Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
12.02.2010 ProFTPD Remote Backdoor Command Execution A backdoor introduced by attackers allows unauthenticated users remote root access to systems which run the maliciously modified version of the ProFTPD daemon. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. NOCVE-9999-46189 Exploits/Remote FreeBSD, Linux
10.14.2013 Nginx HTTP Server Chuncked Encoding Buffer Overflow Exploit This module exploits a buffer overflow vulnerability present in Nginx by bypassing the stack cookie protection and by reordering the TCP packets to make it reliable. CVE-2013-2028 Exploits/Remote Linux
11.30.2011 OpenX Remote Code Execution Exploit Update This update adds support for Solaris and Mac OS X platforms CVE-2009-4098 Exploits/Remote Solaris, Linux, Mac OS X
11.17.2008 MSRPC Server Service Remote Buffer Overflow Exploit (MS08-067) Update 2 This module exploits a vulnerability in the Microsoft Windows Server service sending a specially crafted RPC request. This update adds support for Windows 2003 Enterprise Edition sp2 with DEP enabled. CVE-2008-4250 Exploits/Remote Windows
07.05.2010 Evological EvoCam Remote Buffer Overflow Exploit The vulnerability is caused due to a boundary error in the included web server when processing HTTP requests. This can be exploited to cause a stack-based buffer overflow via an overly long GET request. CVE-2010-2309 Exploits/Remote Mac OS X
11.13.2006 McAfee ePolicy Orchestrator - Protection Pilot HTTP exploit This module exploits a buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126. CVE-2006-5156 Exploits/Remote Windows
03.01.2011 HP OpenView NNM ovas Remote Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the ovas service, part of the HP OpenView Network Node Manager application. The exploit triggers a stack-based buffer overflow by sending a specially crafted POST request with a malformed Destination Node variable to the vulnerable system and installs an agent if successful. CVE-2011-0263 Exploits/Remote Windows
04.21.2008 SurgeMail Mail Server Exploit update This module exploits a buffer overflow in SurgeMail Mail Server and installs an agent into the target host. A buffer overflow vulnerability is located in the function which handles the real CGI executables. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to this module. This exploit perform three attempts to disable DEP in XP SP2 and Windows 2003. CVE-2008-1054 Exploits/Remote Windows
09.11.2005 MailEnable SMTP auth command exploit This module exploits a stack-based buffer overflow in Mailenable smtp for Windows, allowing remote attackers to execute arbitrary code via AUTH command input. CVE-2005-2223 Exploits/Remote Windows
11.20.2013 HP System Management iprange Parameter Buffer Overflow Exploit This module exploits a Buffer Overflow on HP System Management. The vulnerability exists when handling a crafted iprange parameter on a request against /proxy/DataValidation. CVE-2013-2362 Exploits/Remote Windows
09.04.2007 Sun Java Web Start JNLP Stack Buffer Overflow Exploit This module exploits a stack-based buffer overflow vulnerability in the javaws.exe program and deploys an agent when successful. The exploit triggers a vulnerability in the Java Runtime Environment allowing an attacker to execute arbitrary code on the remote machine. CVE-2007-3655 Exploits/Remote Windows
07.16.2013 PCMan FTP Server USER Command Buffer Overflow Exploit PCMan's FTP Server is prone to a buffer-overflow when handling an overly long USER command. NOCVE-9999-58668 Exploits/Remote Windows
10.02.2011 Measuresoft ScadaPro Remote Exploit This module exploits a remote command execution vulnerability in the service.exe service included in the Measuresoft ScadaPro application by sending a sequence of malformed packets to the 11234/TCP port. CVE-2011-3497 Exploits/Remote Windows
07.10.2008 IBM Lotus Sametime StMux Remote Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the Community Services Multiplexer (StMux.exe) by requesting a specially crafted URL. CVE-2008-2499 Exploits/Remote Windows
12.25.2006 CA BrightStor ARCserve Backup Discovery Service exploit This module exploits a vulnerability in BrightStor ARCserve/Enterprise Backup, which can be leveraged by an attacker to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the Discovery Service when processing received network traffic. This can be exploited to cause a buffer overflow by sending an overly large TCP data stream to port 41523. CVE-2006-5143 Exploits/Remote Windows
10.03.2012 Novell File Reporter NFRAgent PATH Tag Buffer Overflow Exploit The vulnerability exists within NFRAgent.exe listening on TCP port 3037. When parsing tags inside the PATH element, the process performs insufficient bounds checking on user-supplied data prior to copying it on the stack. NOCVE-9999-54842 Exploits/Remote Windows
01.17.2010 HP OpenView Storage Data Protector Remote Buffer Overflow Exploit Update This module exploits a remote buffer overflow in the OmniInet.exe service included in the HP OpenView Storage Data Protector application by sending a malformed MSG_PROTOCOL packet. This update adds support for HP OpenView Storage Data Protector 6.0 and for Windows XP and Vista. CVE-2009-3844 Exploits/Remote Windows
02.08.2009 CA BrightStor ARCserve Backup Media Server Exploit Update This module exploits a buffer overflow in the handling of RPC data in the Computer Associates BrightStor ARCServe Backup Media Server service (mediasvr.exe) which is a component of BrightStor ARCserve Backup Tape Engine. This update adds support for Windows 2003 SP1 and SP2, Windows Vista SP1 and Windows XP SP3. CVE-2007-1785 Exploits/Remote Windows
06.06.2012 MSRPC DCOM Exploit Update 2 This Update adds MS03-026 in XML. CVE-2003-0352 Exploits/Remote Windows
10.18.2009 TFTPServer SP Buffer Overflow Exploit Update This module exploits a buffer overflow vulnerability in the handling of Error Packet for overwrite all the .bss section and some portion of the .idata section. This module add the service specification tag. CVE-2008-2161 Exploits/Remote Windows
12.12.2013 TP-Link Camera Unauthenticated Remote Firmware Upgrade Exploit The /cgi-bin/firmwareupgrade file in TP-Link IP cameras allows remote unauthenticated attackers to perform firmware upgrades. This module tries to verify if the vulnerability is present in the target device without actually upgrading its firmware. CVE-2013-2581 Exploits/Remote
08.04.2013 freeSSHd SSH Server Authentication Bypass Remote Code Execution Exploit Update This update modifies the application version displayed in Quick Information CVE-2012-6066 Exploits/Remote Windows
10.24.2011 Samba Username Map Script Command Injection Exploit The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the SamrChangePassword function, when the "username map script" smb.conf option is enabled. CVE-2007-2447 Exploits/Remote Linux
03.20.2013 BigAnt Server DUPF Command Arbitrary File Upload Exploit BigAnt Server is prone to an arbitrary file upload and execute through a DUPF command. CVE-2012-6274 Exploits/Remote Windows
09.28.2008 HP OpenView Ovalarmsrv Remote Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the ovalarmsrv module of the HP OpenView Network NodeManager application. The exploit triggers a stack-based buffer overflow by sending a specially crafted packet to port 2954/TCP of the vulnerable system and installs an agent if successful. This module works disabling DEP on Windows 2003 Enterprise Edition sp2 in the context of the vulnerable application. CVE-2008-1851 Exploits/Remote Windows
05.16.2010 CA XOsoft Control Service entry_point.aspx Remote Buffer Overflow Exploit This module exploits a remote buffer overflow vulnerability in the entry_point.aspx login page of CA XOsoft Control Service. CVE-2010-1223 Exploits/Remote Windows
11.01.2012 HP Data Protector EXEC_CMD Exploit Update This module exploits a buffer overflow vulnerability in HP Data Protector by sending a specially crafted EXEC_CMD request. This update fixes an issue when using InjectorEgg. CVE-2011-1866 Exploits/Remote Windows
04.18.2011 7T Interactive Graphical SCADA System IGSSdataServer Remote Buffer Overflow Exploit This module exploits a remote stack-based buffer overflow in IGSSdataServer by sending a malformed packet to the 12401/TCP port. CVE-2011-1567 Exploits/Remote Windows
07.30.2014 Yokogawa CS3000 BKFSim vhfd Buffer Overflow Exploit Yokogawa CS3000 is prone to a buffer overflow when handling specially crafted packets through UDP port 20010. CVE-2014-3888 Exploits/Remote Windows
11.14.2007 HP Linux Imaging and Printing exploit for Impact 7.5 A vulnerability has been identified in HP Linux Imaging and Printing System (HPLIP), which could be exploited by local attackers to obtain elevated privileges. This issue is caused by input validation errors in the hpssd daemon that does not validate user-supplied data before being passed to a popen3() call, which could be exploited by malicious users to inject and execute arbitrary commands with root privileges. This package include local and remote versions of the exploit. CVE-2007-5208 Exploits/Remote Linux, FreeBSD

Pages