Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.284exploits catalogados
31.741CVEs com exploração pública
0testados em laboratório
22.469 exploits
Exploit-DB
NTPsec 1.1.2 - 'config' (Authenticated) Out-of-Bounds Write Denial of Service (PoC)
CVE-2019-644216 jan 2019
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a
28RISCO
abrir
Exploit-DB
WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free
CVE-2018-444216 jan 2019
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1,
23RISCO
abrir
Exploit-DB
1Password < 7.0 - Denial of Service
CVE-2018-1304215 jan 2019
The 1Password application 6.8 for Android is affected by a Denial Of Service vulnerability. By starting the activity com
23RISCO
abrir
Exploit-DB
xorg-x11-server < 1.20.3 (Solaris 11) - 'inittab Local Privilege Escalation
CVE-2018-1466514 jan 2019
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options wh
43RISCO
abrir
Exploit-DB
Microsoft Windows 10 - SSPI Network Authentication Session 0 Privilege Escalation
CVE-2019-0543HIGHsob ataqueransomware14 jan 2019
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft W
71RISCO
abrir
Exploit-DB
Hucart CMS 5.7.4 - Cross-Site Request Forgery (Add Administrator Account)
CVE-2019-624914 jan 2019
An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/inde
23RISCO
abrir
Exploit-DB
Microsoft Windows 10 - COM Desktop Broker Privilege Escalation
CVE-2019-055214 jan 2019
An elevation of privilege exists in Windows COM Desktop Broker, aka "Windows COM Elevation of Privilege Vulnerability."
23RISCO
abrir
Exploit-DB
Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation
CVE-2019-056614 jan 2019
An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object, aka "Microsoft Edge Elevatio
28RISCO
abrir
Exploit-DB
AudioCode 400HD - Command Injection
CVE-2018-1009314 jan 2019
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.
50RISCO
abrir
Exploit-DB
Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation
CVE-2018-541014 jan 2019
Dokan file system driver contains a stack-based buffer overflow
23RISCO
abrir
Exploit-DB
Portier Vision 4.4.4.2 / 4.4.4.6 - SQL Injection
CVE-2019-572214 jan 2019
An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to a lack of user input validation in parameter handl
23RISCO
abrir
Exploit-DB
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Open Privilege Escalation
CVE-2019-057214 jan 2019
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations,
28RISCO
abrir
Exploit-DB
Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass
CVE-2019-057114 jan 2019
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations,
28RISCO
abrir
Exploit-DB
Microsoft Windows 10 - DSSVC MoveFileInheritSecurity Privilege Escalation
CVE-2019-057414 jan 2019
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations,
28RISCO
abrir
Exploit-DB
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation
CVE-2019-057314 jan 2019
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations,
28RISCO
abrir
Exploit-DB
Serv-U FTP Server < 15.1.7 - Local Privilege Escalation (2)
CVE-2019-1218113 jan 2019
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.
50RISCO
abrir
Exploit-DB
S-nail < 14.8.16 - Local Privilege Escalation
CVE-2017-589913 jan 2019
Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local
23RISCO
abrir
Exploit-DB
OpenSSH SCP Client - Write Arbitrary Files
CVE-2019-6110MEDIUM11 jan 2019
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-T
38RISCO
abrir
Exploit-DB
OpenSSH SCP Client - Write Arbitrary Files
CVE-2019-6111MEDIUM11 jan 2019
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses wh
45RISCO
abrir
Exploit-DB
PEAR Archive_Tar < 1.4.4 - PHP Object Injection
CVE-2018-100088810 jan 2019
PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are
28RISCO
abrir
Exploit-DB
OpenSource ERP 6.3.1. - SQL Injection
CVE-2019-589310 jan 2019
Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter.
28RISCO
abrir
Exploit-DB
Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit)
CVE-2018-826909 jan 2019
A denial of service vulnerability exists when OData Library improperly handles web requests, aka "OData Denial of Servic
28RISCO
abrir
Exploit-DB
ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting
CVE-2018-735509 jan 2019
All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scrip
23RISCO
abrir
Exploit-DB
BlogEngine 3.3 - XML External Entity Injection
CVE-2018-1448509 jan 2019
BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd.
28RISCO
abrir
Exploit-DB
Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion
CVE-2018-858409 jan 2019
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (A
23RISCO
abrir
Exploit-DB
Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal
CVE-2018-2052607 jan 2019
Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php.
60RISCO
abrir
Exploit-DB
Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal
CVE-2018-2052507 jan 2019
Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php.
28RISCO
abrir
Exploit-DB
Ajera Timesheets 9.10.16 - Deserialization of Untrusted Data
CVE-2018-2022107 jan 2019
Secure/SAService.rem in Deltek Ajera Timesheets 9.10.16 and prior are vulnerable to remote code execution via deserializ
28RISCO
abrir
Exploit-DB
PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting
CVE-2018-2032607 jan 2019
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have XSS via the cgi-bin/webproc?getpage
23RISCO
abrir
Exploit-DB
LayerBB 1.1.1 - Persistent Cross-Site Scripting
CVE-2018-1799707 jan 2019
LayerBB 1.1.1 allows XSS via the titles of conversations (PMs).
23RISCO
abrir
anteriorpágina 72 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.