Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.622exploits catalogados
32.030CVEs com exploração pública
1.932testados em laboratório
22.786 exploits
Exploit-DB
Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal
CVE-2018-2052507 jan 2019
Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php.
28RISCO
abrir
Exploit-DB
MyBB OUGC Awards Plugin 1.8.3 - Persistent Cross-Site Scripting
CVE-2019-350107 jan 2019
The OUGC Awards plugin before 1.8.19 for MyBB allows XSS via a crafted award reason that is mishandled on the awards pag
23RISCO
abrir
Exploit-DB
Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (dbus Method)
CVE-2018-1895504 jan 2019
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalat
38RISCO
abrir
Exploit-DB
Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (polkit Method)
CVE-2018-1895504 jan 2019
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalat
38RISCO
abrir
Exploit-DB
WebKit JSC - 'JSArray::shiftCountWithArrayStorage' Out-of-Bounds Read/Write
CVE-2018-444102 jan 2019
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1,
28RISCO
abrir
Exploit-DB
WebKit JSC - 'AbstractValue::set' Use-After-Free
CVE-2018-444302 jan 2019
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1,
23RISCO
abrir
Exploit-DB
Frog CMS 0.9.5 - Cross-Site Scripting
CVE-2018-2044802 jan 2019
Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI.
23RISCO
abrir
Exploit-DB
Ayukov NFTP FTP Client 2.0 - Buffer Overflow
CVE-2017-1522202 jan 2019
Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code.
50RISCO
abrir
Exploit-DB
VMware Workstation/Player < 12.5.5 - Local Privilege Escalation
CVE-2017-491530 dez 2018
VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration fil
38RISCO
abrir
Exploit-DB
Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x64) - 'AF_PACKET' Race Condition Privilege Escalation
CVE-2016-865529 dez 2018
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cau
43RISCO
abrir
Exploit-DB
Linux Kernel < 4.4.0/ < 4.8.0 (Ubuntu 14.04/16.04 / Linux Mint 17/18 / Zorin) - Local Privilege Escalation (KASLR / SMEP)
CVE-2017-100011229 dez 2018
Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE
43RISCO
abrir
Exploit-DB
Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation
CVE-2017-730829 dez 2018
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate cer
43RISCO
abrir
Exploit-DB
Craft CMS 3.0.25 - Cross-Site Scripting
CVE-2018-2041827 dez 2018
index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab.
23RISCO
abrir
Exploit-DB
bludit Pages Editor 3.0.0 - Arbitrary File Upload
CVE-2018-100081127 dez 2018
bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages
35RISCO
abrir
Exploit-DB
Adobe Flash ActiveX Plugin 28.0.0.137 - Remote Code Execution (PoC)
CVE-2018-15982HIGHsob ataqueransomware24 dez 2018
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful
93RISCO
abrir
Exploit-DB
WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin)
CVE-2018-1913824 dez 2018
WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI.
23RISCO
abrir
Exploit-DB
Netatalk 3.1.12 - Authentication Bypass (PoC)
CVE-2018-1160CRITICAL21 dez 2018
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking
70RISCO
abrir
Exploit-DB
Netatalk 3.1.12 - Authentication Bypass
CVE-2018-1160CRITICAL21 dez 2018
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking
70RISCO
abrir
Exploit-DB
VBScript - VbsErase Reference Leak Use-After-Free
CVE-2018-862520 dez 2018
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows
35RISCO
abrir
Exploit-DB
VBScript - MSXML Execution Policy Bypass
CVE-2018-861920 dez 2018
A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly rest
35RISCO
abrir
Exploit-DB
Yeswiki Cercopitheque - 'id' SQL Injection
CVE-2018-1304519 dez 2018
SQL injection vulnerability in the "Bazar" page in Yeswiki Cercopitheque 2018-06-19-1 and earlier allows attackers to ex
23RISCO
abrir
Exploit-DB
Bolt CMS < 3.6.2 - Cross-Site Scripting
CVE-2018-1993319 dez 2018
Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and Ne
23RISCO
abrir
Exploit-DB
Linux Kernel 4.4 - 'rtnetlink' Stack Memory Disclosure
CVE-2016-448619 dez 2018
The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain
23RISCO
abrir
Exploit-DB
Integria IMS 5.0.83 - 'search_string' Cross-Site Scripting
CVE-2018-1982819 dez 2018
Artica Integria IMS 5.0.83 has XSS via the search_string parameter.
23RISCO
abrir
Exploit-DB
IBM Operational Decision Manager 8.x - XML External Entity Injection
CVE-2018-1821HIGH19 dez 2018
IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) a
46RISCO
abrir
Exploit-DB
Integria IMS 5.0.83 - Cross-Site Request Forgery
CVE-2018-1982919 dez 2018
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary
23RISCO
abrir
Exploit-DB
SDL Web Content Manager 8.5.0 - XML External Entity Injection
CVE-2018-1937118 dez 2018
The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allows reading sensitive
23RISCO
abrir
Exploit-DB
MiniShare 1.4.1 - 'HEAD/POST' Remote Buffer Overflow
CVE-2018-1986118 dez 2018
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP HEAD re
28RISCO
abrir
Exploit-DB
MiniShare 1.4.1 - 'HEAD/POST' Remote Buffer Overflow
CVE-2018-1986218 dez 2018
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP POST re
28RISCO
abrir
Exploit-DB
Microsoft Windows - 'jscript!JsArrayFunctionHeapSort' Out-of-Bounds Write
CVE-2018-863118 dez 2018
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet
35RISCO
abrir
anteriorpágina 73 / 760próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.