Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
22.469 exploits
Exploit-DB
Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery
CVE-2019-671024 jan 2019
Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF.
23RISCO
abrir
Exploit-DB
SirsiDynix e-Library 3.5.x - Cross-Site Scripting
CVE-2018-2050324 jan 2019
Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_interface.php vlanid or subnet_mask parameter.
23RISCO
abrir
Exploit-DB
Ghostscript 9.26 - Pseudo-Operator Remote Code Execution
CVE-2019-611624 jan 2019
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to
35RISCO
abrir
Exploit-DB
Nagios XI 5.5.6 - Remote Code Execution / Privilege Escalation
CVE-2018-1571023 jan 2019
Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.
50RISCO
abrir
Exploit-DB
Nagios XI 5.5.6 - Remote Code Execution / Privilege Escalation
CVE-2018-1570823 jan 2019
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP r
60RISCO
abrir
Exploit-DB
GattLib 0.2 - Stack Buffer Overflow
CVE-2019-649821 jan 2019
GattLib 0.2 has a stack-based buffer over-read in gattlib_connect in dbus/gattlib.c because strncpy is misused.
23RISCO
abrir
Exploit-DB
Linux Kernel 4.13 - 'compat_get_timex()' Leak Kernel Pointer
CVE-2018-1150821 jan 2019
The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitiv
23RISCO
abrir
Exploit-DB
SCP Client - Multiple Vulnerabilities (SSHtranger Things)
CVE-2019-6110MEDIUM18 jan 2019
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-T
38RISCO
abrir
Exploit-DB
Microsoft Edge Chakra - 'JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode' Use-After-Free
CVE-2019-056818 jan 2019
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Mi
35RISCO
abrir
Exploit-DB
SCP Client - Multiple Vulnerabilities (SSHtranger Things)
CVE-2019-6111MEDIUM18 jan 2019
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses wh
45RISCO
abrir
Exploit-DB
Microsoft Edge Chakra - 'NewScObjectNoCtor' or 'InitProto' Type Confusion
CVE-2019-056718 jan 2019
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Mi
45RISCO
abrir
Exploit-DB
Pydio / AjaXplorer < 5.0.4 - (Unauthenticated) Arbitrary File Upload
CVE-2013-622718 jan 2019
Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly
23RISCO
abrir
Exploit-DB
Microsoft Edge Chakra - 'InlineArrayPush' Type Confusion
CVE-2018-861718 jan 2019
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Mi
35RISCO
abrir
Exploit-DB
Microsoft Edge Chakra - 'InitClass' Type Confusion
CVE-2019-053918 jan 2019
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Mi
45RISCO
abrir
Exploit-DB
Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings
CVE-2019-626318 jan 2019
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allo
23RISCO
abrir
Exploit-DB
Microsoft Edge Chakra - 'NewScObjectNoCtor' or 'InitProto' Type Confusion
CVE-2019-053918 jan 2019
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Mi
45RISCO
abrir
Exploit-DB
Oracle Reports Developer Component 12.2.1.3 - Cross-site Scripting
CVE-2019-241317 jan 2019
Vulnerability in the Oracle Reports Developer component of Oracle Fusion Middleware (subcomponent: Valid Session). The s
23RISCO
abrir
Exploit-DB
NTPsec 1.1.2 - 'config' (Authenticated) Out-of-Bounds Write Denial of Service (PoC)
CVE-2019-644216 jan 2019
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a
28RISCO
abrir
Exploit-DB
WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free
CVE-2018-444216 jan 2019
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1,
23RISCO
abrir
Exploit-DB
GL-AR300M-Lite 2.27 - (Authenticated) Command Injection / Arbitrary File Download / Directory Traversal
CVE-2019-627516 jan 2019
Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attac
28RISCO
abrir
Exploit-DB
Fortinet FortiGate FortiOS < 6.0.3 - LDAP Credential Disclosure
CVE-2018-13374MEDIUMsob ataqueransomware16 jan 2019
A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 al
75RISCO
abrir
Exploit-DB
NTPsec 1.1.2 - 'ntp_control' (Authenticated) NULL Pointer Dereference (PoC)
CVE-2019-644516 jan 2019
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can cause a NULL pointer dereference and ntpd
28RISCO
abrir
Exploit-DB
blueman - set_dhcp_handler D-Bus Privilege Escalation (Metasploit)
CVE-2015-861216 jan 2019
The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users
38RISCO
abrir
Exploit-DB
ShoreTel / Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution
CVE-2018-578216 jan 2019
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.
28RISCO
abrir
Exploit-DB
GL-AR300M-Lite 2.27 - (Authenticated) Command Injection / Arbitrary File Download / Directory Traversal
CVE-2019-627216 jan 2019
Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attacker
28RISCO
abrir
Exploit-DB
Blueimp's jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit
CVE-2018-920616 jan 2019
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
60RISCO
abrir
Exploit-DB
NTPsec 1.1.2 - 'ntp_control' Out-of-Bounds Read (PoC)
CVE-2019-644416 jan 2019
An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based buffer over-read be
35RISCO
abrir
Exploit-DB
GL-AR300M-Lite 2.27 - (Authenticated) Command Injection / Arbitrary File Download / Directory Traversal
CVE-2019-627416 jan 2019
Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote atta
28RISCO
abrir
Exploit-DB
Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation
CVE-2019-055516 jan 2019
An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape
23RISCO
abrir
Exploit-DB
GL-AR300M-Lite 2.27 - (Authenticated) Command Injection / Arbitrary File Download / Directory Traversal
CVE-2019-627316 jan 2019
download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files.
28RISCO
abrir
anteriorpágina 71 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.