Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
22.469 exploits
Exploit-DB
Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting
CVE-2019-892819 fev 2019
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userMan
23RISCO
abrir
Exploit-DB
Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting
CVE-2019-892919 fev 2019
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zon
28RISCO
abrir
Exploit-DB
Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting
CVE-2019-892619 fev 2019
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zon
23RISCO
abrir
Exploit-DB
Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting
CVE-2019-892719 fev 2019
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zon
23RISCO
abrir
Exploit-DB
XAMPP 5.6.8 - SQL Injection / Persistent Cross-Site Scripting
CVE-2019-892419 fev 2019
XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued.
23RISCO
abrir
Exploit-DB
Jenkins Plugin Script Security < 1.50/Declarative < 1.3.4.1/Groovy < 2.61.1 - Remote Code Execution (PoC)
CVE-2019-100300019 fev 2019
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/
60RISCO
abrir
Exploit-DB
XAMPP 5.6.8 - SQL Injection / Persistent Cross-Site Scripting
CVE-2019-892319 fev 2019
XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf.php jahr parameter. NOTE: This product is discont
23RISCO
abrir
Exploit-DB
Jenkins Plugin Script Security < 1.50/Declarative < 1.3.4.1/Groovy < 2.61.1 - Remote Code Execution (PoC)
CVE-2019-100300219 fev 2019
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src
60RISCO
abrir
Exploit-DB
Jenkins Plugin Script Security < 1.50/Declarative < 1.3.4.1/Groovy < 2.61.1 - Remote Code Execution (PoC)
CVE-2019-100300119 fev 2019
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins
60RISCO
abrir
Exploit-DB
MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module
CVE-2018-1990818 fev 2019
An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped file
28RISCO
abrir
Exploit-DB
Zoho ManageEngine ServiceDesk Plus (SDP) < 10.0 build 10012 - Arbitrary File Upload
CVE-2019-8394HIGHsob ataque18 fev 2019
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via l
98RISCO
abrir
Exploit-DB
mIRC < 7.55 - 'Custom URI Protocol Handlers' Remote Command Execution
CVE-2019-645318 fev 2019
mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The a
45RISCO
abrir
Exploit-DB
Master IP CAM 01 3.3.4.2103 - Remote Command Execution
CVE-2019-838718 fev 2019
MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, related to the thttpd component.
35RISCO
abrir
Exploit-DB
Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload
CVE-2019-840418 fev 2019
An issue was discovered in Webiness Inventory 2.3. The ProductModel component allows Arbitrary File Upload via a crafted
23RISCO
abrir
Exploit-DB
qdPM 9.1 - 'search[keywords]' Cross-Site Scripting
CVE-2019-839018 fev 2019
qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keywords] parameter.
38RISCO
abrir
Exploit-DB
WordPress Plugin WooCommerce - GloBee (cryptocurrency) Payment Gateway 1.1.1 - Payment Bypass / Unauthorized Order Status Spoofing
CVE-2018-2078218 fev 2019
The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN messages.
28RISCO
abrir
Exploit-DB
qdPM 9.1 - 'type' Cross-Site Scripting
CVE-2019-839118 fev 2019
qdPM 9.1 suffers from Cross-site Scripting (XSS) via configuration?type=[XSS] parameter.
23RISCO
abrir
Exploit-DB
Jinja2 2.10 - 'from_string' Server Side Template Injection
CVE-2019-834115 fev 2019
An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where
35RISCO
abrir
Exploit-DB
MyBB Trash Bin Plugin 1.1.3 - Cross-Site Scripting / Cross-Site Request Forgery
CVE-2018-1457515 fev 2019
Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross-site request forgery (CS
23RISCO
abrir
Exploit-DB
Linux - 'kvm_ioctl_create_device()' NULL Pointer Dereference
CVE-2019-697415 fev 2019
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because
28RISCO
abrir
Exploit-DB
DomainMOD 4.11.01 - 'assets/edit/host.php?whid=5' Cross-Site Scripting
CVE-2018-1991514 fev 2019
DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field.
38RISCO
abrir
Exploit-DB
WordPress Plugin Booking Calendar 8.4.3 - (Authenticated) SQL Injection
CVE-2018-2055614 fev 2019
SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary
28RISCO
abrir
Exploit-DB
DomainMOD 4.11.01 - 'ssl-accounts.php username' Cross-Site Scripting
CVE-2018-2001014 fev 2019
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field.
38RISCO
abrir
Exploit-DB
DomainMOD 4.11.01 - 'category.php CatagoryName_ StakeHolder' Cross-Site Scripting
CVE-2018-2001114 fev 2019
DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field.
38RISCO
abrir
Exploit-DB
LayerBB 1.1.2 - Cross-Site Request Forgery (Add Admin)
CVE-2018-1799614 fev 2019
LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user.php, deleting a user via admin/members.php/delete_
23RISCO
abrir
Exploit-DB
DomainMOD 4.11.01 - 'ssl-provider-name' Cross-Site Scripting
CVE-2018-2000914 fev 2019
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field.
38RISCO
abrir
Exploit-DB
DomainMOD 4.11.01 - 'assets/add/dns.php' Cross-Site Scripting
CVE-2018-1991414 fev 2019
DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field.
38RISCO
abrir
Exploit-DB
Apple macOS 10.13.5 - Local Privilege Escalation
CVE-2018-419313 fev 2019
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Windows Ser
23RISCO
abrir
Exploit-DB
Rukovoditel Project Management CRM 2.4.1 - Cross-Site Scripting
CVE-2019-754113 fev 2019
Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring.
23RISCO
abrir
Exploit-DB
runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout (2)
CVE-2019-573613 fev 2019
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc b
60RISCO
abrir
anteriorpágina 69 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.