Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
03.17.2010 Microsoft SQL Server sp_replwritetovarbin Remote Heap Overflow Exploit Update This module exploits a heap-based buffer overflow in the Microsoft SQL Server by sending a specially crafted SQL query. This update adds support for executestatement() functionality within the WebApps vector. It has two uses: One as a Remote Exploit which needs authentication, and another as an SQL Injection Agent installer module, which needs an SQL Agent as a target. CVE-2008-5416 Exploits/Remote Windows
09.09.2009 IIS FTP NLST Buffer Overflow Exploit This module exploits a buffer overflow in the FTP server in Microsoft Internet Information Server (IIS) via a crafted NLST command that uses wildcards. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-3023 Exploits/Remote Windows
07.04.2013 ASN.1 Bit String SPNEGO exploit Update Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 encodings that cause arbitrary heap data to be overwritten. This update modifies the runtime value for this exploit. CVE-2003-0818 Exploits/Remote Windows
02.26.2009 Novell GroupWise Internet Agent Remote Buffer Overflow Exploit This module exploits an off-by-one condition by sending a specially crafted RCPT verb argument to a Novell GroupWise Internet Agent. CVE-2009-0410 Exploits/Remote Windows
04.14.2010 Microsoft Windows Media Services Remote Exploit (MS10-025) This module exploits a remote buffer overflow in the Microsoft Windows Media Services by sending a specially crafted packet to the port 1755/TCP. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-0478 Exploits/Remote Windows
12.01.2008 BigAnt IM Server HTTP GET Request Remote Buffer Overflow Exploit This module exploits a vulnerability in the AntServer Module (AntServer.exe), this can be exploited to cause a stack-based buffer overflow by sending a specially crafted, overly long HTTP GET request to default port 6080/TCP. CVE-2008-1914 Exploits/Remote Windows
09.16.2012 HP OpenView Performance Agent coda.exe Opcode 0x34 Buffer Overflow Exploit A buffer overflow exists in coda.exe process which listens on a random TCP port by default. The process trusts a value within a GET request as a size then proceeds to copy that many bytes of user-supplied data into a fixed-length buffer on the stack. CVE-2012-2019 Exploits/Remote Windows
12.27.2009 HP OpenView NNM ovalarm CGI Remote Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the ovalarm.exe application, part of the HP OpenView Network Node Manager application. The exploit triggers a stack-based buffer overflow by sending a specially crafted HTTP request to the ports 3443/TCP or 80/TCP of the vulnerable system and installs an agent if successful. CVE-2009-4179 Exploits/Remote Windows
06.15.2014 HP SiteScope issueSiebelCmd Remote Code Execution Exploit This module exploits a remote code execution vulnerability in HP SiteScope. The vulnerability exists in the APISiteScopeImpl web service, specifically in the issueSiebelCmd method, which allows the user to execute arbitrary commands without authentication. CVE-2013-4835 Exploits/Remote Windows, Linux
02.12.2008 Microsoft IGMPv3 DoS (MS08-001) This modules causes a Denial of Service in Microsoft Windows. CVE-2007-0069 Exploits/Remote Windows
01.12.2012 Telnetd encrypt_keyid Remote Buffer Overflow Exploit Update A buffer overflow in libtelnet/encrypt.c in Inetutils and Heimdal implementations of telnetd allows remote attackers to execute arbitrary code with root permissions via a long encryption key. This update adds support for Debian and newer FreeBSD platforms. CVE-2011-4862 Exploits/Remote FreeBSD, Linux
01.06.2008 SynCE Command Injection exploit This module exploits a command injection error in the function runScripts in vdccm (SynCE daemon), reached through an information message remote request. CVE-2008-1136 Exploits/Remote FreeBSD, Linux
01.04.2006 miniserv perl format string exploit This is an exploit for Usermin's and Webmin's perl format string vulnerability (CAN-2005-3912). CVE-2005-3912 Exploits/Remote Linux, Windows
07.24.2013 PHP Charts Remote Code Execution Exploit This module exploits a vulnerability in PHP Charts 1.0. The url.php script eval()s every single GET key/value pair. Leading to code execution. NOCVE-9999-57634 Exploits/Remote
03.17.2009 WinGate Proxy Server Buffer Overflow Exploit The vulnerability is caused due to a boundary error within the handling of POST requests. This may allow execution of arbitrary code by sending an overly long, specially crafted POST request to the proxy server CVE-2006-2926 Exploits/Remote Windows
01.26.2010 Sun Java System Web Server Webdav Stack Overflow This module exploits a buffer overflow vulnerability in the Sun Web Server Webdav service when parsing OPTION requests. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-0361 Exploits/Remote Windows
07.21.2014 HP AutoPass License Server Remote Code Execution Exploit This module exploits a remote code execution vulnerability in HP AutoPass License Server. The CommunicationServlet component in HP AutoPass License Server does not enforce authentication and has a directory traversal vulnerability allowing a remote attacker to execute arbitrary code trough a JSP page uploaded to the vulnerable server. CVE-2013-6221 Exploits/Remote Windows
04.17.2008 CA BrightStor Tape Engine Buffer Overflow Exploit update This module exploits a buffer overflow in CA Brightstor Tape Engine in BrightStor ARCserve Backup v11.5. This package makes a slight change in the documentation of the module. CVE-2007-0168 Exploits/Remote Windows
12.04.2007 IBM Lotus Domino IMAP Server Buffer Overflow Exploit Update This module exploits a buffer overflow vulnerability in a Lotus Domino IMAP Server and installs an agent if successful. This vulnerability can be exploited remotely and it does not require user authentication. This update adds support for Lotus Domino for windows versions 6.5, 7.0.1, 7.0.1FP1, and 7.0.2. CVE-2007-1675 Exploits/Remote Windows, AIX
01.26.2012 HP Diagnostics Server magentservice Remote Buffer Overflow Exploit A buffer overflow in magentservice.exe within HP Diagnostics allows remote attackers to execute arbitrary code via a crafted size value in a packet. CVE-2011-4789 Exploits/Remote Windows
11.10.2010 Distcc Remote Code Execution Exploit Distcc, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks. This module exploits the vulnerability to install an agent. CVE-2004-2687 Exploits/Remote Solaris, AIX, Linux
05.16.2006 DCERPC Authentication and Encryption support This update will add DCERPC encryption to some MSRPC exploits. The result is that, when enabled, all the 'Stub data' for DCERPC requests will be encrypted, thus hiding the real content. CVE-2005-1985 Exploits/Remote Windows
08.05.2010 Oracle Secure Backup Authentication Bypass-Command Injection Exploit This module exploits an authentication bypass in the login.php in vulnerable versions of Oracle Secure Backup in order to execute arbitrary code via command injection parameters. CVE-2010-0904 Exploits/Remote Windows, Solaris
05.01.2013 Firebird SQL CNCT Remote Buffer Overflow Exploit This module exploits a remote buffer overflow in Firebird SQL by sending a malformed packet to the 3050/TCP port. CVE-2013-2492 Exploits/Remote Linux
06.22.2010 Novell iManager Classname Buffer Overflow Exploit This module exploits a remote stack-based buffer overflow in Novell iManager when creating a class with an overly long name. CVE-2010-1929 Exploits/Remote Windows
12.08.2008 SAdminD Buffer Overflow Exploit This modules exploits a stack buffer overflow of the sadmind daemon, and installs an agent as root. CVE-2008-4556 Exploits/Remote Solaris
05.18.2011 EMC HomeBase SSL Service Remote Code Execution Exploit This module exploits a path traversal vulnerability in the SSL service of EMC HomeBase Server. CVE-2010-0620 Exploits/Remote Windows
02.02.2011 Kolibri Webserver HEAD Request Processing Buffer Overflow Exploit A vulnerability in Kolibri Webserver is caused by a buffer overflow error when handling overly long HEAD requests. This action could allow remote unauthenticated attackers to compromise a vulnerable web server via a specially crafted request. NOCVE-9999-46948 Exploits/Remote Windows
11.04.2009 Httpdx Web Server GET Request Buffer Overflow Exploit The vulnerability is caused due to a boundary error within Httpdx when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. CVE-2009-3711 Exploits/Remote Windows
05.15.2008 TFTPServer SP Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the handling of Error Packet for overwrite all the .bss section and some portion of the .idata section. CVE-2008-2161 Exploits/Remote Windows

Pages