Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
3.462 exploits
Metasploit300
HP Network Node Manager I PMD Buffer Overflow
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute ar
50RISCO
abrir ↗Metasploit600
ManageEngine Desktop Central StatusUpdate Arbitrary File Upload
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers
60RISCO
abrir ↗Metasploit600
ManageEngine Eventlog Analyzer Arbitrary File Upload
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8
60RISCO
abrir ↗Metasploit600
Wordpress SlideShow Gallery Authenticated File Upload
Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remot
60RISCO
abrir ↗Metasploit600
ActualAnalyzer 'ant' Cookie Command Execution
Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for pa
68RISCO
abrir ↗Metasploit300
ManageEngine DeviceExpert User Credentials
ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 build 5981 allows remote attackers to obtain user acc
50RISCO
abrir ↗Metasploit600
Railo Remote File Include
A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cf
50RISCO
abrir ↗Metasploit300
NTP Mode 7 PEER_LIST_SUM DoS Scanner
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service
60RISCO
abrir ↗Metasploit300
NTP Mode 7 PEER_LIST DoS Scanner
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service
60RISCO
abrir ↗Metasploit300
NTP Mode 6 REQ_NONCE DRDoS Scanner
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service
60RISCO
abrir ↗Metasploit300
NTP Mode 7 GET_RESTRICT DRDoS Scanner
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service
60RISCO
abrir ↗Metasploit300
NTP Mode 6 UNSETTRAP DRDoS Scanner
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service
60RISCO
abrir ↗Metasploit300
Netcore Router Udp 53413 Backdoor
Netcore / Netis Routers RCE via UDP Port 53413 Backdoor
68RISCO
abrir ↗Metasploit600
SolarWinds Storage Manager Authentication Bypass
The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scr
40RISCO
abrir ↗Metasploit300
Yokogawa BKBCopyD.exe Client
BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00
23RISCO
abrir ↗Metasploit300
Wordpress XMLRPC DoS
The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, doe
23RISCO
abrir ↗Metasploit0
HybridAuth install.php PHP Code Execution
HybridAuth 2.0.9 - 2.2.2 Unauthenticated RCE via install.php Configuration Injection
63RISCO
abrir ↗Metasploit600
Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection
Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute
60RISCO
abrir ↗Metasploit200
MQAC.sys Arbitrary Write Privilege Escalation
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write
43RISCO
abrir ↗Metasploit200
MS14-062 Microsoft Bluetooth Personal Area Networking (BthPan.sys) Privilege Escalation
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write
43RISCO
abrir ↗Metasploit300
Advantech WebAccess dvs.ocx GetColor Buffer Overflow
Advantech WebAccess Stack-Based Buffer Overflow
68RISCO
abrir ↗Metasploit200
VirtualBox Guest Additions VBoxGuest.sys Privilege Escalation
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.2
38RISCO
abrir ↗Metasploit300
Flash "Rosetta" JSONP GET/POST Response Disclosure
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Ad
23RISCO
abrir ↗Metasploit600
Wordpress MailPoet Newsletters (wysija-newsletters) Unauthenticated File Upload
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authen
50RISCO
abrir ↗Metasploit600
Gitlist Unauthenticated Remote Command Execution
Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in
60RISCO
abrir ↗Metasploit600
VMTurbo Operations Manager vmtadmin.cgi Remote Command Execution
vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands
60RISCO
abrir ↗Metasploit600
Wing FTP Server Authenticated Command Execution
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RISCO
abrir ↗Metasploit600
ManageEngine Desktop Central / Password Manager LinkViewFetchServlet.dat SQL Injection
SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central
50RISCO
abrir ↗Metasploit300
OpenSSL DTLS Fragment Buffer Overflow DoS
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0
40RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.