Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
12.06.2011 MyBB Backdoor Remote Code Execution Exploit Update A backdoor introduced in the source code of MyBB allows remote unauthenticated attackers to execute arbitrary code on systems running vulnerable installations of MyBB. This update adds support for the Solaris platform. NOCVE-9999-49723 Exploits/Remote Windows, Solaris, Linux, FreeBSD
10.29.2012 Symantec Messaging Gateway SSH Support Account Exploit This module exploits a default password vulnerability in Symantec Messaging Gateway. CVE-2012-3579 Exploits/Remote Linux
01.27.2010 OracleDB AUTH_SESSKEY Remote Buffer Overflow Exploit Update This module exploits a vulnerability in the Oracle Database Server. The vulnerability is triggered when the server processes a long string inside the AUTH_SESSKEY property resulting in a stack-based buffer overflow. This update adds support for Windows 2003 SP2 and Oracle 10.2.0.4. CVE-2009-1979 Exploits/Remote Windows
12.04.2007 IBM Lotus Domino IMAP Server Buffer Overflow Exploit Update This module exploits a buffer overflow vulnerability in a Lotus Domino IMAP Server and installs an agent if successful. This vulnerability can be exploited remotely and it does not require user authentication. This update adds support for Lotus Domino for windows versions 6.5, 7.0.1, 7.0.1FP1, and 7.0.2. CVE-2007-1675 Exploits/Remote Windows, AIX
04.28.2011 ProFTPD Telnet IAC Buffer Overflow Exploit This module exploits a stack overflow vulnerability in proftpd in order to install an agent. The vulnerability is within the function pr_netio_telnet_gets(). The issue is triggered when processing specially crafted Telnet IAC packets delivered to the FTP server. CVE-2010-4221 Exploits/Remote AIX, FreeBSD
12.29.2008 NaviCOPA Web Server Remote Buffer Overflow Exploit The vulnerability is caused due to a boundary error within the handling of HTTP GET requests. This may allow execution of arbitrary code by sending an overly long, specially crafted HTTP GET request to the server. CVE-2006-5112 Exploits/Remote Windows
09.19.2007 Novell Messenger Server exploit update This package updates the Novell Messenger Server exploit. CVE-2006-0992 Exploits/Remote Windows
05.16.2006 DCERPC Authentication and Encryption support This update will add DCERPC encryption to some MSRPC exploits. The result is that, when enabled, all the 'Stub data' for DCERPC requests will be encrypted, thus hiding the real content. CVE-2005-1985 Exploits/Remote Windows
12.03.2012 Basilic diff PHP Code Execution Exploit This module abuses a metacharacter injection vulnerability in the diff.php script. This flaw allows an unauthenticated attacker to execute arbitrary commands as the www-data user account. NOCVE-9999-53067 Exploits/Remote Solaris, Linux, Mac OS X
08.26.2009 Symantec Intel Alert Originator Service Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the Intel Alert Originator service by sending a specially crafted packet to the 38292/TCP port. CVE-2009-1430 Exploits/Remote Windows
08.28.2014 SolidWorks Workgroup PDM 2014 Opcode 2001 Remote Code Execution Exploit A stack buffer overflow occurs when copying a user supplied input to a fixed size stack buffer without boundary check leading to overwrite the SEH and the return address. The copying procedure stops when a null word is found and no size check is proceeded. NOCVE-9999-65834 Exploits/Remote Windows
07.03.2012 Netmechanica NetDecision HTTP Server Buffer Overflow Exploit Update A buffer overflow in NetDecision's HTTP service is exploited when a long URL is managed by the HTTP Server's active window. For successfull exploitation, the victim need to have the HttpSvr's window open. This version add CVE. CVE-2012-1465 Exploits/Remote Windows
02.07.2011 Quick TFTP Server Pro Mode Remote Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in Quick TFTP Server Pro when processing a very large mode field in a read or write request. CVE-2008-1610 Exploits/Remote Windows
11.08.2009 BigAnt IM Server HTTP GET Request Remote Buffer Overflow Exploit Update This module exploits a vulnerability in the AntServer Module (AntServer.exe) that can be exploited to cause a stack-based buffer overflow by sending a specially crafted, overly long HTTP GET request to default port 6660/TCP. This update adds support for the latest version of the software, which is still vulnerable to the attack. CVE-2008-1914 Exploits/Remote Windows
08.24.2006 MSRPC RRAS Exploit This module exploits a stack overflow in the Windows Routing and Remote Access Service (MS06-025) CVE-2006-2370 Exploits/Remote Windows
09.07.2011 Microsoft Windows Print Spooler Service Impersonation Exploit Reliability Enhancement This updates improves the reliability and AV Evasion capabilities of the Microsoft Windows Print Spooler Service Impersonation Exploit, Package and Register, Send Agent by Email, Install agent using SMB and Install agent using SSH modules when run against Windows targets. CVE-2010-2729 Exploits/Remote Windows
05.22.2011 IBM Lotus Domino NSFComputeEvaluateExt Buffer Overflow Exploit This module exploits a stack-based buffer overflow vulnerability in IBM Lotus Domino by sending a specially crafted HTTP request to the Web Administration Interface. NOCVE-9999-48010 Exploits/Remote Windows
10.09.2014 HP Network Node Manager I ovopi Option -L Buffer Overflow Exploit This module exploits a stack-based buffer overflow in ovopi.dll which listens by default on a UDP port 696. When parsing option -L, the process blindly copies user supplied data into a fixed-length buffer allowing for an arbitrary write to occur. CVE-2014-2624 Exploits/Remote Windows
06.04.2012 OpenSSH unexpected PAM authentication exploit Update This module exploits an error in the PAM authentication code and installs an agent into the target host. This update improves the reliability of the exploit. CVE-2003-0786 Exploits/Remote Solaris, Linux
11.23.2009 HP Power Manager Administration Remote Buffer Overflow Exploit This module exploits a remote buffer overflow in the HP Power Manager Administration Web Server by sending a specially crafted POST request. CVE-2009-2685 Exploits/Remote Windows
04.12.2012 Netmechanica NetDecision HTTP Server Buffer Overflow Exploit A buffer overflow in NetDecision's HTTP service is exploited when a long URL is managed by the HTTP Server's active window. For successfull exploitation, the victim need to have the HttpSvr's window open. CVE-2012-1465 Exploits/Remote Windows
10.09.2013 Foscam Path Traversal Exploit This module exploits a path traversal vulnerability on Foscam IP cameras and commit a camera agent. CVE-2013-2560 Exploits/Remote
01.10.2008 SAP MaxDB Remote Command Injection Exploit This module installs an agent using a remote command-injection vulnerability located in the database server. CVE-2008-0244 Exploits/Remote Windows
10.29.2006 SQL Server Hello exploit update This module exploits a vulnerability in Microsoft SQL Server. This update improves the exploit reliability and adds support for Windows 2003 CVE-2002-1123 Exploits/Remote Windows
07.10.2008 IBM Lotus Sametime StMux Remote Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the Community Services Multiplexer (StMux.exe) by requesting a specially crafted URL. CVE-2008-2499 Exploits/Remote Windows
06.23.2005 MSRPC MSMQ Buffer Overflow exploit This module exploits a buffer overflow in the Message Queuing component of Microsoft Windows allowing remote attackers to execute arbitrary code via a crafted message and installing an agent. CVE-2005-0059 Exploits/Remote Windows
09.30.2009 MS SMB 2.0 Negociate Protocol Request Remote BSOD Exploit Update This update improves the exploit reliability. This module exploits a vulnerability on srv2.sys via a SMB 2 malformed packet. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-3103 Exploits/Remote Windows
02.28.2011 Quick n Easy FTP Server Login DoS This module shuts down the Quick 'n Easy FTP Server because it fails to properly handle user-supplied malformed packets when login. CVE-2009-1602 Exploits/Remote Windows
11.10.2013 Ultra Mini HTTPD Stack Buffer Overflow Exploit Update The vulnerability is caused due to a boundary error within Mini HTTPD when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. Arbitrary code can be directly executed by overwriting a return address. This update only adds CVE Number. CVE-2013-5019 Exploits/Remote Windows
10.18.2010 Disk Pulse Server GetServerInfo Request Buffer Overflow Exploit A vulnerability exists in the way Disk Pulse Server v2.2.34 process a remote clients "GetServerInfo" request.The vulnerability is caused due to a boundary error in libpal.dll when handling network messages and can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 9120. NOCVE-9999-45456 Exploits/Remote Windows

Pages