Core Certified Exploits

Library of expert validated exploits for safe and effective pen tests

Exploit development can be an advanced penetration testing skill that takes time to master. Additionally, when on a job, pen testers often don’t have the resources to create a new exploit. Many resort to searching for and using pre-written exploits that have not been tested and must go through the timely effort of quality assurance testing in order to ensure they are secure and effective.

Core Impact users can save time by finding all the up-to-date exploits they need in one place. We provide a robust library of exploits designed to enable pen testers to safely and efficiently conduct successful penetration tests. Whether written by our own internal team or by a third party like ExCraft, you can trust they have been thoroughly tested and validated by our experts.

The universe of vulnerabilities is huge and not all of them represent the same risk for the customers. Vulnerabilities do not all have the same level of criticality. Some may be easily exploitable by a low-level user, while others may not be exploitable at all. To increase the efficiency of the attacks and the quality of the exploits provided, the Core Impact team has developed selection criteria to prioritize its analysis and implementation. We determine which exploits warrant creation based on the following questions:

  • What are the most critical attacks from the attacker’s perspective?
  • What new vulnerabilities are more likely to be exploited in real attacks?
  • What exploits are the most valuable for Core Impact?

Once an exploit is approved, its priority order considers the following variables: 

  • Vulnerability Properties: CVE, disclosure date, access mechanism and privileges needed. 
  • Target Environment Setup: OS, application prevalence, version and special configurations needed. 
  • Value Provided to Core Impact: Customer request, usage in multiple attacks, allows the installation of an agent, etc. 
  • Technical Cost vs. Benefit: An analysis weighing the resources needed to build an exploit with the internal and external knowledge gained in its creation. 

Each one of these variables has a different weight and provides a ranking of the potential exploits to be developed. Following those criteria, the top of the list would contain, for example, a vulnerability on Windows (most popular OS) that can be exploited remotely, without authentication and that provides super user privileges. 

Correspondingly, a vulnerability on an application that is rarely installed, needs special configurations, and requires User Interaction, would be at the bottom.

Stay Informed of New Core Certified Exploits

Subscribe to receive regular email updates on new exploits available for Core Impact

Browse the Core Certified Exploit Library

We provide pen testers with real-time updates for a wide range of exploits for different platforms, operating systems, and applications. 

Search our continuously growing library to discover an exploit that will allow you to gain and retain access on the target host or application.

Title Description Date Added CVE Link Exploit Platform Exploit Type Product Name
Wireshark riched20 DLL Hijacking Exploit The vulnerability is caused due to the application loading a library

(riched20.dll.dll) in an insecure manner. This can be exploited to

load arbitrary libraries by tricking a user into e.g. opening a e.g.

".pcap" file located on a remote WebDAV or SMB share. 		CVE-2016-2521 Windows Exploits / Client Side Impact Professional
Reprise License Manager akey Buffer Overflow Vulnerability The vulnerability is caused due to a boundary error when handling the

"akey" POST parameter related to /goform/activate_doit, which can be

exploited to cause a stack-based buffer overflow via a specially

crafted HTTP request. 		NOCVE-9999-75007 Windows Exploits / Remote Impact Professional
Ruby on Rails Action Pack Inline Exec Exploit Action Pack in Ruby on Rails allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method. CVE-2016-2098 Linux Exploits / OS Command Injection / Known Vulnerabilities Impact Professional
JBoss EJBInvokerServlet Java Deserialization Vulnerability Remote Code Execution Exploit JBoss Application Server is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary java objects leading to remote code execution.

This vulnerability affects the EJBInvokerServlet component of the server. 		NOCVE-9999-75005 Windows, Linux Exploits / Remote Code Execution Impact Professional
AutoBase NetServer DoS Remote Denial Of Service in AutoBase Network Server 10.2.6.1 Denial of Service / Remote SCADA
Rapid Scada Arbitrary File Download This module exploits a vulnerability in Rapid Scada server. Windows Exploits / Remote File Disclosure SCADA
Century Star Denial Of Service Vulnerability Remote Denial Of Service in Century Star Windows Denial of Service / Remote SCADA
Symantec Endpoint Manager PowerPoint Misaligned Stream-Cache Privilege Escalation Exploit The vulnerability resides in parsing crafted Microsoft PowerPoint documents and produces a buffer overflow in the stack, leading to a privilege escalation to System. CVE-2016-2209 Windows Exploits / Local Impact Professional
Microsoft Windows WPAD BadTunnel Exploit (MS16-077) This module exploits a vulnerability in Windows Netbios cache by flooding crafted NBNS responses. CVE-2016-3236 Windows Exploits / Client Side Impact Professional
Drupal RESTWS Module PHP Remote Command Injection Exploit RESTWS alters the default page callbacks for entities to provide additional functionality. A vulnerability in this approach allows an unauthenticated attacker to send specially crafted requests resulting in arbitrary PHP execution. NOCVE-9999-75002 Linux Exploits / OS Command Injection / Known Vulnerabilities Impact Professional
Jenkins JRMP Java Library Deserialization Vulnerability Remote Code Execution Exploit The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener. CVE-2016-0788 Windows, Linux Exploits / Remote Impact Professional
FreeBSD atkbd SETFKEY Ioctl Privilege Escalation Exploit Update Incorrect signedness comparison in the ioctl handler of the atkbd keyboard driver in the FreeBSD kernel can be leveraged by a local unprivileged user to overwrite a portion of the kernel memory, thus allowing the attacker to gain root privileges on the affected system.



This update improves the checking of preconditions before launching the attack. 		CVE-2016-1886 FreeBSD Exploits / Local Impact Professional
WECON LeviStudio PLC HmiSet Type Buffer Overflow Exploit This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists in the handling of LeviStudio Project files. By providing an overly long HmiSet Type XML attribute, an attacker can overflow a stack-based buffer and execute arbitrary code in the context of the current process. 		NOCVE-9999-74997 Windows Exploits / Client Side Impact Professional
Microsoft Internet Explorer VBScript AccessArray Redefinition Exploit The AccessArray function in the VBScript engine of Internet Explorer is prone to a redefinition attack.

By accessing a VBScript array using a specially crafted object as the index, it is possible to resize the array in the middle of the AccessArray function, leaving the array in an inconsistent state, which can be abused by an attacker to execute arbitrary code on systems running vulnerable versions of Internet Explorer.

 CVE-2016-0189 Windows Exploits / Client Side Impact Professional
Solarwinds Virtualization Manager Java JMX-RMI Remote Code Execution Exploit The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. CVE-2016-3642 Linux Exploits / Remote Impact Professional
Apache Struts 2 REST Plugin Remote Code Execution Exploit The REST plugin in the Apache Struts 2 framework is prone to a remote code execution vulnerability when evaluating OGNL expressions when Dynamic Method Invocation is enabled.

This vulnerability allows remote attackers to execute arbitrary Java code on the affected server.



This module exploits the vulnerability in any web application built on top of vulnerable versions of Apache Struts 2 making use of the REST plugin with the Dynamic Method Invocation feature enabled. 		CVE-2016-3087 Windows, Linux Exploits / OS Command Injection / Known Vulnerabilities Impact Professional
Microsoft Windows WPAD Elevation of Privilege Exploit (MS16-077) An elevation of privilege vulnerability exists in Microsoft Windows when the Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process. An attacker who successfully exploited this vulnerability could bypass security and gain elevated privileges on a targeted system. CVE-2016-3213 Windows Exploits / Local Impact Professional
Cogent Datahub DoS Remote Denial Of Service in DataHub. Windows Denial of Service / Remote SCADA
ICONICS SCADA WebHMI Remote Arbitrary empty File Create 2 This module will listen for HTTP requests from vulnerable clients and queue client side exploits as HTTP responses. Exploits / Client Side SCADA
ICONICS SCADA WebHMI Remote Arbitrary empty File Create 3 This module will listen for HTTP requests from vulnerable clients and queue client side exploits as HTTP responses. Exploits / Client Side SCADA
ICONICS SCADA WebHMI Remote Arbitrary empty File Create 1 This module will listen for HTTP requests from vulnerable clients and queue client side exploits as HTTP responses. Exploits / Client Side SCADA
Acunetix Web Vulnerability Scanner GUI Html Script Injection Exploit Acunetix Web Vulnerability Scanner 10.0 build 20160216 and previous versions, allows remote attackers to execute arbitrary JavaScript code in the context of the scanner GUI.

The flaw exists in the way Acunetix WVS render some html elements inside it's GUI, using jscript.dll without any concern about unsafe ActiveX object such as WScript.shell.

This module also abuses of a second vulnerability affecting the Acunetix Web Vulnerability Scanner Scheduler to gain SYSTEM privileges. 		NOCVE-9999-74978 Windows Exploits / Client Side Impact Professional
FreeBSD atkbd SETFKEY Ioctl Privilege Escalation Exploit Incorrect signedness comparison in the ioctl handler of the atkbd keyboard driver in the FreeBSD kernel can be leveraged by a local unprivileged user to overwrite a portion of the kernel memory, thus allowing the attacker to gain root privileges on the affected system.

 CVE-2016-1886 FreeBSD Exploits / Local Impact Professional
Trend Micro InterScan Web Security Virtual Appliance testConfiguration OS Command Injection Exploit Trend Micro InterScan Web Security Virtual Appliance is prone to an OS command injection vulnerability when handling HTTP requests for the /rest/testConfiguration resource.

This vulnerability can be leveraged by a remote, unauthenticated attacker to execute arbitrary code on the vulnerable server.

 NOCVE-9999-74988 Linux Exploits / Remote Impact Professional
Joomla User Agent Object Injection Exploit Update This module exploits a remote code execution vulnerability in Joomla. The session handling code is susceptible to PHP Object Injection attacks due to lack of sanitization in some HTTP headers that are saved to the database session backend.



This update fixes an issue which made the exploit abort before running.

 CVE-2015-8562 Linux Exploits / OS Command Injection / Known Vulnerabilities Impact Professional