Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
01.05.2011 Mantis Manage_proj_page Remote Code Execution Exploit Update 5 This module exploits a Remote Code Execution vulnerability in Mantis version 1.1.3 when handling the sort parameter in manage_proj_page without the proper validation that leads to a remote code execution on Mantis' Web server. This update adds support for the OSX platform. CVE-2008-4687 Exploits/Remote Solaris, Linux, Windows, AIX, Mac OS X
12.02.2009 MSRPC CA ARCserve Backup Command Injection Exploit CA BrightStor ARCserve Backup is prone to a command injection vulnerability on the RPC interface that could permit the execution of arbitrary remote code. A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer. CVE-2008-4397 Exploits/Remote Windows
11.23.2008 Microsoft Windows SMB Buffer Underflow Exploit (MS08-063) This module exploits a Windows kernel remote vulnerability on the srv.sys driver via a malformed SMB packet. CVE-2008-4038 Exploits/Remote Windows
10.03.2012 Novell File Reporter NFRAgent VOL Tag Buffer Overflow Exploit The vulnerability exists within NFRAgent.exe listening on TCP port 3037. When parsing tags inside the VOL element, the process performs insufficient bounds checking on user-supplied data prior to copying it on the stack. NOCVE-9999-54601 Exploits/Remote Windows
07.13.2011 Novell File Reporter Engine RECORD Tag Parsing Exploit This module exploits a buffer overflow in Novell File Reporter by sending a specially crafted packet. CVE-2011-2220 Exploits/Remote Windows
08.04.2014 Easy File Management Web Server UserID Cookie Handling Buffer Overflow Exploit The vulnerability is caused due to a boundary error when parsing the "UserID" value in the session cookie, which can be exploited to cause a stack-based buffer overflow. NOCVE-9999-65448 Exploits/Remote Windows
05.31.2010 HP OpenView NNM getnnmdata CGI Buffer Overflow Exploit This module exploits a stack-based buffer overflow in HP OpenView Network Node Manager by sending a specially crafted request to getnnmdata.exe. CVE-2010-1553 Exploits/Remote Windows
06.11.2012 RabidHamster R4 Log Entry sprintf Buffer Overflow Exploit A stack overflow found in RabidHamster R4's web server by supplying a malformed HTTP request when generating a log. NOCVE-9999-52541 Exploits/Remote Windows
05.19.2010 Vermillion FTP Daemon Buffer Overflow Exploit Update 2 The vulnerability is caused due to a boundary error with the handling of PORT commands. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted command passed to the affected server. This update fix the Connect to connection method for some virtual machines. NOCVE-9999-41966 Exploits/Remote Windows
06.06.2012 MSRPC DCOM Exploit Update 2 This Update adds MS03-026 in XML. CVE-2003-0352 Exploits/Remote Windows
02.12.2007 telnetd solaris -f root exploit This is a remote exploit for an Authentication bypass vulnerability present in telnetd daemon for Solaris 10. CVE-2007-0882 Exploits/Remote Solaris
02.11.2014 Panda Security for Business Pagent MESSAGE_FROM_REMOTE Path Traversal Exploit The Pagent service component of Panda Security for Business is prone to a path traversal vulnerability when handling MESSAGE_FROM_REMOTE packets. This vulnerability can be exploited by remote unauthenticated attackers to drop arbitrary files in the vulnerable machine in order to gain remote code execution with SYSTEM privileges. NOCVE-9999-62132 Exploits/Remote Windows
08.04.2013 freeSSHd SSH Server Authentication Bypass Remote Code Execution Exploit Update This update modifies the application version displayed in Quick Information CVE-2012-6066 Exploits/Remote Windows
10.24.2011 Samba Username Map Script Command Injection Exploit The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the SamrChangePassword function, when the "username map script" smb.conf option is enabled. CVE-2007-2447 Exploits/Remote Linux
03.20.2013 BigAnt Server DUPF Command Arbitrary File Upload Exploit BigAnt Server is prone to an arbitrary file upload and execute through a DUPF command. CVE-2012-6274 Exploits/Remote Windows
01.17.2010 HP OpenView Storage Data Protector Remote Buffer Overflow Exploit Update This module exploits a remote buffer overflow in the OmniInet.exe service included in the HP OpenView Storage Data Protector application by sending a malformed MSG_PROTOCOL packet. This update adds support for HP OpenView Storage Data Protector 6.0 and for Windows XP and Vista. CVE-2009-3844 Exploits/Remote Windows
11.06.2007 HP Linux Imaging and Printing exploit A vulnerability has been identified in HP Linux Imaging and Printing System (HPLIP), which could be exploited by local attackers to obtain elevated privileges. This issue is caused by input validation errors in the hpssd daemon that does not validate user-supplied data before being passed to a popen3() call, which could be exploited by malicious users to inject and execute arbitrary commands with root privileges. This package include local and remote versions of the exploit. CVE-2007-5208 Exploits/Remote Linux, FreeBSD
11.01.2012 HP Data Protector EXEC_CMD Exploit Update This module exploits a buffer overflow vulnerability in HP Data Protector by sending a specially crafted EXEC_CMD request. This update fixes an issue when using InjectorEgg. CVE-2011-1866 Exploits/Remote Windows
10.18.2009 TFTPServer SP Buffer Overflow Exploit Update This module exploits a buffer overflow vulnerability in the handling of Error Packet for overwrite all the .bss section and some portion of the .idata section. This module add the service specification tag. CVE-2008-2161 Exploits/Remote Windows
06.21.2012 PHP-CGI Argument Injection Exploit Update This module exploits an argument injection vulnerability in PHP up to version 5.3.12 and 5.4.2 when running as a standalone CGI processor and takes advantage of the -d flag to achieve remote code execution. This update adds support for FreeBSD, OpenBSD, RedHat and Windows platforms. CVE-2012-1823 Exploits/Remote Windows, OpenBSD, Linux, FreeBSD
05.12.2011 HP OpenView NNM nnmRptConfig Template CGI Buffer Overflow Exploit This module exploits a stack-based buffer overflow in the nnmRptConfig.exe CGI application, a component of HP OpenView Network Node Manager, by sending a specially crafted packet. CVE-2011-0270 Exploits/Remote Windows
05.03.2007 CA BrightStor ARCserve Backup mediasvr.exe Exploit This module exploits a buffer overflow vulnerability in the CA BrightStor ARCserve Backup mediasvr.exe. The vulnerability is caused by an input validation error in the mediasvr.exe component when it processes specially crafted RPC requests. CVE-2007-1785 Exploits/Remote Windows
02.06.2012 NetTerm NetFTPD USER Buffer Overflow Exploit An internal memory buffer may be overrun while handling long "USER" command. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the NetTerm NetFTPD.exe process. CVE-2005-1323 Exploits/Remote Windows
05.01.2006 Novell Messenger Server Exploit This module sends a http request at nmma.exe service producing a buffer overflow and installs an agent. CVE-2006-0992 Exploits/Remote Windows
11.23.2011 General Electric ihDataArchiver Service Remote Buffer Overflow Exploit This module exploits a remote buffer overflow vulnerability in the ihDataArchiver.exe service included in several GE SCADA applications by sending a malformed packet to the 14000/TCP port. CVE-2011-1918 Exploits/Remote Windows
01.22.2008 MySQL yaSSL Exploit update This update adds support for Linux, Freebsd and additional MySQL versions. CVE-2008-0226 Exploits/Remote Windows, Linux, FreeBSD
05.09.2013 Schneider Electric Accutech Manager Heap Overflow Exploit This module exploits a heap overflow vulnerability in the Schneider Electric Accutech Manager Server by sending a malformed packet to the 2537/TCP port to execute arbitrary code or crash the server. CVE-2013-0658 Exploits/Remote Windows
11.27.2007 Tivoli Storage Manager Exploit This module exploits a stack-based buffer overflow in the IBM Tivoli Storage Manager Express CAD Service 5.3. CVE-2007-4880 Exploits/Remote Windows
10.22.2009 Microsoft Windows TCPIP Timestamp Remote DoS (MS09-048) This module exploits a memory corruption in the Microsoft Windows TCP/IP implementation by sending a sequence of TCP/IP packets with a specially crafted Timestamp values. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-1925 Exploits/Remote Windows
10.21.2014 SolidWorks Workgroup PDM 2014 Opcode 2001 Remote Code Execution Exploit Update A stack buffer overflow occurs when copying a user supplied input to a fixed size stack buffer without boundary check leading to overwrite the SEH and the return address. The copying procedure stops when a null word is found and no size check is proceeded. NOCVE-9999-65834 Exploits/Remote Windows

Pages