Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.116exploits catalogados
31.651CVEs com exploração pública
0testados em laboratório
22.469 exploits
Exploit-DB
Apache Httpd mod_proxy - Error Page Cross-Site Scripting
CVE-2019-1009214 out 2019
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page
60RISCO
abrir
Exploit-DB
TP-Link TL-WR1043ND 2 - Authentication Bypass
CVE-2019-697110 out 2019
An issue was discovered on TP-Link TL-WR1043ND V2 devices. An attacker can send a cookie in an HTTP authentication packe
28RISCO
abrir
Exploit-DB
Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
CVE-2019-134510 out 2019
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Window
23RISCO
abrir
Exploit-DB
Microsoft Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
CVE-2019-134410 out 2019
An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memo
23RISCO
abrir
Exploit-DB
Microsoft Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
CVE-2019-136410 out 2019
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle o
23RISCO
abrir
Exploit-DB
Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File
CVE-2019-134710 out 2019
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Servi
28RISCO
abrir
Exploit-DB
Microsoft Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
CVE-2019-134310 out 2019
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Servi
28RISCO
abrir
Exploit-DB
Microsoft Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
CVE-2019-134610 out 2019
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Servi
28RISCO
abrir
Exploit-DB
SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery
CVE-2019-13529HIGH10 out 2019
An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform action
41RISCO
abrir
Exploit-DB
XNU - Remote Double-Free via Data Race in IPComp Input Path
CVE-2019-871709 out 2019
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15, tvOS
23RISCO
abrir
Exploit-DB
CheckPoint Endpoint Security Client/ZoneAlarm 15.4.062.17802 - Privilege Escalation
CVE-2019-845207 out 2019
A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security clien
23RISCO
abrir
Exploit-DB
vBulletin 5.0 < 5.5.4 - 'updateAvatar' Authenticated Remote Code Execution
CVE-2019-1713207 out 2019
vBulletin through 5.5.4 mishandles custom avatars.
28RISCO
abrir
Exploit-DB
Subrion 4.2.1 - 'Email' Persistant Cross-Site Scripting
CVE-2019-1722507 out 2019
Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" i
23RISCO
abrir
Exploit-DB
IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload
CVE-2019-4013CRITICAL07 out 2019
IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root pr
53RISCO
abrir
Exploit-DB
Android - Binder Driver Use-After-Free
CVE-2019-2215HIGHsob ataque04 out 2019
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interacti
100RISCO
abrir
Exploit-DB
AnchorCMS < 0.12.3a - Information Disclosure
CVE-2018-725103 out 2019
An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contain
60RISCO
abrir
Exploit-DB
mintinstall 7.9.9 - Code Execution
CVE-2019-1708003 out 2019
mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows code execution if a REVIEWS_CACHE file is controlled by a
23RISCO
abrir
Exploit-DB
DOUBLEPULSAR - Payload Execution and Neutralization (Metasploit)
CVE-2017-0143HIGHsob ataqueransomware02 out 2019
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir
Exploit-DB
DOUBLEPULSAR - Payload Execution and Neutralization (Metasploit)
CVE-2017-0144HIGHsob ataqueransomware02 out 2019
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir
Exploit-DB
DOUBLEPULSAR - Payload Execution and Neutralization (Metasploit)
CVE-2017-0148HIGHsob ataqueransomware02 out 2019
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir
Exploit-DB
DOUBLEPULSAR - Payload Execution and Neutralization (Metasploit)
CVE-2017-0145HIGHsob ataqueransomware02 out 2019
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir
Exploit-DB
DOUBLEPULSAR - Payload Execution and Neutralization (Metasploit)
CVE-2017-0146HIGHsob ataqueransomware02 out 2019
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir
Exploit-DB
DOUBLEPULSAR - Payload Execution and Neutralization (Metasploit)
CVE-2017-0147HIGHsob ataqueransomware02 out 2019
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir
Exploit-DB
DotNetNuke < 9.4.0 - Cross-Site Scripting
CVE-2019-1256201 out 2019
Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the mali
23RISCO
abrir
Exploit-DB
Cisco Small Business 220 Series - Multiple Vulnerabilities
CVE-2019-1914HIGH30 set 2019
Cisco Small Business 220 Series Smart Switches Command Injection Vulnerability
46RISCO
abrir
Exploit-DB
Cisco Small Business 220 Series - Multiple Vulnerabilities
CVE-2019-1912CRITICAL30 set 2019
Cisco Small Business 220 Series Smart Switches Authentication Bypass Vulnerability
53RISCO
abrir
Exploit-DB
GoAhead 2.5.0 - Host Header Injection
CVE-2019-1664530 set 2019
An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) cre
23RISCO
abrir
Exploit-DB
WordPress Plugin ARforms 3.7.1 - Arbitrary File Deletion
CVE-2019-1690230 set 2019
In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an
23RISCO
abrir
Exploit-DB
Cisco Small Business 220 Series - Multiple Vulnerabilities
CVE-2019-1913CRITICAL30 set 2019
Cisco Small Business 220 Series Smart Switches Remote Code Execution Vulnerabilities
53RISCO
abrir
Exploit-DB
vBulletin 5.x - Remote Command Execution (Metasploit)
CVE-2019-16759CRITICALsob ataque30 set 2019
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widge
100RISCO
abrir
anteriorpágina 54 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.