Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
22.469 exploits
Exploit-DB
Crestron AM/Barco wePresent WiPG/Extron ShareLink/Teq AV IT/SHARP PN-L703WA/Optoma WPS-Pro/Blackbox HD WPS/InFocus LiteShow - Remote Command Injection
CVE-2019-3929CRITICALsob ataque03 mai 2019
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Ba
100RISCO
abrir
Exploit-DB
WordPress Plugin Social Warfare < 3.5.3 - Remote Code Execution
CVE-2019-9978MEDIUMsob ataque03 mai 2019
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_optio
100RISCO
abrir
Exploit-DB
Zotonic < 0.47.0 mod_admin - Cross-Site Scripting
CVE-2019-1150403 mai 2019
Zotonic before version 0.47 has mod_admin XSS.
23RISCO
abrir
Exploit-DB
Ruby On Rails - DoubleTap Development Mode secret_key_base Remote Code Execution (Metasploit)
CVE-2019-542002 mai 2019
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess th
60RISCO
abrir
Exploit-DB
CentOS Web Panel 0.9.8.793 (Free) / v0.9.8.753 (Pro) / 0.9.8.807 (Pro) - Domain Field (Add DNS Zone) Cross-Site Scripting
CVE-2019-1142901 mai 2019
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro)
23RISCO
abrir
Exploit-DB
Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery
CVE-2019-1141630 abr 2019
A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstr
23RISCO
abrir
Exploit-DB
HumHub 1.3.12 - Cross-Site Scripting
CVE-2019-1156430 abr 2019
A cross-site scripting (XSS) vulnerability in HumHub 1.3.12 allows remote attackers to inject arbitrary web script or HT
23RISCO
abrir
Exploit-DB
Intelbras IWR 3000N - Denial of Service (Remote Reboot)
CVE-2019-1141530 abr 2019
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. A malformed login request allows remote attackers to cause
28RISCO
abrir
Exploit-DB
Spring Cloud Config 2.1.x - Path Traversal (Metasploit)
CVE-2019-379930 abr 2019
Directory Traversal with spring-cloud-config-server
60RISCO
abrir
Exploit-DB
Domoticz 4.10577 - Unauthenticated Remote Command Execution
CVE-2019-1067830 abr 2019
Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options.
28RISCO
abrir
Exploit-DB
Domoticz 4.10577 - Unauthenticated Remote Command Execution
CVE-2019-1066430 abr 2019
Domoticz before 4.10578 allows SQL Injection via the idx parameter in CWebServer::GetFloorplanImage in WebServer.cpp.
23RISCO
abrir
Exploit-DB
AIS logistics ESEL-Server - Unauthenticated SQL Injection Remote Code Execution (Metasploit)
CVE-2019-1012330 abr 2019
SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which is the backend for the AIS logistics mobile app)
50RISCO
abrir
Exploit-DB
Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution
CVE-2019-2725HIGHsob ataqueransomware30 abr 2019
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supporte
100RISCO
abrir
Exploit-DB
Pimcore < 5.71 - Unserialize Remote Code Execution (Metasploit)
CVE-2019-1086730 abr 2019
An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/c
50RISCO
abrir
Exploit-DB
Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting
CVE-2019-018626 abr 2019
The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting (XS
28RISCO
abrir
Exploit-DB
JioFi 4G M2S 1.0.2 - Denial of Service
CVE-2019-743925 abr 2019
cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang) via the mask POST parameter.
23RISCO
abrir
Exploit-DB
RARLAB WinRAR 5.61 - ACE Format Input Validation Remote Code Execution (Metasploit)
CVE-2018-20250HIGHsob ataqueransomware25 abr 2019
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field o
100RISCO
abrir
Exploit-DB
JioFi 4G M2S 1.0.2 - 'mask' Cross-Site Scripting
CVE-2019-743825 abr 2019
cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter.
23RISCO
abrir
Exploit-DB
VirtualBox 6.0.4 r128413 - COM RPC Interface Code Injection Host Privilege Escalation
CVE-2019-272124 abr 2019
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions th
23RISCO
abrir
Exploit-DB
systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit
CVE-2019-3842MEDIUM23 abr 2019
In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using t
33RISCO
abrir
Exploit-DB
Msvod 10 - Cross-Site Request Forgery (Change User Information)
CVE-2019-1137522 abr 2019
Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.
23RISCO
abrir
Exploit-DB
QNAP myQNAPcloud Connect 1.3.4.0317 - 'Username/Password' Denial of Service
CVE-2019-718122 abr 2019
Buffer Overflow vulnerability in myQNAPcloud Connect 1.3.3.0925 and earlier could allow remote attackers to crash the pr
23RISCO
abrir
Exploit-DB
UliCMS 2019.2 / 2019.1 - Multiple Cross-Site Scripting
CVE-2019-1139822 abr 2019
Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitra
23RISCO
abrir
Exploit-DB
74CMS 5.0.1 - Cross-Site Request Forgery (Add New Admin User)
CVE-2019-1137422 abr 2019
74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.
23RISCO
abrir
Exploit-DB
Atlassian Confluence Widget Connector Macro - Velocity Template Injection (Metasploit)
CVE-2019-3396CRITICALsob ataqueransomware19 abr 2019
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from vers
100RISCO
abrir
Exploit-DB
Oracle Business Intelligence 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - Directory Traversal
CVE-2019-258819 abr 2019
Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publi
50RISCO
abrir
Exploit-DB
Oracle Business Intelligence / XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - XML External Entity Injection
CVE-2019-2616HIGHsob ataque19 abr 2019
Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publi
100RISCO
abrir
Exploit-DB
SystemTap 1.3 - MODPROBE_OPTIONS Privilege Escalation (Metasploit)
CVE-2010-417019 abr 2019
The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allow
38RISCO
abrir
Exploit-DB
Netwide Assembler (NASM) 2.14rc15 - NULL Pointer Dereference (PoC)
CVE-2018-1651718 abr 2019
asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a deni
23RISCO
abrir
Exploit-DB
Evernote 7.9 - Code Execution via Path Traversal
CVE-2019-1003818 abr 2019
Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file
23RISCO
abrir
anteriorpágina 64 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.