Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Titlesort descending Description Vulnerabilty Category Platform
12.02.2010 010 Editor wintab32 DLL Hijacking Exploit 010 Editor is prone to a vulnerability that may allow the execution of any library file named wintab32.dll, if this dll is located in the same folder than a .HEX file. NOCVE-9999-46107 Exploits/Client Side Windows
12.11.2008 3Com TFTP Transporting Mode Buffer Overflow Exploit This module exploits a buffer overflow vulnerability during the processing of TFTP Read/Write request packet types and cause a stack-based buffer overflow by sending a specially crafted packet with an overly long mode field. CVE-2006-6183 Exploits/Remote Windows
05.22.2012 3D Life Player WebPlayer ActiveX Buffer Overflow Exploit A boundary error exists in the WebPlayer ActiveX control when processing the "SRC" property with an overly long string. NOCVE-9999-52362 Exploits/Client Side Windows
04.22.2013 3S CoDeSys Gateway Server Arbitrary File Upload Exploit 3S Codesys Gateway Server is prone to a directory traversal vulnerability that allows arbitrary file creation. CVE-2012-4705 Exploits/Remote Windows
04.18.2011 7T Interactive Graphical SCADA System IGSSdataServer Remote Buffer Overflow Exploit This module exploits a remote stack-based buffer overflow in IGSSdataServer by sending a malformed packet to the 12401/TCP port. CVE-2011-1567 Exploits/Remote Windows
05.25.2011 7T Interactive Graphical SCADA System IGSSdataServer Remote Buffer Overflow Exploit Update This module exploits a remote stack-based buffer overflow in IGSSdataServer by sending a malformed packet to the 12401/TCP port. This version add CVE. CVE-2011-1567 Exploits/Remote Windows
02.24.2011 7T Interactive Graphical SCADA System ODBC Server Remote Memory Corruption DoS This module exploits a memory corruption vulnerability in the IGSS ODBC Server by sending a malformed packet to the 20222/TCP port to crash the application. NOCVE-9999-47172 Denial of Service/Remote Windows
08.19.2010 A-PDF WAV to MP3 Converter Buffer Overflow Exploit A-PDF WAV to MP3 Converter contains a buffer prone to exploitation via an crafted WAV file. NOCVE-9999-44866 Exploits/Client Side Windows
12.12.2013 ABB MicroSCADA Wserver Buffer Overflow Exploit This vulnerability is a buffer overflow and allows remote attackers to execute arbitrary code on vulnerable installations of ABB MicroSCADA Wserver without authentication. The specific flaw exists within the wserver.exe component which listens on TCP port 12221. This component performs insufficient bounds checking on user-supplied data which results in stack buffer ovreflow. NOCVE-9999-61094 Exploits/Remote Windows
05.14.2012 ABB Robot Communications Runtime Buffer Overflow Exploit A buffer overflow exists in a component of the Robot Communication Runtime used in some ABB programs for the communications to the IRC5, IRC5C, and IRC5P robot controllers. CVE-2012-0245 Exploits/Remote Windows
08.02.2013 ABBS Audio Media Player Buffer Overflow Exploit ABBS Audio Media Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in ABBS when handling .lst files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .lst file. NOCVE-9999-58468 Exploits/Client Side Windows
12.05.2010 ACDSee Canvas wintab32 DLL Hijacking Exploit ACDSee Canvas is prone to a vulnerability that may allow the execution of any library file named wintab32.dll, if this dll is located in the same folder than a .CVI file. NOCVE-9999-45899 Exploits/Client Side Windows
09.07.2011 ACDSee FotoSlate dwmapi DLL Hijacking Exploit ACDSee FotoSlate is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .PLP file. NOCVE-9999-49254 Exploits/Client Side Windows
10.05.2011 ACDSee FotoSlate PLP File Buffer Overflow Exploit The vulnerability is caused due to a boundary error when processing the "id" parameter in a Project (PLP) file. CVE-2011-2595 Exploits/Client Side Windows
05.23.2011 ACDSee Photo Editor 2008 XMB File Buffer Overflow Exploit ACDSee Photo Editor is prone to a buffer-overflow vulnerability due to a boundary error when processing XBM image files. NOCVE-9999-47670 Exploits/Client Side Windows
06.03.2009 ACDSee Products TIFF Buffer Overflow Exploit Multiple ACDSee products are prone to a buffer-overflow vulnerability because they fail to perform adequate boundary checks when processing a malformed TIF image. NOCVE-9999-38512 Exploits/Client Side Windows
06.30.2009 ACDSee Products TIFF Buffer Overflow Exploit Update Multiple ACDSee products are prone to a buffer-overflow vulnerability because they fail to perform adequate boundary checks when processing a malformed TIFF image. This update adds support for older ACDSee versions. NOCVE-9999-38512 Exploits/Client Side Windows
02.26.2008 ACDSee XPM File Handling Buffer Overflow Exploit This module exploits a vulnerability in ACDSee Products (ID_X.apl plugin). The vulnerability is caused due to boundary error in ID_X.apl within the processing of xpm files. This can be exploited to cause a stack-based buffer overflow when a specially crafted file is opened. CVE-2007-2193 Exploits/Client Side Windows
12.06.2009 Achievo atksearch Cross Site Scripting Exploit A Reflected Cross Site Scripting vulnerability was found in the atksearch[contractnumber], atksearch_AE_customer[customer] and atksearchmode[contracttype] variables within the 'Organisation Contracts' administration page. This is because the application does not properly sanitise the users input. CVE-2009-2733 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
09.28.2008 Acoustica Beatcraft BCPROJ Buffer Overflow Exploit Acoustica Beatcraft contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Acoustica Beatcraft when handling .BCPROJ files. CVE-2008-4087 Exploits/Client Side
09.16.2008 Acoustica Mixcraft MX4 Buffer Overflow Exploit Acoustica Mixcraft is prone to a buffer-overflow vulnerability in the handling of .MX4 project files, because the application fails to bounds-check user-supplied data, before copying it into an insufficiently sized buffer. CVE-2008-3877 Exploits/Client Side Windows
09.22.2008 Acoustica MP3 CD Burner ASX Buffer Overflow Exploit The vulnerability is caused due to a boundary error when processing malformed ASX playlist files. This can be exploited to cause a stack-based buffer overflow tricking a user into opening a specially crafted playlist file containing a ref tag with an overly long href attribute. CVE-2007-3006 Exploits/Client Side
03.18.2013 ActFax RAW Server Buffer Overflow Exploit A vulnerability in ActFax Server RAW server used to transfer fax messages without protocols. Data fields. @F506,@F605, and @F000 are vulnerable. NOCVE-9999-56765 Exploits/Remote Windows
09.01.2011 ActFax Server FTP User Buffer Overflow Exploit This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing ActFax Server. The vulnerability is caused due to a boundary error when processing an overly long USER name on the FTP Server. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. NOCVE-9999-49018 Exploits/Remote Windows
02.27.2011 ActFax Server LPD-LPR Buffer Overflow Exploit This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing ActFax Server. The vulnerability is caused due to a boundary error when processing an overly long Print Job command on the Line Printer Daemon Server (LPD-Server) . This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. NOCVE-9999-47199 Exploits/Remote Windows
10.19.2008 Active Directory LDAP Request Handling DoS (MS08-060) Active Directory, which is an essential component of the Windows 2000 architecture, presents organizations with a directory service designed for distributed computing environments. Active Directory allows organizations to centrally manage and share information on network resources and users while acting as the central authority for network security. The directory services provided by Active Directory are based on the Lightweight Directory Access Protocol (LDAP) and thus Active Directory objects can be stored and retrieved using the LDAP protocol. A vulnerability in Active Directory allows an attacker to crash and force a reboot of any Windows 2000 Server running the Active Directory service. CVE-2008-4023 Denial of Service/Remote Windows
07.25.2011 ActiveFax Server FTP Buffer Overflow Exploit ActiveFax Server's FTP service has a remote buffer overflow vulnerability that can be exploited by an authenticated atacker. NOCVE-9999-48689 Exploits/Remote Windows
06.19.2007 ActSoft DVD Tools Buffer Overflow Exploit This module exploits a vulnerability in the dvdtools.ocx control included in the ActSoft DVD Tools ActiveX application. The exploit is triggered when the OpenDVD() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. CVE-2007-0976 Exploits/Client Side Windows
03.17.2013 Adobe Acrobat Reader acroform api With Sandbox Bypass Exploit This module exploits a vulnerability in Adobe Reader and Adobe Acrobat Professional .PDF files. The vulnerability is caused due to memory corruption method in acroform.api. This can be exploited to cause code execution when a specially crafted .PDF file is opened in Adobe Reader or is opened embedded in a browser. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. This exploit complements CVE-2013-0640, with sandbox escape. All in one module. CVE-2013-0641 Exploits/Client Side Windows
02.27.2013 Adobe Acrobat Reader acroform.api Exploit This module exploits a vulnerability in Adobe Reader and Adobe Acrobat Professional .PDF files. The vulnerability is caused due to memory corruption method in acroform.api. This can be exploited to cause code execution when a specially crafted .PDF file is opened in Adobe Reader or is opened embedded in a browser. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2013-0640 Exploits/Client Side Windows

Pages