Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
03.31.2008 MSRPC Trend Micro Server Protect AddTaskExportLogItem() Exploit TrendMicro ServerProtect 5.58 with security patch 3 installed is prone to a buffer overflow vulnerability on the rpc interface that could permit the execution of arbitrary remote code. CVE-2007-6507 Exploits/Remote Windows
11.04.2008 MSRPC Server Service Remote Buffer Overflow Exploit (MS08-067) Update This module exploits a vulnerability in the Microsoft Server service sending a specially crafted RPC request. This module improves the reliability of the exploit on Windows 2000 and adds support for Windows XP SP3. CVE-2008-4250 Exploits/Remote Windows
05.16.2010 HP Storage Data Protector MSG_PROTOCOL Buffer Overflow Exploit This module exploits a remote buffer overflow in the OmniInet.exe service included in the HP OpenView Storage Data Protector application by sending a malformed MSG_PROTOCOL packet. CVE-2007-2280 Exploits/Remote Windows
02.03.2008 Firebird SQL Username Remote Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the database service (fbserver.exe) of the FireBird SQL application. The exploit triggers a stack-based buffer overflow by sending a specially crafted packet with a malformed "username" value to port 3050/TCP of the vulnerable system and installs an agent if successful. CVE-2008-0387 Exploits/Remote Windows
04.13.2011 DATAC RealWin STARTPROG Buffer Overflow Exploit DATAC RealWin is prone to a buffer overflow vulnerability when handling On_FC_SCRIPT_FCS_STARTPROG packets with an overly long string. CVE-2011-1563 Exploits/Remote Windows
10.02.2014 PureFTPd Bash Variables Injection Exploit (CVE-2014-6271) This update includes a module exploiting a vulnerability found in Bash. When using PureFTPd in conjuntion with the vulnerable Bash version for user authentication, a Core Impact agent is installed. CVE-2014-6271 Exploits/Remote Solaris, Linux
11.03.2011 NJStar Communicator MiniSMTP Server Buffer Overflow Exploit Stack Overflow in the MiniSmtp Server component of the NJStar Communicator. NOCVE-9999-50132 Exploits/Remote Windows
08.03.2011 Iconics Genesis SCADA HMI Genbroker Server Exploit The Genesis GenBroker service is listening port 38080 and is affected by integer overflow vulnerabilities while handling crafted packets in opcode 0x4b0. NOCVE-9999-47722 Exploits/Remote Windows
06.22.2010 Novell ZENworks Configuration Management Preboot Service Remote Buffer Overflow Exploit This module exploits a remote stack-based buffer overflow in the Preboot Service component of Novell ZENworks Configuration Management by sending a specially crafted packet to the port 998/TCP. NOCVE-9999-43820 Exploits/Remote Windows
11.09.2009 Kerio PF Administration Exploit Update Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet. This update improves the reliability of the exploit when using the "Reuse connection" method to connect new agents. CVE-2003-0220 Exploits/Remote Windows
07.09.2009 Zabbix 1.6.2 Remote Code Execution Exploit A Remote Code Execution issue has been found in Zabbix version 1.6.2 and no authentication is required in order to exploit this vulnerability. Magic Quotes must be turned off in order to exploit this vulnerability. NOTE: Magic quotes is no longer supported by PHP starting with PHP 6.0 NOCVE-9999-37058 Exploits/Remote Linux
03.08.2012 Citrix Provisioning Services Streamprocess Opcodes Buffer Overflow Exploit Update This module exploits a remote buffer overflow in the streamprocess.exe service included in the Citrix Provisioning Services application by sending a malformed packet to the 6905/UDP port. This module adds support for Windows 2003. NOCVE-9999-50874 Exploits/Remote Windows
08.26.2010 Adobe ColdFusion locale Remote Code Execution Exploit An important vulnerability has been identified in ColdFusion version 8.0, 8.0.1, 9.0, 9.0.1 for Windows, Macintosh and UNIX. This directory traversal vulnerability could lead to information disclosure (CVE-2010-2861). Adobe has provided a solution for this reported vulnerability. It recomends that users update their product. CVE-2010-2861 Exploits/Remote Windows, Linux
08.29.2005 Exchange X-LINK2STATE CHUNK Exploit This module exploits a heap based buffer overflow handling the X-LINK2STATE command in the SMTP service of Exchange Server. CVE-2005-0560 Exploits/Remote Windows
12.05.2012 Novell File Reporter NFRAgent FSFUI Record File Upload Exploit This module exploits a Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter. This allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record. This vulnerability can be exploited remotely by sending a specially crafted packet to port TCP/3037. CVE-2012-4959 Exploits/Remote Windows
08.11.2009 Bopup Communications Server Remote Buffer Overflow Exploit The vulnerability is caused due to a boundary error and can be exploited to cause a stack-based buffer overflow via a specially crafted TCP packet sent to port 19810. Successful exploitation allows execution of arbitrary code. CVE-2009-2227 Exploits/Remote Windows
06.17.2014 OpenSSL ChangeCipherSpec Message Vulnerability Checker This module exploits a vulnerability in OpenSSL by sending a "Change Ciper Spec" message to the server. This vulnerability allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake. CVE-2014-0224 Exploits/Remote Linux
01.15.2007 CA BrightStor Tape Engine buffer overflow exploit This module exploits a buffer overflow in CA Brightstor Tape Engine in BrightStor ARCserve Backup v11.5 CVE-2007-0168 Exploits/Remote Windows
06.02.2011 Tomcat Deploy Manager Default Account Code Execution Exploit This module exploits a remote code execution vulnerability in Tomcat Web Server by using an default user account to upload an arbitrary file. CVE-2009-3548 Exploits/Remote Windows
08.13.2012 Samba LsarSetInformationPolicy Request Remote Buffer Overflow Exploit This module exploits a heap overflow bug in Samba Server by sending a crafted request packet via DCERPC call. CVE-2012-1182 Exploits/Remote Linux
11.06.2007 HP Linux Imaging and Printing exploit A vulnerability has been identified in HP Linux Imaging and Printing System (HPLIP), which could be exploited by local attackers to obtain elevated privileges. This issue is caused by input validation errors in the hpssd daemon that does not validate user-supplied data before being passed to a popen3() call, which could be exploited by malicious users to inject and execute arbitrary commands with root privileges. This package include local and remote versions of the exploit. CVE-2007-5208 Exploits/Remote Linux, FreeBSD
12.02.2009 MSRPC CA ARCserve Backup Command Injection Exploit CA BrightStor ARCserve Backup is prone to a command injection vulnerability on the RPC interface that could permit the execution of arbitrary remote code. A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer. CVE-2008-4397 Exploits/Remote Windows
07.21.2014 Adobe ColdFusion l10n.cfm Remote Code Execution Exploit The /CFIDE/adminapi/customtags/l10n.cfm page in Adobe ColdFusion does not properly validate its attributes.file parameter. This can be abused by a remote unauthenticated attacker to execute arbitrary code on vulnerable servers. CVE-2013-3336 Exploits/Remote Windows, Linux
01.12.2012 AVID Media Composer Phonetic Indexer Buffer Overflow Exploit Avid Media Composer is prone to a remote stack-based buffer-overflow vulnerability within the Phonetic Indexer (AvidPhoneticIndexer.exe) because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. CVE-2011-5003 Exploits/Remote Windows
10.19.2010 IBM Lotus Domino iCalendar Organizer Buffer Overflow Exploit A stack-based buffer overflow exists in the nRouter.exe component of IBM Lotus Domino when parsing the ORGANIZER field of an iCalendar invitation. This can be exploited by a remote, unauthenticated attacker to execute arbitrary code by sending a specially crafted e-mail to the Lotus Domino SMTP server. CVE-2010-3407 Exploits/Remote Windows
02.01.2009 Microsoft SQL Server sp_replwritetovarbin Remote Heap Overflow Exploit This module exploits a heap-based buffer overflow in the Microsoft SQL Server by sending a specially crafted SQL query. It has two uses: One as a Remote Exploit which needs authentication, and another as an SQL Injection Agent installer module, which needs an SQL Agent as a target. CVE-2008-5416 Exploits/Remote Windows
01.22.2008 MySQL yaSSL Exploit update This update adds support for Linux, Freebsd and additional MySQL versions. CVE-2008-0226 Exploits/Remote Windows, Linux, FreeBSD
05.02.2013 BigAnt IM Server DDNF Username Buffer Overflow Exploit BigAnt IM Server is vulnerable to a buffer-overflow within the AntDS.exe component when handling an overly long username. NOCVE-9999-57633 Exploits/Remote Windows
11.27.2007 Tivoli Storage Manager Exploit This module exploits a stack-based buffer overflow in the IBM Tivoli Storage Manager Express CAD Service 5.3. CVE-2007-4880 Exploits/Remote Windows
01.06.2010 HP OpenView Storage Data Protector Remote Buffer Overflow Exploit This module exploits a remote buffer overflow in the OmniInet.exe service included in the HP OpenView Storage Data Protector application by sending a malformed MSG_PROTOCOL packet. CVE-2009-3844 Exploits/Remote Windows

Pages