Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
3.462 exploits
Metasploit300
SSL/TLS Version Detection
CVE-2016-080014 out 2014
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to se
40RISCO
abrir
Metasploit300
SSL/TLS Version Detection
CVE-2015-4000LOW14 out 2014
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not pro
45RISCO
abrir
Metasploit300
SSL/TLS Version Detection
CVE-2013-2566MEDIUM14 out 2014
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for
50RISCO
abrir
Metasploit300
SSL/TLS Version Detection
CVE-2014-3566LOW14 out 2014
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which mak
45RISCO
abrir
Metasploit300
SSL/TLS Version Detection
CVE-2022-335814 out 2014
Using a Custom Cipher with NID_undef may lead to NULL encryption
18RISCO
abrir
Metasploit600
TWiki Debugenableplugins Remote Code Execution
CVE-2014-723609 out 2014
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary
50RISCO
abrir
Metasploit300
BMC / Numara Track-It! Domain Administrator and SQL Server User Password Disclosure
CVE-2014-487207 out 2014
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbit
60RISCO
abrir
Metasploit600
Numara / BMC Track-It! FileStorageService Arbitrary File Upload
CVE-2014-487207 out 2014
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbit
60RISCO
abrir
Metasploit300
Android Open Source Platform (AOSP) Browser UXSS
CVE-2014-604104 out 2014
The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribu
23RISCO
abrir
Metasploit300
MS15-001 Microsoft Windows NtApphelpCacheControl Improper Authorization Check
CVE-2015-000230 set 2014
The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1,
43RISCO
abrir
Metasploit600
IPFire Bash Environment Variable Injection (Shellshock)
CVE-2014-6271CRITICALsob ataque29 set 2014
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir
Metasploit600
Joomla Akeeba Kickstart Unserialize Remote Code Execution
CVE-2014-722829 set 2014
Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeb
50RISCO
abrir
Metasploit600
ManageEngine OpManager and Social IT Arbitrary File Upload
CVE-2014-603427 set 2014
Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in Z
60RISCO
abrir
Metasploit600
Wordpress InfusionSoft Upload Vulnerability
CVE-2014-644625 set 2014
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows
50RISCO
abrir
Metasploit600
CUPS Filter Bash Environment Variable Code Injection (Shellshock)
CVE-2014-6271CRITICALsob ataque24 set 2014
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir
Metasploit600
Pure-FTPd External Authentication Bash Environment Variable Code Injection (Shellshock)
CVE-2014-6271CRITICALsob ataque24 set 2014
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir
Metasploit600
CUPS Filter Bash Environment Variable Code Injection (Shellshock)
CVE-2014-6278HIGHsob ataque24 set 2014
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi
100RISCO
abrir
Metasploit300
Qmail SMTP Bash Environment Variable Injection (Shellshock)
CVE-2014-6271CRITICALsob ataque24 set 2014
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir
Metasploit600
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
CVE-2014-6271CRITICALsob ataque24 set 2014
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir
Metasploit300
Apache mod_cgi Bash Environment Variable Injection (Shellshock) Scanner
CVE-2014-6278HIGHsob ataque24 set 2014
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi
100RISCO
abrir
Metasploit300
Apache mod_cgi Bash Environment Variable Injection (Shellshock) Scanner
CVE-2014-6271CRITICALsob ataque24 set 2014
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir
Metasploit600
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
CVE-2014-6278HIGHsob ataque24 set 2014
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi
100RISCO
abrir
Metasploit600
Dhclient Bash Environment Variable Injection (Shellshock)
CVE-2014-6271CRITICALsob ataque24 set 2014
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir
Metasploit0
Mac OS X IOKit Keyboard Driver Root Privilege Escalation
CVE-2014-4404HIGHsob ataque24 set 2014
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitr
98RISCO
abrir
Metasploit300
OS X VMWare Fusion Privilege Escalation via Bash Environment Code Injection (Shellshock)
CVE-2014-6271CRITICALsob ataque24 set 2014
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir
Metasploit300
DHCP Client Bash Environment Variable Code Injection (Shellshock)
CVE-2014-6271CRITICALsob ataque24 set 2014
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir
Metasploit500
Adobe Flash Player copyPixelsToByteArray Method Integer Overflow
CVE-2014-055623 set 2014
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS
60RISCO
abrir
Metasploit600
Phpwiki Ploticus Remote Code Execution
CVE-2014-551911 set 2014
The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a dev
50RISCO
abrir
Metasploit600
Rejetto HttpFileServer Remote Command Execution
CVE-2014-6287CRITICALsob ataque11 set 2014
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c a
100RISCO
abrir
Metasploit300
MS14-052 Microsoft Internet Explorer XMLDOM Filename Disclosure
CVE-2013-7331MEDIUMsob ataque09 set 2014
The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the exist
70RISCO
abrir
anteriorpágina 55 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.