Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
07.28.2009 Wireshark PROFINET Dissector Format String Exploit Wireshark is prone to a format-string vulnerability. Attackers can leverage this issue to execute arbitrary code within the context of the vulnerable application. Failed attacks will likely cause denial-of-service conditions. CVE-2009-1210 Exploits/Remote Windows
08.06.2014 Atlassian JIRA Issue Collector Plugin Path Traversal Vulnerability Exploit A path traversal vulnerability affects the Issue Collector plugin in Atlassian JIRA. This module exploits that vulnerability to achieve remote code execution. The installed agent will have SYSTEM privileges. CVE-2014-2314 Exploits/Remote Windows
10.22.2009 Microsoft Windows TCPIP Timestamp Remote DoS (MS09-048) This module exploits a memory corruption in the Microsoft Windows TCP/IP implementation by sending a sequence of TCP/IP packets with a specially crafted Timestamp values. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-1925 Exploits/Remote Windows
06.08.2006 RealVNC 4.1.1 Authentication Exploit This exploit simulates a RealVNC client and establishes a connection with a Real VNC server without using a password. After that, it opens a console, writes the exploit and executes it in ntsd.exe CVE-2006-2369 Exploits/Remote Windows
06.05.2008 MDaemon IMAP Fetch Exploit Update This module exploits a stack-based buffer overflow in the MDaemon Email Server 9.64. CVE-2008-1358 Exploits/Remote Windows
08.06.2009 Motorola Timbuktu Pro PlughNTCommand Stack Based Buffer Overflow Exploit This module exploits a remote stack-based buffer overflow in Motorola Timbuktu Pro by sending a long malformed string over the plughNTCommand named pipe. CVE-2009-1394 Exploits/Remote Windows
08.03.2010 HP OpenView NNM OvJavaLocale Buffer Overflow Exploit This module exploits a stack-based buffer overflow in the webappmon.exe CGI application, a component of HP OpenView Network Node Manager, by sending an HTTP request with an invalid value for the OvJavaLocale parameter. CVE-2010-2709 Exploits/Remote Windows
09.17.2014 Apache Struts includeParams Remote Code Execution Exploit Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. This module leverages the vulnerability to install an agent in vulnerable installation. CVE-2013-1966 Exploits/Remote Windows, Linux
02.17.2010 HP OpenView NNM Snmp CGI Buffer Overflow Exploit This module exploits a vulnerability in HP OpenView NNM by sending a specially crafted request to the snmp.exe. CVE-2009-3849 Exploits/Remote Windows
06.28.2007 Sun Java Web SOCKS Proxy Authentication Exploit This module exploits a stack-based buffer overflow vulnerability in the SOCKS proxy included in the Sun Java Web Proxy Server. The exploit sends specially crafted packets during the SOCKS connection negotiation and installs an agent if successful. CVE-2007-2881 Exploits/Remote Linux
05.31.2012 Novell ZENworks Configuration Management Preboot Service Opcode 0x21 Buffer Overflow Exploit This module exploits a remote stack-based buffer overflow vulnerability in the Preboot Service component of Novell ZENworks Configuration Management, by sending a specially crafted packet to the port 998/TCP. NOCVE-9999-43820 Exploits/Remote Windows
06.02.2011 Tomcat Deploy Manager Default Account Code Execution Exploit This module exploits a remote code execution vulnerability in Tomcat Web Server by using an default user account to upload an arbitrary file. CVE-2009-3548 Exploits/Remote Windows
09.26.2007 MSRPC MSMQ Buffer Overflow exploit update This package updates the MSRPC MSMQ Buffer Overflow exploit module. CVE-2005-0059 Exploits/Remote Windows
05.18.2015 Microsoft Windows HTTP.sys Range Integer Overflow Memory Disclosure Exploit (MS15-034) The code that handles the 'Range' HTTP header in the HTTP.sys driver in Microsoft Windows, which is used by Internet Information Services (IIS), is prone to an integer overflow vulnerability when processing a specially crafted HTTP request with a very long upper range. This integer overflow vulnerability can be leveraged to generate a memory disclosure condition, in which the HTTP.sys driver will return more data than it should from kernel memory, thus allowing remote unauthenticated attackers to obtain potentially sensitive information from the affected server. CVE-2015-1635 Exploits/Remote Windows
01.12.2012 AVID Media Composer Phonetic Indexer Buffer Overflow Exploit Avid Media Composer is prone to a remote stack-based buffer-overflow vulnerability within the Phonetic Indexer (AvidPhoneticIndexer.exe) because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. CVE-2011-5003 Exploits/Remote Windows
06.01.2009 D-Link TFTP Transporting Mode Buffer Overflow Exploit D-Link TFTP Server 1.0 allows remote attackers to cause a buffer overflow via a long GET request, which triggers the vulnerability. CVE-2007-1435 Exploits/Remote Windows
12.05.2010 PSOProxy GET Request Buffer Overflow Exploit The vulnerability is caused due to a boundary error within PSOProxy when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. CVE-2004-0313 Exploits/Remote Windows
11.21.2007 Imatix Xitami If-Modified-Since Remote Buffer Overflow Exploit This module exploits a remote stack buffer overflow in the Xitami Server version 2.5c CVE-2007-5067 Exploits/Remote Windows
01.24.2012 Citrix Provisioning Services Streamprocess Opcodes Buffer Overflow Exploit This module exploits a remote buffer overflow in the streamprocess.exe service included in the Citrix Provisioning Services application by sending a malformed packet to the 6905/UDP port. NOCVE-9999-50874 Exploits/Remote Windows
07.18.2012 FireFly Media Server Remote Format String Exploit This module exploits a remote format string vulnerability in FireFly Media Server by sending a sequence of HTTP requests to the 3689/TCP port. CVE-2007-5825 Exploits/Remote Linux
12.25.2006 Novell eDirectory HTTP Protocol exploit update This module exploits a buffer overflow in Novell eDirectory HTTP Protocol. CVE-2006-5478 Exploits/Remote Windows
12.18.2005 MSRPC Netware Client Buffer Overflow exploit update This module exploits an unchecked buffer in the Client Service for NetWare on Microsoft Windows, and installs an agent (MS05-046). This update adds support for Windows XP. CVE-2005-1985 Exploits/Remote Windows
01.10.2008 SAP MaxDB Remote Command Injection Exploit This module installs an agent using a remote command-injection vulnerability located in the database server. CVE-2008-0244 Exploits/Remote Windows
04.13.2011 DATAC RealWin STARTPROG Buffer Overflow Exploit DATAC RealWin is prone to a buffer overflow vulnerability when handling On_FC_SCRIPT_FCS_STARTPROG packets with an overly long string. CVE-2011-1563 Exploits/Remote Windows
08.26.2015 SolarWinds Firewall Security Manager userlogin Exploit Solarwinds FSM is vulnerable to an authentication bypass in userlogin.jsp that allows attacker to upload an agent via a weekness in the username atribute in settings-new.jsp allowing us to install an agent. CVE-2015-2284 Exploits/Remote Windows
09.30.2009 MS SMB 2.0 Negociate Protocol Request Remote BSOD Exploit Update This update improves the exploit reliability. This module exploits a vulnerability on srv2.sys via a SMB 2 malformed packet. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-3103 Exploits/Remote Windows
12.09.2012 Remote Exploits File Header Update This update only modifies the description in the file header. CVE-2008-1914 Exploits/Remote Windows
07.11.2010 Microsoft Windows Print Spooler Buffer Overflow Exploit (MS09-022) Update This module exploits a buffer overflow vulnerability in the EnumeratePrintShares function in the Print Spooler Service in Microsoft Windows to install an agent in the target machine. This update adds TCP Spoofing Listener capabilities. CVE-2009-0228 Exploits/Remote Windows
07.26.2012 Simple Web Server GET Request Buffer Overflow Exploit The vulnerability is caused due to a boundary error within Simple Web Server when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. NOCVE-9999-53352 Exploits/Remote Windows
11.03.2011 NJStar Communicator MiniSMTP Server Buffer Overflow Exploit Stack Overflow in the MiniSmtp Server component of the NJStar Communicator. NOCVE-9999-50132 Exploits/Remote Windows

Pages