Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
4.187 exploits
Nucleihigh
Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI
CVE-2010-2861CRITICALsob ataqueransomware
Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow re
100RISCO
abrir
Nucleihigh
Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion
PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component
43RISCO
abrir
Nucleimedium
Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion
Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allow
38RISCO
abrir
Nucleimedium
Joomla! Component PicSell 1.0 - Arbitrary File Retrieval
Directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read
38RISCO
abrir
Nucleihigh
Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion
Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remo
43RISCO
abrir
Nucleihigh
Camtron CMNC-200 IP Camera - Directory Traversal
Directory traversal vulnerability in the web-based administration interface on the Camtron CMNC-200 Full HD IP Camera an
38RISCO
abrir
Nucleicritical
Tiki Wiki CMS Groupware 5.2 - Local File Inclusion
Tiki Wiki CMS Groupware 5.2 has Local File Inclusion
23RISCO
abrir
Nucleihigh
Pandora Fms < 3.1.1 - Directory Traversal
Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute a
43RISCO
abrir
Nucleimedium
Joomla! Component JotLoader 2.2.1 - Local File Inclusion
Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers t
38RISCO
abrir
Nucleihigh
Joomla! Component JRadio - Local File Inclusion
Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to r
43RISCO
abrir
Nucleihigh
Joomla! Component Jimtawl 1.0.2 - Local File Inclusion
Directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read a
38RISCO
abrir
Nucleihigh
Joomla! Component Canteen 1.0 - Local File Inclusion
SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers t
43RISCO
abrir
Nucleihigh
Joomla! Component JE Job 1.0 - Local File Inclusion
SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to e
38RISCO
abrir
Nucleimedium
MODx manager - Local File Inclusion
Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possi
43RISCO
abrir
Nucleicritical
Joomla! Component Jstore - 'Controller' Local File Inclusion
Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary
43RISCO
abrir
Nucleimedium
Majordomo2 - SMTP/HTTP Directory Traversal
Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allo
60RISCO
abrir
Nucleicritical
LotusCMS 3.0 - Remote Code Execution
Directory traversal vulnerability in core/lib/router.php in LotusCMS Fraise 3.0, when magic_quotes_gpc is disabled, allo
43RISCO
abrir
Nucleimedium
WP Custom Pages 0.5.0.1 - Local File Inclusion (LFI)
Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote a
43RISCO
abrir
Nucleimedium
Chyrp 2.x - Local File Inclusion
Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary loca
38RISCO
abrir
Nucleimedium
Chyrp 2.x - Local File Inclusion
Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitr
43RISCO
abrir
Nucleihigh
Cisco CUCM, UCCX, and Unified IP-IVR- Directory Traversal
Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x befor
43RISCO
abrir
Nucleihigh
Apache OFBiz - XML External Entity Injection
The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing
23RISCO
abrir
Nucleimedium
Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting
Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php.
38RISCO
abrir
Nucleimedium
Advanced Text Widget < 2.0.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress a
43RISCO
abrir
Nucleimedium
GRAND FlAGallery 1.57 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.5
18RISCO
abrir
Nucleimedium
WebTitan < 3.60 - Local File Inclusion
Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to r
38RISCO
abrir
Nucleimedium
Joomla! Component com_kp - 'Controller' Local File Inclusion
Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attack
43RISCO
abrir
Nucleimedium
Adminimize 1.7.22 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for Wo
43RISCO
abrir
Nucleimedium
WordPress Plugin Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordP
43RISCO
abrir
Nucleimedium
Alert Before Your Post <= 0.1.1 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier,
38RISCO
abrir

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.