Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
22.469 exploits
Exploit-DB
IceWarp 10.4.4 - Local File Inclusion
CVE-2019-1259304 jun 2019
IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index
50RISCO
abrir
Exploit-DB
Zoho ManageEngine ServiceDesk Plus 9.3 - 'PurchaseRequest.do' Cross-Site Scripting
CVE-2019-1254304 jun 2019
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceReques
23RISCO
abrir
Exploit-DB
Cisco RV130W 1.0.3.44 - Remote Stack Overflow
CVE-2019-1663CRITICAL04 jun 2019
Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability
85RISCO
abrir
Exploit-DB
Zoho ManageEngine ServiceDesk Plus 9.3 - 'SearchN.do' Cross-Site Scripting
CVE-2019-1254204 jun 2019
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID paramete
23RISCO
abrir
Exploit-DB
KACE System Management Appliance (SMA) < 9.0.270 - Multiple Vulnerabilities
CVE-2018-540603 jun 2019
The Quest Kace K1000 Appliance misconfigures the Cross-Origin Resource Sharing (CORS) mechanism.
28RISCO
abrir
Exploit-DB
WordPress Plugin Form Maker 1.13.3 - SQL Injection
CVE-2019-1086603 jun 2019
In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_
23RISCO
abrir
Exploit-DB
KACE System Management Appliance (SMA) < 9.0.270 - Multiple Vulnerabilities
CVE-2018-540503 jun 2019
The Quest Kace K1000 Appliance is vulnerable to JavaScript injection.
23RISCO
abrir
Exploit-DB
KACE System Management Appliance (SMA) < 9.0.270 - Multiple Vulnerabilities
CVE-2018-540403 jun 2019
The Quest Kace K1000 Appliance is vulnerable to multiple Blind SQL Injections.
23RISCO
abrir
Exploit-DB
Microsoft Windows Remote Desktop - 'BlueKeep' Denial of Service
CVE-2019-0708CRITICALsob ataqueransomware30 mai 2019
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unau
100RISCO
abrir
Exploit-DB
Spidermonkey - IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation
CVE-2019-981629 mai 2019
A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, al
23RISCO
abrir
Exploit-DB
pfSense 2.4.4-p3 (ACME Package 0.59_14) - Persistent Cross-Site Scripting
CVE-2019-1234729 mai 2019
In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description fiel
35RISCO
abrir
Exploit-DB
Qualcomm Android - Kernel Use-After-Free via Incorrect set_page_dirty() in KGSL
CVE-2019-1052929 mai 2019
Possible use after free issue due to race condition while attempting to mark the entry pages as dirty using function set
23RISCO
abrir
Exploit-DB
Spidermonkey - IonMonkey Leaks JS_OPTIMIZED_OUT Magic Value to Script
CVE-2019-979229 mai 2019
The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during
28RISCO
abrir
Exploit-DB
Deltek Maconomy 2.2.5 - Local File Inclusion
CVE-2019-1231427 mai 2019
Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as
60RISCO
abrir
Exploit-DB
Typora 0.9.9.24.6 - Directory Traversal
CVE-2019-1213727 mai 2019
Typora 0.9.9.24.6 on macOS allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substr
23RISCO
abrir
Exploit-DB
Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption
CVE-2019-0752HIGHsob ataqueransomware24 mai 2019
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet
93RISCO
abrir
Exploit-DB
Microsoft Windows - AppX Deployment Service Local Privilege Escalation (2)
CVE-2019-0841HIGHsob ataqueransomware23 mai 2019
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard li
98RISCO
abrir
Exploit-DB
Shopware - createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit)
CVE-2017-1835723 mai 2019
Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of t
43RISCO
abrir
Exploit-DB
Apple Mac OS X - Feedback Assistant Race Condition (Metasploit)
CVE-2019-856523 mai 2019
A race condition was addressed with additional validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A mali
43RISCO
abrir
Exploit-DB
Visual Voicemail for iPhone - IMAP NAMESPACE Processing Use-After-Free
CVE-2019-861323 mai 2019
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, tvOS 12.3, watchO
28RISCO
abrir
Exploit-DB
Nagios XI 5.6.1 - SQL injection
CVE-2019-1227923 mai 2019
Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). N
23RISCO
abrir
Exploit-DB
Microsoft Windows 10 1809 - 'CmKeyBodyRemapToVirtualForEnum' Arbitrary Key Enumeration Privilege Escalation
CVE-2019-088123 mai 2019
An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows
23RISCO
abrir
Exploit-DB
AUO Solar Data Recorder < 1.3.0 - 'addr' Cross-Site Scripting
CVE-2019-1136822 mai 2019
Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via the protect/config.htm addr parameter.
23RISCO
abrir
Exploit-DB
Microsoft Windows (x86/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation
CVE-2019-0863HIGHsob ataque22 mai 2019
An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Erro
71RISCO
abrir
Exploit-DB
Zoho ManageEngine ServiceDesk Plus 9.3 - Cross-Site Scripting
CVE-2019-1218922 mai 2019
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.
23RISCO
abrir
Exploit-DB
Carel pCOWeb < B1.2.1 - Credentials Disclosure
CVE-2019-1136922 mai 2019
An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device stores cleartext pass
23RISCO
abrir
Exploit-DB
Carel pCOWeb < B1.2.1 - Cross-Site Scripting
CVE-2019-1137022 mai 2019
Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" f
38RISCO
abrir
Exploit-DB
Zoho ManageEngine ServiceDesk Plus < 10.5 - Improper Access Restrictions
CVE-2019-1225222 mai 2019
In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post
23RISCO
abrir
Exploit-DB
Apple macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free
CVE-2019-8605HIGHsob ataque21 mai 2019
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.1
76RISCO
abrir
Exploit-DB
Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized
CVE-2019-862321 mai 2019
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS M
23RISCO
abrir
anteriorpágina 62 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.