Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
22.469 exploits
Exploit-DB
LibreOffice < 6.0.7 / 6.1.3 - Macro Code Execution (Metasploit)
CVE-2018-16858HIGH18 abr 2019
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could
68RISCO
abrir
Exploit-DB
Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in sc_FindExtrema4
CVE-2019-269717 abr 2019
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Ja
28RISCO
abrir
Exploit-DB
ASUS HG100 - Denial of Service
CVE-2018-1149217 abr 2019
ASUS HG100 devices allow denial of service via an IPv4 packet flood.
28RISCO
abrir
Exploit-DB
Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in GlyphIterator::setCurrGlyphID
CVE-2019-269817 abr 2019
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Ja
28RISCO
abrir
Exploit-DB
Zoho ManageEngine ADManager Plus 6.6 (Build < 6659) - Privilege Escalation
CVE-2018-1937416 abr 2019
Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Troj
23RISCO
abrir
Exploit-DB
Microsoft Windows 10 1809 - LUAFV NtSetCachedSigningLevel Device Guard Bypass
CVE-2019-073216 abr 2019
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Wind
23RISCO
abrir
Exploit-DB
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization MAXIMUM_ACCESS DesiredAccess Privilege Escalation
CVE-2019-073016 abr 2019
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), ak
23RISCO
abrir
Exploit-DB
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cross Process Handle Duplication Privilege Escalation
CVE-2019-073116 abr 2019
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), ak
23RISCO
abrir
Exploit-DB
Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 - Login Page Cross-Site Scripting
CVE-2019-995516 abr 2019
On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, U
43RISCO
abrir
Exploit-DB
Joomla! Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion
CVE-2019-1094516 abr 2019
An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder param
35RISCO
abrir
Exploit-DB
Microsoft Windows 10 1809 / 1709 - CSRSS SxSSrv Cached Manifest Privilege Escalation
CVE-2019-073516 abr 2019
An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to proper
23RISCO
abrir
Exploit-DB
Microsoft Windows 10 1809 - LUAFV LuafvCopyShortName Arbitrary Short Name Privilege Escalation
CVE-2019-079616 abr 2019
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), ak
23RISCO
abrir
Exploit-DB
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cache Manager Poisoning Privilege Escalation
CVE-2019-080516 abr 2019
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), ak
23RISCO
abrir
Exploit-DB
Microsoft Windows 10 1809 - LUAFV PostLuafvPostReadWrite SECTION_OBJECT_POINTERS Race Condition Privilege Escalation
CVE-2019-083616 abr 2019
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), ak
23RISCO
abrir
Exploit-DB
Cisco RV130W Routers - Management Interface Remote Command Execution (Metasploit)
CVE-2019-1663CRITICAL15 abr 2019
Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability
85RISCO
abrir
Exploit-DB
CuteNews 2.1.2 - 'avatar' Remote Code Execution (Metasploit)
CVE-2019-1144715 abr 2019
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload proce
35RISCO
abrir
Exploit-DB
Zimbra Collaboration - Autodiscover Servlet XXE and ProxyServlet SSRF (Metasploit)
CVE-2019-9621HIGHsob ataque12 abr 2019
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x b
100RISCO
abrir
Exploit-DB
CyberArk EPM 10.2.1.603 - Security Restrictions Bypass
CVE-2018-1489412 abr 2019
CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit permissions of a file
23RISCO
abrir
Exploit-DB
ATutor < 2.2.4 - 'file_manager' Remote Code Execution (Metasploit)
CVE-2019-1144612 abr 2019
An issue was discovered in ATutor through 2.2.4. It allows the user to run commands on the server with the teacher user
23RISCO
abrir
Exploit-DB
Zimbra Collaboration - Autodiscover Servlet XXE and ProxyServlet SSRF (Metasploit)
CVE-2019-9670CRITICALsob ataque12 abr 2019
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XX
100RISCO
abrir
Exploit-DB
Microsoft Windows - AppX Deployment Service Privilege Escalation
CVE-2019-0841HIGHsob ataqueransomware09 abr 2019
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard li
98RISCO
abrir
Exploit-DB
Apache Axis 1.4 - Remote Code Execution
CVE-2019-022709 abr 2019
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2
45RISCO
abrir
Exploit-DB
TP-LINK TL-WR940N / TL-WR941ND - Buffer Overflow
CVE-2019-698909 abr 2019
TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ipAddrDispos
28RISCO
abrir
Exploit-DB
Bolt CMS 3.6.6 - Cross-Site Request Forgery / Remote Code Execution
CVE-2019-1087408 abr 2019
Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to ex
23RISCO
abrir
Exploit-DB
Apache 2.4.17 < 2.4.38 - 'apache2ctl graceful' 'logrotate' Local Privilege Escalation
CVE-2019-0211HIGHsob ataque08 abr 2019
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privilege
83RISCO
abrir
Exploit-DB
ShoreTel Connect ONSITE < 19.49.1500.0 - Multiple Vulnerabilities
CVE-2019-959308 abr 2019
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 18.82.2000.0 allows remote attackers to
23RISCO
abrir
Exploit-DB
ManageEngine ServiceDesk Plus 9.3 - User Enumeration
CVE-2019-1027308 abr 2019
Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticat
23RISCO
abrir
Exploit-DB
SaLICru -SLC-20-cube3(5) - HTML Injection
CVE-2019-1088708 abr 2019
A reflected HTML injection vulnerability on Salicru SLC-20-cube3(5) devices running firmware version cs121-SNMP v4.54.82
23RISCO
abrir
Exploit-DB
ShoreTel Connect ONSITE < 19.49.1500.0 - Multiple Vulnerabilities
CVE-2019-959108 abr 2019
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE before 19.49.1500.0 allows remote attack
23RISCO
abrir
Exploit-DB
QNAP Netatalk < 3.1.12 - Authentication Bypass
CVE-2018-1160CRITICAL08 abr 2019
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking
70RISCO
abrir
anteriorpágina 65 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.