialize Code Execution
project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated
43RISCO
abrir ↗Metasploit600
WordPress RevSlider File Upload and Execute Vulnerability
The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier
60RISCO
abrir ↗Metasploit300
Arris VAP2500 tools_command.php Command Execution
Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute ar
50RISCO
abrir ↗Metasploit300
Arris VAP2500 tools_command.php Command Execution
ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authenticatio
50RISCO
abrir ↗Metasploit300
Adobe Flash Player PCRE Regex Vulnerability
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442
60RISCO
abrir ↗Metasploit300
WordPress Long Password DoS
The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x
60RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.