CORE Impact Pro Exploits and Security Updates
When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.
Use the controls below to navigate CORE Impact exploits and other modules.
Released Date |
Title | Description | Vulnerabilty | Category | Platform |
|---|---|---|---|---|---|
| 05.17.2013 | Light HTTP Daemon Buffer Overflow Exploit | Light HTTPD is prone to a buffer overflow when handling specially crafted GET request packets. | NOCVE-9999-57945 | Exploits/Remote | Windows |
| 05.17.2013 | PHPMyAdmin Replace Table Prefix Remote Code Execution Exploit | This module abuses a vulnerability in phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 that allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature. | CVE-2013-3238 | Exploits/Remote | Linux |
| 05.16.2013 | Microsoft Windows Win32k Divide Error Exception DoS (MS13-046) | This module exploits a Windows kernel vulnerability calling to "NtGdiScaleViewportExtEx" function by using crafted parameters. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. | CVE-2013-1334 | Denial of Service/Local | Windows |
| 05.15.2013 | Kingsoft Office wpsio Buffer Overflow Exploit | In module wpsio, a BSTR string stored in the file is copied to the stack buffer, without checking its length, leading to a stack buffer overflow. | CVE-2012-4886 | Exploits/Client Side | Windows |
| 05.14.2013 | EMC AlphaStor Device Manager 0x41 Command Buffer Overflow Exploit | A flaw exists within Device Manager (rrobotd.exe), which listens by default on port 3000, when parsing the 0x41 command. | CVE-2013-0930 | Exploits/Remote | Windows |
| 05.13.2013 | ERDAS ER Viewer ERM_convert_to_correct_webpath Buffer Overflow Exploit | A Buffer Overflow exists within ERDAS ER Viewer due to a boundary error within the ERM_convert_to_correct_webpath() function in (ermapper_u.dll) when parsing file paths via a specially crafted ERS file. | CVE-2013-0726 | Exploits/Client Side | Windows |
| 05.09.2013 | Schneider Electric Accutech Manager Heap Overflow Exploit | This module exploits a heap overflow vulnerability in the Schneider Electric Accutech Manager Server by sending a malformed packet to the 2537/TCP port to execute arbitrary code or crash the server. | CVE-2013-0658 | Exploits/Remote | Windows |
| 05.08.2013 | GlobalSCAPE CuteZIP Buffer Overflow Exploit | CuteZip is prone to a buffer-overflow when handling a specially crafted ZIP file. | NOCVE-9999-57883 | Exploits/Client Side | Windows |
| 05.07.2013 | Microsoft Windows Win32k Font Parsing Vulnerability ClientSide DoS (MS13-036) | This module exploits a vulnerability in Windows kernel (win32k.sys) when a crafted TTF font is open. | CVE-2013-1291 | Denial of Service/Client Side | Windows |
| 05.05.2013 | Microsoft Internet Explorer CGenericElement Object Use-After-Free Exploit | Use-after-free occurs when a CGenericElement object is freed, but a reference is kept live on the Document and reused during rendering. | CVE-2013-1347 | Exploits/Client Side | Windows |
| 05.02.2013 | BigAnt IM Server DDNF Username Buffer Overflow Exploit | BigAnt IM Server is vulnerable to a buffer-overflow within the AntDS.exe component when handling an overly long username. | NOCVE-9999-57633 | Exploits/Remote | Windows |
| 05.02.2013 | HP Intelligent Management Center mibFileUpload Servlet Remote Exploit | This module exploits a remote code execution vulnerability in HP Intelligent Management Center by using the "mibFileUpload" servlet to upload an arbitrary .JSP file. | CVE-2012-5201 | Exploits/Remote | Windows, Linux |
| 05.01.2013 | Firebird SQL CNCT Remote Buffer Overflow Exploit | This module exploits a remote buffer overflow in Firebird SQL by sending a malformed packet to the 3050/TCP port. | CVE-2013-2492 | Exploits/Remote | Linux |
| 04.23.2013 | PHP Parsing Variant Buffer Overflow Exploit | A Buffer overflow against the com_print_typeinfo function in PHP running on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types. | CVE-2012-2376 | Exploits/Tools | Windows |
| 04.22.2013 | 3S CoDeSys Gateway Server Arbitrary File Upload Exploit | 3S Codesys Gateway Server is prone to a directory traversal vulnerability that allows arbitrary file creation. | CVE-2012-4705 | Exploits/Remote | Windows |
| 04.19.2013 | Microsoft Windows Win32k Font Parsing Vulnerability DoS (MS13-036) | This module exploits a vulnerability in Windows kernel (win32k.sys) when a crafted TTF font is open. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. | CVE-2013-1291 | Denial of Service/Local | Windows |
| 04.18.2013 | Nagios history Buffer Overflow Exploit | This module exploits a remote buffer overflow in Nagios history.cgi by sending a malformed host parameter. | CVE-2012-6096 | Exploits/Remote | Linux |
| 04.18.2013 | Oracle Java Dynamic Binding Remote Code Execution Exploit | An error in the way that Java implements dynamic binding can be abused to overwrite public final fields. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. | CVE-2013-2423 | Exploits/Client Side | Windows, Linux, Mac OS X |
| 04.11.2013 | Oracle Java CMM cmmColorConvert Memory Corruption Exploit | The color management(CMM) funcionality in Oracle Java is prune to a memory corruption vulnerability which allows to run Java code outside the sandbox. | CVE-2013-1493 | Exploits/Client Side | Windows |
| 04.09.2013 | Apple Mac OS X Samba NetWkstaTransportEnum Request Remote Buffer Overflow Exploit | This module exploits a vulnerability in Mac OS X Samba server. When a specially crafted call to "NetWkstaTransportEnum" RPC function is processed by the Samba server, it produces a heap overflow. | CVE-2012-1182 | Exploits/Remote | Mac OS X |
| 04.09.2013 | Honeywell HSC Remote Deployer ActiveX Arbitrary HTA Execution Exploit | This modules exploits a vulnerability found in the Honewell HSC Remote Deployer ActiveX. This control can be abused by using the LaunchInstaller() function to execute an arbitrary HTA from a remote location. | CVE-2013-0108 | Exploits/Client Side | Windows |
| 03.25.2013 | Siemens SIMATIC WinCC SCADA RegReader ActiveX Buffer Overflow Exploit | An unspecified error in the RegReader ActiveX control can be exploited to cause a buffer overflow. | CVE-2013-0676 | Exploits/Client Side | Windows |
| 03.20.2013 | BigAnt Server DUPF Command Arbitrary File Upload Exploit | BigAnt Server is prone to an arbitrary file upload and execute through a DUPF command. | CVE-2012-6274 | Exploits/Remote | Windows |
| 03.19.2013 | Schneider Electric Interactive Graphical SCADA System Buffer Overflow Exploit | This Stack-based buffer overflow exploits a vulnerability in Schneider Electric's Interactive Graphical SCADA System (IGSS) that allows remote attackers to execute arbitrary code by sending a specially crafted packet to TCP port-12397. | CVE-2013-0657 | Exploits/Remote | Windows |
| 03.18.2013 | ActFax RAW Server Buffer Overflow Exploit | A vulnerability in ActFax Server RAW server used to transfer fax messages without protocols. Data fields. @F506,@F605, and @F000 are vulnerable. | NOCVE-9999-56765 | Exploits/Remote | Windows |
| 03.17.2013 | Microsoft Internet Explorer SLayoutRun Use-After-Free Exploit (MS13-009) | Use-after-free vulnerability in Microsoft Internet Explorer where a CParaElement node is released but a reference is still kept in CDoc. This memory is reused when a CDoc relayout is performed. | CVE-2013-0025 | Exploits/Client Side | Windows |
| 03.17.2013 | Adobe Acrobat Reader acroform api With Sandbox Bypass Exploit | This module exploits a vulnerability in Adobe Reader and Adobe Acrobat Professional .PDF files. The vulnerability is caused due to memory corruption method in acroform.api. This can be exploited to cause code execution when a specially crafted .PDF file is opened in Adobe Reader or is opened embedded in a browser. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. This exploit complements CVE-2013-0640, with sandbox escape. All in one module. | CVE-2013-0641 | Exploits/Client Side | Windows |
| 03.13.2013 | Microsoft Windows Shell Briefcase Processing Integer Overflow Exploit(MS12-072) | An integer overflow occurs in Windows Shell when accesing a crafted briefcase using webdav, allowing remote users execute arbitrary code. | CVE-2012-1528 | Exploits/Client Side | Windows |
| 03.11.2013 | KingView KingMess Buffer Overflow Exploit | KingView is prone to a buffer-overflow exploit when the KingMess process handles specially crafted KVL files (log files). | CVE-2012-4711 | Exploits/Client Side | Windows |
| 03.06.2013 | Oracle Java 7U11 JMX Remote Code Execution Exploit | The default Java security properties configuration does not restrict access to certain objects in the com.sun.jmx.mbeanserver packages. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user. | CVE-2013-0431 | Exploits/Client Side | Windows, Mac OS X, Linux |