Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit300
SSL/TLS Version Detection
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to se
40RISCO
abrir ↗Metasploit300
SSL/TLS Version Detection
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not pro
45RISCO
abrir ↗Metasploit300
SSL/TLS Version Detection
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for
50RISCO
abrir ↗Metasploit300
SSL/TLS Version Detection
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which mak
45RISCO
abrir ↗Metasploit300
SSL/TLS Version Detection
Using a Custom Cipher with NID_undef may lead to NULL encryption
18RISCO
abrir ↗Metasploit600
TWiki Debugenableplugins Remote Code Execution
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary
50RISCO
abrir ↗Metasploit300
BMC / Numara Track-It! Domain Administrator and SQL Server User Password Disclosure
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbit
60RISCO
abrir ↗Metasploit600
Numara / BMC Track-It! FileStorageService Arbitrary File Upload
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbit
60RISCO
abrir ↗Metasploit300
Android Open Source Platform (AOSP) Browser UXSS
The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribu
23RISCO
abrir ↗Metasploit300
MS15-001 Microsoft Windows NtApphelpCacheControl Improper Authorization Check
The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1,
43RISCO
abrir ↗Metasploit600
IPFire Bash Environment Variable Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir ↗Metasploit600
Joomla Akeeba Kickstart Unserialize Remote Code Execution
Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeb
50RISCO
abrir ↗Metasploit600
ManageEngine OpManager and Social IT Arbitrary File Upload
Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in Z
60RISCO
abrir ↗Metasploit600
Wordpress InfusionSoft Upload Vulnerability
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows
50RISCO
abrir ↗Metasploit600
CUPS Filter Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir ↗Metasploit600
Pure-FTPd External Authentication Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir ↗Metasploit600
CUPS Filter Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi
100RISCO
abrir ↗Metasploit300
Qmail SMTP Bash Environment Variable Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir ↗Metasploit600
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir ↗Metasploit300
Apache mod_cgi Bash Environment Variable Injection (Shellshock) Scanner
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi
100RISCO
abrir ↗Metasploit300
Apache mod_cgi Bash Environment Variable Injection (Shellshock) Scanner
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir ↗Metasploit600
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi
100RISCO
abrir ↗Metasploit600
Dhclient Bash Environment Variable Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir ↗Metasploit0
Mac OS X IOKit Keyboard Driver Root Privilege Escalation
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitr
98RISCO
abrir ↗Metasploit300
OS X VMWare Fusion Privilege Escalation via Bash Environment Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir ↗Metasploit300
DHCP Client Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir ↗Metasploit500
Adobe Flash Player copyPixelsToByteArray Method Integer Overflow
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS
60RISCO
abrir ↗Metasploit600
Phpwiki Ploticus Remote Code Execution
The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a dev
50RISCO
abrir ↗Metasploit600
Rejetto HttpFileServer Remote Command Execution
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c a
100RISCO
abrir ↗Metasploit300
MS14-052 Microsoft Internet Explorer XMLDOM Filename Disclosure
The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the exist
70RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.