Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
05.27.2010 MicroWorld eScan Products Remote Command Execution Exploit Multiple MicroWorld eScan products are vulnerable to a remote command-execution vulnerability because they fail to properly sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary commands with superuser privileges. Successful attacks will completely compromise affected computers. The issue affects the following products versions prior to 4.1.x: eScan for Linux Desktop, eScan for Linux File Servers, MailScan for Linux Mail servers, WebScan for Linux Proxy Servers. NOCVE-9999-42682 Exploits/Remote Linux
11.21.2012 WebCalendar Remote Code Execution Exploit This module exploits a command injection vulnerability in WebCalendar prior to 1.2.4 in order to install an agent. CVE-2012-1495 Exploits/Remote Windows, Linux, Mac OS X
11.24.2008 RealVNC 4.1.1 Authentication Exploit Update This exploit simulates a RealVNC client and establishes a connection with a Real VNC server without using a password. After that, it opens a console, writes the exploit and executes it in ntsd.exe CVE-2006-2369 Exploits/Remote Windows
05.15.2011 HP OpenView NNM jovgraph displayWidth Buffer Overflow Exploit This module exploits a stack-based buffer overflow in the jovgraph.exe CGI application, a component of HP OpenView Network Node Manager, by sending a specially crafted packet. CVE-2011-0261 Exploits/Remote Windows
09.04.2007 Sun Java Web Start JNLP Stack Buffer Overflow Exploit This module exploits a stack-based buffer overflow vulnerability in the javaws.exe program and deploys an agent when successful. The exploit triggers a vulnerability in the Java Runtime Environment allowing an attacker to execute arbitrary code on the remote machine. CVE-2007-3655 Exploits/Remote Windows
02.04.2010 PhpMyAdmin Unserialize Remote Code Execution Exploit phpMyAdmin is vulnerable to a remote code execution due the use of the unserialize method on user supplied data. This data is written in the config file and is accessible from the internet by default. CVE-2009-4605 Exploits/Remote Windows, Solaris, Linux, Mac OS X
07.16.2012 SugarCRM CE unserialize PHP Code Execution Exploit The vulnerability is caused by scripts using "unserialize()" with user controlled input. This can be exploited to execute arbitrary PHP code via the "__destruct()" method of the "SugarTheme" class or passing an ad-hoc serialized object through the $_REQUEST['current_query_by_page'] input variable. CVE-2012-0694 Exploits/Remote Solaris, Linux, Mac OS X
03.19.2012 Kingview SCADA HMI HistorySvr Heap Overflow Exploit Update KingView Scada is vulnerable to a buffer overflow error in the HistorySvr.exe module when processing malformed packets sent to port 777/TCP. This update adds new indirection using shell32.dll version 6.0.0.2900.5512. CVE-2011-0406 Exploits/Remote Windows
10.02.2014 PureFTPd Bash Variables Injection Exploit (CVE-2014-6271) This update includes a module exploiting a vulnerability found in Bash. When using PureFTPd in conjuntion with the vulnerable Bash version for user authentication, a Core Impact agent is installed. CVE-2014-6271 Exploits/Remote Solaris, Linux
06.10.2009 MSRPC Server Service Remote Buffer Overflow Exploit (MS08-067) Update 4 This module exploits a vulnerability in the Microsoft Windows Server service by sending a specially crafted RPC request. This update adds reliability to all supported platforms. CVE-2008-4250 Exploits/Remote Windows
02.08.2009 CA BrightStor ARCserve Backup Media Server Exploit Update This module exploits a buffer overflow in the handling of RPC data in the Computer Associates BrightStor ARCServe Backup Media Server service (mediasvr.exe) which is a component of BrightStor ARCserve Backup Tape Engine. This update adds support for Windows 2003 SP1 and SP2, Windows Vista SP1 and Windows XP SP3. CVE-2007-1785 Exploits/Remote Windows
11.16.2009 Adobe RoboHelp Server File Upload Code Execution Exploit This module exploits a remote .JSP code injection in Adobe RoboHelp Server by sending a specially crafted HTTP request to the affected service. CVE-2009-3068 Exploits/Remote Windows
09.26.2011 Iphone SSH Default Password Exploit This module exploits a default password vulnerability in jailbroken Iphone iOS. NOCVE-9999-49570 Exploits/Remote
11.14.2007 HP Linux Imaging and Printing exploit for Impact 7.5 A vulnerability has been identified in HP Linux Imaging and Printing System (HPLIP), which could be exploited by local attackers to obtain elevated privileges. This issue is caused by input validation errors in the hpssd daemon that does not validate user-supplied data before being passed to a popen3() call, which could be exploited by malicious users to inject and execute arbitrary commands with root privileges. This package include local and remote versions of the exploit. CVE-2007-5208 Exploits/Remote Linux, FreeBSD
06.16.2010 UnrealIRCd Backdoor Unauthorized Access Exploit This module exploits a remote command execution vulnerability found in UnrealIRCd by using an unauthorized backdoor. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-4893 Exploits/Remote Solaris, Linux
07.25.2011 HP OpenView Performance Insight Server Backdoor Account Code Execution Exploit This module exploits a hidden account in the com.trinagy.security.XMLUserManager Java class. When using this account, an attacker can abuse the com.trinagy.servlet.HelpManagerServlet class and write arbitary files to the system allowing the execution of arbitary code. CVE-2011-0276 Exploits/Remote Windows
08.29.2005 Exchange X-LINK2STATE CHUNK Exploit This module exploits a heap based buffer overflow handling the X-LINK2STATE command in the SMTP service of Exchange Server. CVE-2005-0560 Exploits/Remote Windows
06.17.2014 OpenSSL ChangeCipherSpec Message Vulnerability Checker This module exploits a vulnerability in OpenSSL by sending a "Change Ciper Spec" message to the server. This vulnerability allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake. CVE-2014-0224 Exploits/Remote Linux
07.21.2009 XOOPS mydirname Remote Code Execution Exploit This module exploits a lack of data sanitization when passed to the "mydirname" parameter in specific modules of XOOP web application. This can be exploited to inject and execute arbitrary PHP code to deploy an agent. Successful exploitation requires that "register_globals" is enabled. NOCVE-9999-38580 Exploits/Remote Solaris, Linux
01.17.2008 Synce Command injection exploit update This update adds the vulnerability name to reports. CVE-2008-1136 Exploits/Remote FreeBSD, Linux
07.21.2010 Evinco CamShot GET Request Buffer Overflow Exploit This module exploits a vulnerability in the CamShot Module (camshot.exe) that can be exploited to cause a stack-based buffer overflow by sending a specially crafted, overly long HTTP GET request to TCP port where the server is listening. NOCVE-9999-44333 Exploits/Remote Windows
01.15.2007 CA BrightStor Tape Engine buffer overflow exploit This module exploits a buffer overflow in CA Brightstor Tape Engine in BrightStor ARCserve Backup v11.5 CVE-2007-0168 Exploits/Remote Windows
04.12.2009 PeerCast HTTP Server Buffer Overflow exploit PeerCast is prone to a remote buffer overflow vulnerability. This can facilitate a remote compromise due to arbitrary code execution. CVE-2006-1148 Exploits/Remote Linux
12.12.2007 MSRPC Message Queuing Service MS07-065 Exploit The windows Message Queuing Service is prone to a buffer overflow vulnerability on the rpc interface that could permit the execution of arbitrary remote code. CVE-2007-3039 Exploits/Remote Windows
04.06.2010 DameWare Mini Remote Control Pre Auth Exploit This module exploits a vulnerability in the DameWare Mini Remote Control Service sending a specially crafted packet to the 6129/TCP port. CVE-2003-1030 Exploits/Remote Windows
04.05.2011 Kingview SCADA HMI HistorySvr Heap Overflow Exploit KingView Scada is vulnerable to a buffer overflow error in the "HistorySvr.exe" module when processing malformed packets sent to port 777/TCP. CVE-2011-0406 Exploits/Remote Windows
12.05.2010 PSOProxy GET Request Buffer Overflow Exploit The vulnerability is caused due to a boundary error within PSOProxy when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. CVE-2004-0313 Exploits/Remote Windows
01.24.2012 FreeFTPD User Command Buffer Overflow Exploit An internal memory buffer may be overrun while handling long "USER" command. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the FreeFTPdService.exe process. CVE-2005-3683 Exploits/Remote Windows
07.21.2014 Adobe ColdFusion l10n.cfm Remote Code Execution Exploit The /CFIDE/adminapi/customtags/l10n.cfm page in Adobe ColdFusion does not properly validate its attributes.file parameter. This can be abused by a remote unauthenticated attacker to execute arbitrary code on vulnerable servers. CVE-2013-3336 Exploits/Remote Windows, Linux
08.05.2009 RPT Remote Exploits Timeout Update This update corrects timeouts in different remote exploits. CVE-2007-6377 Exploits/Remote Windows

Pages