Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
12.15.2015 Joomla com_contenthistory SQL Injection This module exploits a SQL Injection vulnerability in Joomla which allows gathering of users and password hashes by parsing SQL output errors CVE-2015-7297 Linux
09.06.2015 Magento eCommerce Web Sites Remote Code Execution Exploit Magento eCommerce Web Sites suffers from a Authentication Bypass Vulnerability, a Blind SQL Injection Vulnerability and a Remote File Inclusion Vulnerability. These 3 vulnerabilities, allows an attacker to gain arbitrary code execution on the affected system. CVE-2015-1397
08.03.2009 Unisys Business Information Server Remote Buffer Overflow Exploit This module exploits a remote buffer overflow in the Unisys Business Information Server by sending a specially crafted packet to the 3989/TCP port. CVE-2009-1628 Exploits/Remote Windows
01.05.2012 CoDeSys SCADA Webserver Buffer Overflow Exploit webserver.exe is a component in 3S CoDeSys for handling the HTTP connections on port 8080. The process is affected by a buffer overflow that copies the input URI in a limited buffer allowing code execution. NOCVE-9999-50546 Exploits/Remote Windows
07.01.2015 Zimbra Collaboration Server skin Local File Include Exploit Zimbra is vulnerable to a Local File Inclusion vulnerability that allows attacker to get LDAP credentials which we may use for upload a JSP file allowing us to install an agent. CVE-2013-7091 Exploits/Remote Linux
07.05.2010 Evological EvoCam Remote Buffer Overflow Exploit The vulnerability is caused due to a boundary error in the included web server when processing HTTP requests. This can be exploited to cause a stack-based buffer overflow via an overly long GET request. CVE-2010-2309 Exploits/Remote Mac OS X
06.08.2011 HP Rational Quality Manager Backdoor Account Code Execution Exploit This module exploits a remote code execution vulnerability in HP Rational Quality Manager by using an undocumented user account to upload an arbitrary file. CVE-2010-4094 Exploits/Remote Windows
03.08.2011 Symantec AMS Intel Alert Handler Pin Number Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the Intel Handler Service. CVE-2010-0111 Exploits/Remote Windows
06.02.2014 Dassault Systemes Catia CATV5_Backbone_Bus Buffer Overflow Exploit A stack buffer overflow occurs when copying a user supplied input to a fixed size stack buffer. The copying procedure stops when a null byte is found and no size check is proceeded. NOCVE-9999-62708 Exploits/Remote Windows
02.01.2009 Microsoft SQL Server sp_replwritetovarbin Remote Heap Overflow Exploit This module exploits a heap-based buffer overflow in the Microsoft SQL Server by sending a specially crafted SQL query. It has two uses: One as a Remote Exploit which needs authentication, and another as an SQL Injection Agent installer module, which needs an SQL Agent as a target. CVE-2008-5416 Exploits/Remote Windows
02.16.2014 IBM Director CIM Server Remote Code Execution Exploit update This update resolves an issue related to the use of Impact's WebDAV server by this module. Exploits/Remote
06.23.2011 DATAC RealWin SCADA Server Login Buffer Overflow Exploit DATAC Realwin is prone to a buffer-overflow when processing On_FC_CONNECT_FCS_LOGIN packets with an overly long user name. CVE-2011-1563 Exploits/Remote Windows
01.17.2010 HP OpenView Storage Data Protector Remote Buffer Overflow Exploit Update This module exploits a remote buffer overflow in the OmniInet.exe service included in the HP OpenView Storage Data Protector application by sending a malformed MSG_PROTOCOL packet. This update adds support for HP OpenView Storage Data Protector 6.0 and for Windows XP and Vista. CVE-2009-3844 Exploits/Remote Windows
05.31.2012 Novell ZENworks Configuration Management Preboot Service Opcode 0x21 Buffer Overflow Exploit This module exploits a remote stack-based buffer overflow vulnerability in the Preboot Service component of Novell ZENworks Configuration Management, by sending a specially crafted packet to the port 998/TCP. NOCVE-9999-43820 Exploits/Remote Windows
09.07.2009 Oracle Web Logic IIS JSESSIONID Buffer Overflow Exploit This module exploits a vulnerability in Oracle WebLogic IIS Connector when sending a specially crafted POST message with a specially JSESSIONID cookie. CVE-2008-5457 Exploits/Remote Windows
11.04.2008 MSRPC Server Service Remote Buffer Overflow Exploit (MS08-067) Update This module exploits a vulnerability in the Microsoft Server service sending a specially crafted RPC request. This module improves the reliability of the exploit on Windows 2000 and adds support for Windows XP SP3. CVE-2008-4250 Exploits/Remote Windows
01.22.2012 InduSoft Web Studio CEServer Remote Code Execution Exploit The flaw exists in the Remote Agent (CEServer.exe) that listens by default on TCP port 4322, the process can not perform any authentication and copy the packages designed to a fixed size buffer. CVE-2011-4051 Exploits/Remote Windows
05.16.2010 CA XOsoft Control Service entry_point.aspx Remote Buffer Overflow Exploit This module exploits a remote buffer overflow vulnerability in the entry_point.aspx login page of CA XOsoft Control Service. CVE-2010-1223 Exploits/Remote Windows
06.18.2007 MSRPC Trend Micro Server Protect buffer overflow exploit TrendMicro ServerProtect is prone to a buffer overflow vulnerability on the rpc interface that could permit the execution of arbitrary remote code. CVE-2007-2508 Exploits/Remote Windows
08.05.2014 Easy File Sharing Web Server UserID Cookie Handling Buffer Overflow Exploit By setting UserID in the cookie to a long string, we can overwrite EDX which allows us to control execution flow when the following instruction is executed. CVE-2014-3791 Exploits/Remote Windows
11.15.2007 MSRPC Samba Command Injection exploit update 2 for IMPACT 7.5 This update adds support for FreeBSD and OpenBSD. This module exploits a command injection vulnerability in the function AddPrinterW in Samba 3, reached through an AddPrinter remote request. CVE-2007-2447 Exploits/Remote Linux, OpenBSD, FreeBSD, Mac OS X
02.11.2014 Panda Security for Business Pagent MESSAGE_FROM_REMOTE Path Traversal Exploit The Pagent service component of Panda Security for Business is prone to a path traversal vulnerability when handling MESSAGE_FROM_REMOTE packets. This vulnerability can be exploited by remote unauthenticated attackers to drop arbitrary files in the vulnerable machine in order to gain remote code execution with SYSTEM privileges. NOCVE-9999-62132 Exploits/Remote Windows
10.22.2009 Microsoft Windows TCPIP Timestamp Remote DoS (MS09-048) This module exploits a memory corruption in the Microsoft Windows TCP/IP implementation by sending a sequence of TCP/IP packets with a specially crafted Timestamp values. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-1925 Exploits/Remote Windows
11.30.2011 Coppermine picEditor Remote Code Execution Exploit The include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) (before 1.4.15), when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via a shell. CVE-2008-0506 Exploits/Remote Solaris, Mac OS X
06.02.2010 IBM Cognos Server Backdoor Account Remote Exploit This module exploits a remote code execution vulnerability in IBM Cognos Express by using an undocumented user account to upload an arbitrary .WAR file. CVE-2010-0557 Exploits/Remote Windows
05.12.2011 HP OpenView NNM nnmRptConfig Template CGI Buffer Overflow Exploit This module exploits a stack-based buffer overflow in the nnmRptConfig.exe CGI application, a component of HP OpenView Network Node Manager, by sending a specially crafted packet. CVE-2011-0270 Exploits/Remote Windows
02.17.2010 HP OpenView NNM Snmp CGI Buffer Overflow Exploit This module exploits a vulnerability in HP OpenView NNM by sending a specially crafted request to the snmp.exe. CVE-2009-3849 Exploits/Remote Windows
07.18.2012 FireFly Media Server Remote Format String Exploit This module exploits a remote format string vulnerability in FireFly Media Server by sending a sequence of HTTP requests to the 3689/TCP port. CVE-2007-5825 Exploits/Remote Linux
10.18.2006 WS_FTP 5.05 XMD5 buffer overflow exploit This module exploits a stack overflow in WS_FTP 5.05 in XMD5 command and installs an agent. CVE-2006-5000 Exploits/Remote Windows
08.21.2005 MailEnable IMAP status command exploit This module exploits a buffer overflow in the status command of MailEnable and installs an agent. The status command requires an authenticated session, so valid credentials are required. CVE-2005-2278 Exploits/Remote Windows

Pages