CORE Impact Pro Exploits and Security Updates

When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.

Use the controls below to navigate CORE Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
11.23.2009 HP Power Manager Administration Remote Buffer Overflow Exploit This module exploits a remote buffer overflow in the HP Power Manager Administration Web Server by sending a specially crafted POST request. CVE-2009-2685 Exploits/Remote Windows
03.18.2007 OpenBSD IPv6 mbuf Remote Exploit This module exploits a buffer overflow vulnerability in the OpenBSD kernel; the exploit uses fragmented ICMPv6 packets to take complete control of a target system. CVE-2007-1365 Exploits/Remote OpenBSD
02.12.2009 Debian OpenSSL Predictable Random Number Generation Exploit Update 2 This module exploits the random number generator in Debian's OpenSSL package being predictable. This vulnerability is used to generate SSH keys and to install an agent into the target host. The exploit will generate the complete vulnerable keyspace, and will try to log as the provided user. If the user is root, the agent will have superuser capabilities. This update improves exploit performance when used through Network Attack and Penetration RPT. CVE-2008-0166 Exploits/Remote Linux
09.13.2011 Agent modules realibility fix This update improves the reliability of the Microsoft Package and Register, Send Agent by Email, Install agent using SMB, Instal agent using USB and Install agent using SSH modules. Exploits/Remote
01.05.2012 Telnetd encrypt_keyid Remote Buffer Overflow Exploit Buffer overflow in libtelnet/encrypt.c in various implementations of telnetd allows remote attackers to execute arbitrary code with root permissions via a long encryption key. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2011-4862 Exploits/Remote FreeBSD, Linux
10.18.2010 Sync Breeze Server Login Request Buffer Overflow Exploit A vulnerability exists in Sync Breeze Server v2.2.34 when processing a remote clients "LOGIN" request.The vulnerability is caused due to a boundary error in libpal.dll when handling network messages and can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 9120. NOCVE-9999-45457 Exploits/Remote Windows
06.06.2007 LANDesk Management Suite Alert Service Exploit This module exploits a buffer overflow vulnerability in the Alert Service (aolnsrvr.exe) component of LANDesk Management Suite 8.7 and installs an agent if successful. This vulnerability can be exploited remotely by sending a specially crafted packet to port UDP/65535. CVE-2007-1674 Exploits/Remote Windows
08.13.2013 Upgrade to Impact 2013 R1.4 Upgrades Impact to v2013 Release 1.4; more information can be found at http://blog.coresecurity.com/2013/08/14/announcing-core-impact-v2013-r1-4/ Exploits/Remote
11.30.2010 Google Earth quserex DLL Hijacking Exploit Google Earth is prone to a vulnerability that may allow execution of quserex.dll if this dll is located in the same folder than .KMZ file. CVE-2010-3134 Exploits/Remote Windows
05.02.2013 HP Intelligent Management Center mibFileUpload Servlet Remote Exploit This module exploits a remote code execution vulnerability in HP Intelligent Management Center by using the "mibFileUpload" servlet to upload an arbitrary .JSP file. CVE-2012-5201 Exploits/Remote Windows, Linux
01.24.2012 Omni-NFS Server NFSD Stack Buffer Overflow Exploit A buffer overflow exist in nfsd.exe in XLink Omni-NFS Server and allows remote attackers to execute arbitrary code via a crafted TCP packet to port 2049 (nfsd). CVE-2006-5780 Exploits/Remote Windows
06.02.2009 Apple CUPS HP-GL2 filter Remote Code Execution Exploit Update This module exploits a specific flaw in the Hewlett-Packard Graphics Language filter. Inadequate bounds checking on the pen width and pen color opcodes result in an arbitrary memory overwrite allowing for the execution of arbitrary code as the "hgltops" process uid. -Linux Support added CVE-2008-3641 Exploits/Remote Linux, Mac OS X
08.02.2010 Symantec AMS Intel Handler Service Command Injection Exploit This module exploits command injection vulnerability in Symantec AMS Intel Handler Service and install an agent into the target machine. CVE-2010-0110 Exploits/Remote Windows
03.25.2009 Moodle Tex Filter Remote Code Execution Exploit Upgrade This update adds Windows (XP) to the supported target systems for this exploit. NOCVE-9999-35969 Exploits/Remote Windows, Linux
08.29.2006 MailEnable IMAPD W3C Logging Buffer Overflow Exploit This module exploits a buffer overflow in the W3C logging for MailEnable Enterprise 1.1 allows remote attackers to execute arbitrary code. CVE-2005-3155 Exploits/Remote Windows
05.30.2010 HP OpenView NNM getnnmdata Hostname CGI Buffer Overflow Exploit This module exploits a stack-based buffer overflow in the getnnmdata.exe CGI application, a component of HP OpenView Network Node Manager, by sending an HTTP request with an invalid value for the Hostname parameter. CVE-2010-1555 Exploits/Remote Windows
05.22.2013 SAP Netweaver Message Server _MsJ2EE_AddStatistics Memory Corruption Exploit The Message Server component of SAP Netweaver is prone to a memory corruption vulnerability when the _MsJ2EE_AddStatistics function handles a specially crafted request with iflag value 0x0c MS_J2EE_SEND_TO_CLUSTERID, or 0x0d MS_J2EE_SEND_BROADCAST. This vulnerability can be exploited by remote unauthenticated attackers to execute arbitrary code on the vulnerable server. CVE-2013-1592 Exploits/Remote Windows
10.23.2008 Alt-N Security Gateway Remote Buffer Overflow Exploit Update This module exploits a stack-based buffer overflow in the Alt-N Security Gateway by sending a specially crafted HTTP request to the TCP port 4000. This module adds support for Windows 2000 Professional SP4. CVE-2008-4193 Exploits/Remote Windows
02.06.2012 Traq Command Injection Exploit Traq is vulnerable to an authentication bypass vulnerability, this module exploits this vulnerability in order to install a plugin hook to ultimately install an agent in the target host. NOCVE-9999-50813 Exploits/Remote Windows, Solaris, Linux, Mac OS X
12.05.2012 Novell File Reporter NFRAgent FSFUI Record File Upload Exploit This module exploits a Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter. This allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record. This vulnerability can be exploited remotely by sending a specially crafted packet to port TCP/3037. CVE-2012-4959 Exploits/Remote Windows
11.30.2011 Xoops mydirname Remote Code Execution Exploit Update This update adds support for Solaris platform. NOCVE-9999-38580 Exploits/Remote Solaris, Linux
09.22.2009 Phpmyadmin Server_databases Remote Code Execution Exploit Update This updates provides more readable log messages when specific errors occur and improves the reliability of the exploit. CVE-2008-4096 Exploits/Remote Linux
02.27.2011 ActFax Server LPD-LPR Buffer Overflow Exploit This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing ActFax Server. The vulnerability is caused due to a boundary error when processing an overly long Print Job command on the Line Printer Daemon Server (LPD-Server) . This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. NOCVE-9999-47199 Exploits/Remote Windows
05.29.2005 MySQL MaxDB WebTool GET Request Buffer Overflow Exploit This module exploits a stack buffer overflow in the MySQL MaxDB WebTool Server and installs a level0 agent. CVE-2005-0684 Exploits/Remote Windows
06.20.2008 Microsoft WINS Exploit (MS08-034) A memory corruption vulnerability in the ChkNtfSock function of wins.exe allows remote code execution. The WINS service listens on more than one UDP port (it listens on 42/udp and also on a dynamic UDP port). This attack targets the dynamic udp port, thus it requires the identification of such dynamic port by the user. This can be accomplished by running a port scanner module such as the 'Port Scanner - UDP' module. CVE-2008-1451 Exploits/Remote
08.13.2012 Samba LsarSetInformationPolicy Request Remote Buffer Overflow Exploit This module exploits a heap overflow bug in Samba Server by sending a crafted request packet via DCERPC call. CVE-2012-1182 Exploits/Remote Linux
07.05.2009 phpScheduleit 1.2.10 Remote Code Execution Exploit Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter. CVE-2008-6132 Exploits/Remote Windows, Linux
02.15.2010 UplusFtp Multiple Remote Buffer Overflow Exploit The vulnerability is caused due to a boundary error when handling some commands. This can be exploited to cause a stack-based buffer overflow via an overly long command string, passed to the affected server. NOCVE-9999-42111 Exploits/Remote Windows
11.08.2009 Microsoft Windows Print Spooler Buffer Overflow Exploit (MS09-022) This module exploits a buffer overflow vulnerability in the EnumeratePrintShares function in the Print Spooler Service in Microsoft Windows to install an agent in the target machine. CVE-2009-0228 Exploits/Remote Windows
12.25.2006 MSRPC Netware Client CSNW Overflow exploit update This module exploits a buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows allows remote attackers to execute arbitrary code via crafted messages. CVE-2006-4688 Exploits/Remote Windows

Pages