Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
22.469 exploits
Exploit-DB
Linux < 4.20.14 - Virtual Address 0 is Mappable via Privileged write() to /proc/*/mem
CVE-2019-921306 mar 2019
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which make
38RISCO
abrir
Exploit-DB
Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution
CVE-2019-738504 mar 2019
An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and
28RISCO
abrir
Exploit-DB
Microsoft Edge Chakra 1.11.4 - Read Permission via Type Confusion
CVE-2019-053904 mar 2019
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Mi
45RISCO
abrir
Exploit-DB
elFinder 2.1.47 - 'PHP connector' Command Injection
CVE-2019-919404 mar 2019
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
60RISCO
abrir
Exploit-DB
zzzphp CMS 1.6.1 - Cross-Site Request Forgery
CVE-2019-9082HIGHsob ataque04 mar 2019
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public/
100RISCO
abrir
Exploit-DB
WordPress Core 5.0 - Remote Code Execution
CVE-2019-894201 mar 2019
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry ca
60RISCO
abrir
Exploit-DB
WordPress Core 5.0 - Remote Code Execution
CVE-2019-894301 mar 2019
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can
60RISCO
abrir
Exploit-DB
Linux < 4.14.103 / < 4.19.25 - Out-of-Bounds Read and Write in SNMP NAT Module
CVE-2019-916201 mar 2019
In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient
23RISCO
abrir
Exploit-DB
Cisco WebEx Meetings < 33.6.6 / < 33.9.1 - Privilege Escalation
CVE-2019-1674HIGH01 mar 2019
Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools Update Service Command Injection Vulnerability
46RISCO
abrir
Exploit-DB
Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
CVE-2019-392128 fev 2019
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via
28RISCO
abrir
Exploit-DB
Joomla! Component J2Store < 3.3.7 - SQL Injection
CVE-2019-918428 fev 2019
SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitr
23RISCO
abrir
Exploit-DB
WebKitGTK 2.23.90 / WebKitGTK+ 2.22.6 - Denial of Service
CVE-2019-837528 fev 2019
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products
28RISCO
abrir
Exploit-DB
PHP 7.2 - 'imagecolormatch()' Out of Band Heap Write
CVE-2019-697727 fev 2019
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch funct
35RISCO
abrir
Exploit-DB
Drupal < 8.6.9 - REST Module Remote Code Execution
CVE-2019-6340HIGHsob ataque25 fev 2019
Drupal core - Highly critical - Remote Code Execution
100RISCO
abrir
Exploit-DB
Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 - Remote Code Execution
CVE-2019-100300025 fev 2019
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/
60RISCO
abrir
Exploit-DB
Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 - Remote Code Execution
CVE-2018-199900225 fev 2019
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framewor
45RISCO
abrir
Exploit-DB
zzzphp CMS 1.6.1 - Remote Code Execution
CVE-2019-904125 fev 2019
An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filter
50RISCO
abrir
Exploit-DB
Drupal < 8.6.10 / < 8.5.11 - REST Module Remote Code Execution
CVE-2019-6340HIGHsob ataque23 fev 2019
Drupal core - Highly critical - Remote Code Execution
100RISCO
abrir
Exploit-DB
Micro Focus Filr 3.4.0.217 - Path Traversal / Local Privilege Escalation
CVE-2019-3474MEDIUM22 fev 2019
Path traversal vulnerability in Filr web application
33RISCO
abrir
Exploit-DB
WinRAR 5.61 - Path Traversal
CVE-2018-20250HIGHsob ataqueransomware22 fev 2019
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field o
100RISCO
abrir
Exploit-DB
Nuuo Central Management - (Authenticated) SQL Server SQL Injection (Metasploit)
CVE-2018-1898222 fev 2019
NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can b
50RISCO
abrir
Exploit-DB
Teracue ENC-400 - Command Injection / Missing Authentication
CVE-2018-2022022 fev 2019
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authen
28RISCO
abrir
Exploit-DB
Teracue ENC-400 - Command Injection / Missing Authentication
CVE-2018-2021822 fev 2019
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input direct
28RISCO
abrir
Exploit-DB
Quest NetVault Backup Server < 11.4.5 - Process Manager Service SQL Injection / Remote Code Execution
CVE-2017-1741722 fev 2019
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backu
28RISCO
abrir
Exploit-DB
WebKit JSC - reifyStaticProperty Needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter
CVE-2019-621522 fev 2019
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safa
23RISCO
abrir
Exploit-DB
Teracue ENC-400 - Command Injection / Missing Authentication
CVE-2018-2021922 fev 2019
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the de
28RISCO
abrir
Exploit-DB
MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT Bypass
CVE-2019-392421 fev 2019
MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The so
28RISCO
abrir
Exploit-DB
FaceTime - Texture Processing Memory Corruption
CVE-2019-622420 fev 2019
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.
23RISCO
abrir
Exploit-DB
HotelDruid 2.3 - Cross-Site Scripting
CVE-2019-893720 fev 2019
HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabel
43RISCO
abrir
Exploit-DB
Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting
CVE-2019-892619 fev 2019
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zon
23RISCO
abrir
anteriorpágina 68 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.