Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Datesort ascending Title Description Vulnerabilty Category Platform
02.10.2016 Spring Boot Default Error Page Expression Language Injection Exploit Spring Boot Framework 1.2.7 provides a default error page (also known as "Whitelabel Error Page"), that's prone to Spring Expression Language injection when the type of a parameter expected is not expected to be a string but a string is provided. Applications based on Spring Boot that don't deactivate the feature, or customize it in such a way as to stop the injection, are thus susceptible to execution of some Java statements and, in particular, to OS command injections. This module checks all the parameters in the given pages and, if at least one parameter is vulnerable to the injection, installs an OS Agent. CVE-2013-1966 Exploits/OS Command Injection/Known Vulnerabilities Windows, Linux, Solaris
02.10.2016 Microsoft Office COM Object els.dll based Binary Planting Exploit (MS15-132) Update This module exploits a COM Server-based Binary Planting vulnerability on Microsoft Word to deploy an agent. This version adds wow64 support. CVE-2015-6128 Exploits/Client Side Windows
02.09.2016 Microsoft Windows COM Object Cpfilters dll based Binary Planting Exploit (MS16-014) This module exploits a COM Server-based Binary Planting vulnerability on Microsoft Windows using a word document to deploy an agent. CVE-2016-0041 Exploits/Client Side Windows
02.03.2016 Proface GP Pro EX Buffer Overflow Exploit The specific flaw exists within BeginPreRead() processing. When handling malformed 0x7f77 type fields. NOCVE-9999-74950 Exploits/Client Side Windows
02.01.2016 Agent Injector improvements Previously, the APC mechanism used to inject the agent in another process was done using an exe file written into the filesystem. This file could potentialy be detected with an AV. For this reason, its execution was changed to be from memory (using Impact's Dynamic Forking mechanism). Exploits/Remote
01.27.2016 Microsoft Group Policy Preferences Exploit (MS14-025) The Group Policy implementation in Microsoft Windows does not properly handle distribution of passwords, which allows remote authenticated users to obtain sensitive credential information and consequently gain privileges by leveraging access to the SYSVOL share. CVE-2014-1812 Exploits/Remote Windows
01.21.2016 Microsoft Windows NDIS Pool Overflow Vulnerability DoS (MS15-117) A vulnerability in the Network Driver Interface Standard (NDIS) implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to trigger buffer overflow. This allows unprivileged local users to cause an invalid dereference in kernel mode, which produces a BSoD. CVE-2015-6098 Denial of Service/Local Windows
01.18.2016 Jenkins commons-collections Java Library Deserialization Vulnerability Remote Code Execution Exploit Update Jenkins is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary Java objects leading to remote code execution. This update adds proper CVE number, support for Jenkins with HTTPS enabled, and DNS channel support. It also extends on the supported platforms, improves IPv6 functionality and removes redundant code. CVE-2015-8103 Exploits/Remote Windows, Linux
01.17.2016 Linux Blueman D-Bus Service EnableNetwork Privilege Escalation Exploit The EnableNetwork method in the org.blueman.Mechanism D-Bus service of Blueman, a Bluetooth Manager, receives untrusted Python code provided by unprivileged users and evaluates it as root. This can be leveraged by a local unprivileged attacker to gain root privileges. CVE-2015-8612 Exploits/Local Linux
01.13.2016 Microsoft Windows OpenType Font Driver Vulnerability Exploit (MS15-078) Update 3 This module exploits a vulnerability in "atmfd.dll" Windows driver by loading a crafted OTF font. This update adds support to "Low Integrity Level" bypass for "Windows 8.1" 32 bits by using a kernel memory leak (CVE-2015-2433). CVE-2015-2426 Exploits/Local Windows
01.13.2016 Microsoft Windows Win32k SetParent Null Pointer Dereference Exploit (MS15-135) This module exploits a vulnerability in win32k.sys by calling to SetParent function with crafted parameters. CVE-2015-6171 Exploits/Local Windows
01.07.2016 Linux Overlayfs ovl_setattr Local Privilege Escalation Exploit This module exploits a vulnerability in Linux. The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. CVE-2015-8660 Exploits/Local Linux
01.04.2016 Microsoft Windows OpenType Font Driver Vulnerability Exploit (MS15-078) Update 2 This module exploits a vulnerability in "atmfd.dll" Windows driver by loading a crafted OTF font. This update adds support to "Low Integrity Level" bypass for "Windows 8.1" 64 bits and "Windows 2012" R2 by using a kernel memory leak (CVE-2015-2433). Besides, this updates improves AV evasion. CVE-2015-2426 Exploits/Local Windows
12.27.2015 Microsoft Office COM Object els.dll based Binary Planting Exploit (MS15-132) This module exploits a COM Server-based Binary Planting vulnerability on Microsoft Word to deploy an agent. CVE-2015-6128 Exploits/Client Side Windows
12.23.2015 Linux abrt sosreport Symlink Privilege Escalation Exploit The sosreport program, a component of the ABRT bug reporting system used in Red Hat Enterprise Linux, does not handle symbolic links correctly when writing core dumps of ABRT programs to the ABRT dump directory (/var/tmp/abrt). This can be leveraged by local unprivileged attackers to gain root privileges on vulnerable systems. CVE-2015-5287 Exploits/Local Linux
12.22.2015 Jenkins Default Configuration Remote Code Execution Exploit This module exploits a Jenkins command injection in order to install an agent. NOCVE-9999-74942 Exploits/Remote Linux
12.15.2015 Joomla com_contenthistory SQL Injection This module exploits a SQL Injection vulnerability in Joomla which allows gathering of users and password hashes by parsing SQL output errors CVE-2015-7297 Linux
12.15.2015 Joomla User Agent Object Injection Exploit This module exploits a remote code execution vulnerability in Joomla. The session handling code is susceptible to PHP Object Injection attacks due to lack of sanitization in some HTTP headers that are saved to the database session backend. CVE-2015-8562 Exploits/OS Command Injection/Known Vulnerabilities Linux
12.13.2015 AlienVault Unified Security Management av-forward Deserialization of Untrusted Data Exploit This update introduces an exploit for AlienVault Unified Security Management. A vulnerability exists in the av-forward daemon running in AlienVault Unified Security Management appliances. The daemon accepts serialized Python and proceeds to deserialize it without proper validation, allowing unauthenticated arbitrary code execution. NOCVE-9999-74938 Exploits/Remote
12.10.2015 VMware vCenter Server Java JMX-RMI Remote Code Execution Exploit VMware vCenter Server is prone to a remote vulnerability that allows attackers to take advantage of an insecure deployment of the JMX/RMI service used to manage and monitor the Java Virtual Machine. By exploiting known methods, it is possible to remotely load an MLet file from an attacker controlled web server that points at a, also controlled, jar file. CVE-2015-2342 Exploits/Remote Windows
12.08.2015 SolarWinds Application Monitor TSUnicodeGraphEditorControl factory Buffer Overflow Exploit Update 2 The specific flaw exists within the 'factory' object's loadExtensionFactory method. The issue lies in a failure to validate the size of an attacker-supplied input before copying it into a fixed-size buffer on the stack. An attacker can leverage this vulnerability to execute code under the context of the current process. This version add x86_64 support and improves reliability. CVE-2015-1500 Exploits/Client Side Windows
12.07.2015 Microsoft Windows Media Center MCL URL File Disclosure Exploit (MS15-134) Windows Media Center MCL files can specify a URL to be automatically loaded within Media Center. A specially crafted MCL file can trick Windows Media Center into rendering the very same MCL file as a local HTML file within the application's embedded web browser. This can be leveraged by an attacker to read and exfiltrate arbitrary files from a victim's local fileystem by convincing an unsuspecting user to open an MCL file. CVE-2015-6127 Exploits/Client Side Windows
11.30.2015 Borland AccuRev Reprise License Server edit_lf_process Write Arbitrary Files Exploit Update 2 The specific flaw exists within the edit_lf_process resource of the AccuRev Reprise License Manager service. The issue lies in the ability to write arbitrary files with controlled data. An attacker could leverage this vulnerability to execute arbitrary code under the context of SYSTEM. This update introduces a number of improvements related to the architecture of the agent installed and scenarios where multiple targets are tested. This update adds reliability. NOCVE-9999-74481 Exploits/Remote Windows
11.25.2015 Symantec Endpoint Protection Manager Java Library Deserialization Vulnerability Remote Code Execution Exploit Symantec Endpoint Protection Manager is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary Java objects leading to remote code execution. CVE-2015-6555 Exploits/Remote Windows
11.24.2015 Oracle WebLogic Server commons-collections Java Library Deserialization Vulnerability Remote Code Execution Exploit Update Oracle WebLogic Server is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary Java objects leading to remote code execution. This update add proper CVE number and more supported platforms. CVE-2015-4852 Exploits/Remote Solaris, Windows, Linux
11.23.2015 Kaspersky Antivirus ThinApp Parser Exploit Kaspersky Antivirus is prone to a buffer overflow when handling a specially crafted ThinApp compressed file. NOCVE-9999-74927 Exploits/Client Side Windows
11.23.2015 SMB library fixes This update fixes an issue handling binary files which is present when running proxied. Exploits/Remote
11.16.2015 Oracle WebLogic Server commons-collections Java Library Deserialization Vulnerability Remote Code Execution Exploit Oracle WebLogic Server is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary Java objects leading to remote code execution. CVE-2015-4852 Exploits/Remote Solaris, Windows, Linux
11.12.2015 JBoss commons-collections Java Library Deserialization Vulnerability Remote Code Execution Exploit JBoss Application Server is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary Java objects leading to remote code execution. NOCVE-9999-74929 Exploits/Remote Code Execution Windows, Linux
11.12.2015 Jenkins commons-collections Java Library Deserialization Vulnerability Remote Code Execution Exploit Jenkins is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary Java objects leading to remote code execution. NOCVE-9999-74930 Exploits/Remote Code Execution Windows, Linux

Pages