CORE Impact Pro Exploits and Security Updates

When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.

Use the controls below to navigate CORE Impact exploits and other modules.

Released Date Titlesort ascending Description Vulnerabilty Category Platform
08.29.2010 Xion M3U Buffer Overflow Exploit The vulnerability is caused due to a boundary error in Xion when handling .M3U files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .M3U file. NOCVE-9999-44931 Exploits/Client Side Windows
08.21.2012 Xenorate XPL File Buffer Overflow Exploit Xenorate is prone to a buffer-overflow. The program fails to properly sanitize user-supplied input with a specially crafted XPL file. NOCVE-9999-53630 Exploits/Client Side Windows
11.15.2007 Xen Pygrub Command Injection exploit for Impact 7.5 This module exploits a command injection error in tools/pygrub/src/GrubConf.py. This can be exploited by "root" users of a guest domain to execute arbitrary commands in domain 0 via specially crafted entries in grub.conf when the guest system is booted. CVE-2007-4993 Exploits/Local Linux
11.07.2007 Xen Pygrub Command Injection exploit This module exploits a command injection error in tools/pygrub/src/GrubConf.py. This can be exploited by "root" users of a guest domain to execute arbitrary commands in domain 0 via specially crafted entries in grub.conf when the guest system is booted. CVE-2007-4993 Exploits/Local Linux
05.25.2009 XBMC GET Request Remote Buffer Overflow Exploit This module exploits a vulnerability in XBMC by sending a specially crafted, overly long HTTP GET request to the application's web server which causes a stack-based buffer overflow, allowing arbitrary code execution. NOCVE-9999-37459 Exploits/Remote Windows
12.04.2012 Xampp webdav PHP Upload Exploit This module attacks default XAMPP installations and abuses the use of default credentials for webdav. The module can also be configured to take advantage of user supplied credentials. NOCVE-9999-53594 Exploits/Remote Windows
11.15.2011 Xampp php_self Cross Site Scripting Exploit XAMPP suffers from multiple XSS issues in several scripts that use the 'PHP_SELF' variable. The vulnerabilities can be triggered in the 'xamppsecurity.php', 'cds.php' and 'perlinfo.pl' because there isn't any filtering to the mentioned variable in the affected scripts. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user's browser session. NOCVE-9999-50264 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
10.18.2006 WS_FTP 5.05 XMD5 buffer overflow exploit This module exploits a stack overflow in WS_FTP 5.05 in XMD5 command and installs an agent. CVE-2006-5000 Exploits/Remote Windows
04.18.2011 Wordtrainer ORD File Buffer Overflow Exploit The vulnerability is caused due to boundary errors in Wordtrainer 3.0 within the processing of .ORD files. This can be exploited to cause a stack-based buffer overflow when the victim opens a specially crafted file with an overly long supplied data. NOCVE-9999-47844 Exploits/Client Side Windows
06.11.2009 Wordpress Weak Authentication Exploit An attacker, able to register a specially crafted username on a Wordpress 2.5 installation, will also be able to generate authentication cookies for other chosen accounts. This vulnerability exists because it is possible to modify authentication cookies without invalidating the cryptographic integrity protection. The proper way to exploit this vulnerability is to use a Wordpress account which its username starts with the word "admin", for example "admin99". This exploit will not be shown on WebApps reports. CVE-2008-1930 Exploits/Authentication Weakness
06.05.2013 Wordpress W3 Total Cache PHP Remote Code Execution Exploit This module exploits a vulnerability in W3 Total Cache plugin for Wordpress. Certain macros such as mfunc allow to inject PHP code into comments. By injecting a crafted comment into a valid post an attacker can execute arbitrary PHP code on systems running vulnerable installations of W3 Total Cache. CVE-2013-2010 Exploits/Remote Linux
08.27.2009 Wordpress Password Reset Exploit A weakness has been reported in WordPress which can be exploited to bypass certain security restrictions. The weakness is due to a bug within the password reset functionality when verifying the secret key. This can be exploited to reset the password of the first user without a key in the database (usually administrator) without providing the correct secret key. NOCVE-9999-39525 Exploits/Authentication Weakness
04.12.2010 Wordpress NextGEN Gallery Plugin Cross Site Scripting Exploit This vulnerability results from a reflected unsanitized input that can be crafted into an attack by a malicious user by manipulating the 'mode' parameter of the xml/media-rss.php script. Version 1.5.1 is verified as vulnerable, older versions are probably vulnerable too but they were not tested at this time. CVE-2010-1186 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
01.25.2010 Wordpress Google Analytics Plugin Cross-Site Scripting Exploit Input passed to the "s" parameter in index.php is not properly sanitised before being returned to the user in googleanalytics.php. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. NOCVE-9999-41354 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
02.05.2008 WordPerfect X3 Printer Selection exploit update The vulnerability is caused due to boundary errors in wordperfect within the processing of WPD files. Wordperfect X3 fails to check the length of the printer selection (.PRS) filename stored inside Wordperfect documents, allowing an attacker to cause a stack overflow in order to execute arbitrary code. This update changes the injection method of the agent. CVE-2007-1735 Exploits/Client Side Windows
01.31.2008 WordPerfect X3 Printer Selection exploit The vulnerability is caused due to boundary errors in wordperfect within the processing of WPD files. Wordperfect X3 fails to check the length of the printer selection (.PRS) filename stored inside Wordperfect documents, allowing an attacker to cause a stack overflow in order to execute arbitrary code. CVE-2007-1735 Exploits/Client Side Windows
08.03.2011 Word List Builder DIC File Buffer Overflow Exploit This module exploits a stack-based buffer overflow in Word Builder which is triggered by a malformed DIC file. NOCVE-9999-48662 Exploits/Client Side Windows
05.08.2008 WonderWare SuiteLink slssvc.exe DoS WonderWare is supplier of industrial automation and information software solutions. According to the company's website: * one third of the world's plants run Wonderware software solutions. Having sold more than 500,000 software licenses in over 100,000 plants worldwide, Wonderware has customers in virtually every global industry - including Oil and Gas, Food and Beverage, Utilities, Pharmaceuticals, Electronics, Metals, Automotive and more The vulnerability found in Wonderware SuiteLink Service (slssvc.exe) could allow an un-authenticated remote attacker with the ability to connect to the SuiteLink service TCP port to shutdown the service abnormally by sending a malformed packet. CVE-2008-2005 Denial of Service/Remote Windows
02.03.2011 WMI Administrative Tools ActiveX Exploit This module exploits a vulnerability in the WBEMSingleView.ocx control included in the WMI Tools ActiveX application. The exploit is triggered when the OpenURL() method processes a long string argument resulting in a stack-based buffer overflow. CVE-2010-3973 Exploits/Client Side Windows
07.23.2013 WM Downloader M3U Buffer OverFlow Exploit WM Downloader contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in WM Downloader when handling .M3U files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .M3U file. NOCVE-9999-51869 Exploits/Client Side Windows
03.11.2008 WireShark SNMP Dissector DoS This module exploits a vulnerability in the WireShark SNMP dissector, sending a specially crafted SNMP packet, causing WireShark to crash. CVE-2008-1071 Denial of Service/Remote Windows
02.09.2011 Wireshark PROFINET Dissector Format String Exploit Update Wireshark is prone to a format-string vulnerability. Attackers can leverage this issue to execute arbitrary code within the context of the vulnerable application. Failed attacks will likely cause denial-of-service conditions. This update adds windows 7 support. CVE-2009-1210 Exploits/Remote Windows
07.28.2009 Wireshark PROFINET Dissector Format String Exploit Wireshark is prone to a format-string vulnerability. Attackers can leverage this issue to execute arbitrary code within the context of the vulnerable application. Failed attacks will likely cause denial-of-service conditions. CVE-2009-1210 Exploits/Remote Windows
04.25.2011 Wireshark packet dect Stack Buffer Overflow Exploit This module exploits a stack buffer overflow in Wireshark when opening a crafted .PCAP file, resulting in arbitrary code execution. This module bypass DEP using ROP techniques. CVE-2011-1591 Exploits/Client Side Windows
04.26.2011 Wireshark packet dect Remote Stack Buffer Overflow Exploit A heap-based buffer overflow was found in the DECT dissector of Wireshark. A remote attacker could use this flaw to cause the Wireshark executable to crash or potentially to execute arbitrary code with the privileges of the user running Wireshark. CVE-2011-1591 Exploits/Remote Windows
10.16.2011 WireShark openSAFETY Dissector DoS This module exploits a vulnerability in the WireShark openSAFETY dissector, sending a specially crafted openSAFETY packet over UDP, causing WireShark to crash. CVE-2011-3484 Denial of Service/Remote Windows
05.27.2014 Wireshark MPEG File Parser Buffer Overflow Exploit An error within the MPEG file parser can be exploited to cause a buffer overflow via a specially crafted packet trace file. CVE-2014-2299 Exploits/Client Side Windows
02.08.2010 WireShark LWRES Dissector Buffer Overflow Exploit Update This module exploits a stack-based buffer overflow in the WireShark LWRES dissector by sending a specially crafted LWRES packet. This update adds support for more WireShark versions. CVE-2010-0304 Exploits/Remote Windows
02.07.2010 WireShark LWRES Dissector Buffer Overflow Exploit This module exploits a stack-based buffer overflow in the WireShark LWRES dissector by sending a specially crafted LWRES packet. CVE-2010-0304 Exploits/Remote Windows
10.16.2011 WireShark LUA Script File Code Execution Exploit This module exploits a vulnerability to make WireShark run an arbitrary LUA script using a method similar to DLL hijacking when opening a .PCAP file. CVE-2011-3360 Exploits/Client Side Windows

Pages