CORE Impact Pro Exploits and Security Updates

When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.

Use the controls below to navigate CORE Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
09.26.2011 Iphone SSH Default Password Exploit This module exploits a default password vulnerability in jailbroken Iphone iOS. NOCVE-9999-49570 Exploits/Remote
11.21.2012 AzeoTech DAQFactory NETB Datagram Parsing Buffer Overflow Exploit A Buffer Overflow exist in DAQFactory service who listens on the UDP port 20034 when logs the informations of the incoming NETB packets. CVE-2011-3492 Exploits/Remote Windows
07.21.2010 Evinco CamShot GET Request Buffer Overflow Exploit This module exploits a vulnerability in the CamShot Module (camshot.exe) that can be exploited to cause a stack-based buffer overflow by sending a specially crafted, overly long HTTP GET request to TCP port where the server is listening. NOCVE-9999-44333 Exploits/Remote Windows
07.25.2011 HP OpenView Performance Insight Server Backdoor Account Code Execution Exploit This module exploits a hidden account in the com.trinagy.security.XMLUserManager Java class. When using this account, an attacker can abuse the com.trinagy.servlet.HelpManagerServlet class and write arbitary files to the system allowing the execution of arbitary code. CVE-2011-0276 Exploits/Remote Windows
12.05.2010 PSOProxy GET Request Buffer Overflow Exploit The vulnerability is caused due to a boundary error within PSOProxy when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. CVE-2004-0313 Exploits/Remote Windows
04.05.2010 MSRPC DCOM Exploit Update This update improves the reliability of the exploit when using Reuse Connection method. CVE-2003-0352 Exploits/Remote Windows
05.28.2014 Yokogawa Centum CS 3000 BKHOdeq Remote Buffer Overflow Exploit This module exploits a stack based buffer overflow in Yokogawa CENTUM CS 3000 by using its BKHOdeq.exe service. The BKHOdeq.exe service, started when running the FCS / Test Function listens by default on TCP/20109, TCP/20171 and UDP/1240. By sending a specially crafted packet to the port TCP/20171 it is possible to trigger a stack based buffer overflow which allows execution of arbitrary code with the privileges of the CENTUM user. CVE-2014-0783 Exploits/Remote Windows
05.04.2010 SAP MaxDB Malformed Handshake Request Exploit Update This module exploits a stack buffer overflow vulnerability in SAP MaxDB by sending a specially crafted packet to 7210/TCP port. This update improves reliability. CVE-2010-1185 Exploits/Remote Windows
04.05.2011 Kingview SCADA HMI HistorySvr Heap Overflow Exploit KingView Scada is vulnerable to a buffer overflow error in the "HistorySvr.exe" module when processing malformed packets sent to port 777/TCP. CVE-2011-0406 Exploits/Remote Windows
03.25.2009 Moodle Tex Filter Remote Code Execution Exploit Upgrade This update adds Windows (XP) to the supported target systems for this exploit. NOCVE-9999-35969 Exploits/Remote Windows, Linux
01.05.2006 MSRPC UMPNPMGR exploit update This module exploits a stack buffer overflow in the Microsoft Windows Plug and Play service and installs a level0 agent (MS05-039). This update adds support for Windows XP Professional (Services packs 0, 1 and 2) and Support for Windows 2003. Exploits/Remote
07.04.2013 ASN.1 Bit String SPNEGO exploit Update Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 encodings that cause arbitrary heap data to be overwritten. This update modifies the runtime value for this exploit. CVE-2003-0818 Exploits/Remote Windows
10.23.2008 Alt-N Security Gateway Remote Buffer Overflow Exploit Update This module exploits a stack-based buffer overflow in the Alt-N Security Gateway by sending a specially crafted HTTP request to the TCP port 4000. This module adds support for Windows 2000 Professional SP4. CVE-2008-4193 Exploits/Remote Windows
12.11.2013 HP Data Protector Cell Manager Opcode 211 Buffer Overflow Exploit A buffer overflow vulnerability in crs.exe when handling requests with opcode 211. CVE-2013-2333 Exploits/Remote Windows
07.25.2011 ActiveFax Server FTP Buffer Overflow Exploit ActiveFax Server's FTP service has a remote buffer overflow vulnerability that can be exploited by an authenticated atacker. NOCVE-9999-48689 Exploits/Remote Windows
09.16.2012 HP OpenView Performance Agent coda.exe Opcode 0x34 Buffer Overflow Exploit A buffer overflow exists in coda.exe process which listens on a random TCP port by default. The process trusts a value within a GET request as a size then proceeds to copy that many bytes of user-supplied data into a fixed-length buffer on the stack. CVE-2012-2019 Exploits/Remote Windows
05.27.2010 MicroWorld eScan Products Remote Command Execution Exploit Multiple MicroWorld eScan products are vulnerable to a remote command-execution vulnerability because they fail to properly sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary commands with superuser privileges. Successful attacks will completely compromise affected computers. The issue affects the following products versions prior to 4.1.x: eScan for Linux Desktop, eScan for Linux File Servers, MailScan for Linux Mail servers, WebScan for Linux Proxy Servers. NOCVE-9999-42682 Exploits/Remote Linux
06.03.2007 SNORT SMB Fragmentation Buffer Overflow exploit This module exploits a stack buffer overflow vulnerability in the Sourcefire Snort DCE/RPC preprocessor. An unauthenticated, remote attacker can exploit this vulnerability to execute arbitrary code with the privileges of the Snort process. CVE-2006-5276 Exploits/Remote Linux, FreeBSD
01.12.2012 Telnetd encrypt_keyid Remote Buffer Overflow Exploit Update A buffer overflow in libtelnet/encrypt.c in Inetutils and Heimdal implementations of telnetd allows remote attackers to execute arbitrary code with root permissions via a long encryption key. This update adds support for Debian and newer FreeBSD platforms. CVE-2011-4862 Exploits/Remote FreeBSD, Linux
07.24.2013 PHP Charts Remote Code Execution Exploit This module exploits a vulnerability in PHP Charts 1.0. The url.php script eval()s every single GET key/value pair. Leading to code execution. NOCVE-9999-57634 Exploits/Remote
06.11.2009 Symantec System Center Alert Management System Command Execution Exploit The AMS2 (Alert Management Systems 2) component of multiple Symantec products is prone to a remote command-execution vulnerability because the software fails to adequately sanitize user-supplied input. CVE-2009-1429 Exploits/Remote Windows
06.20.2008 Microsoft WINS Exploit (MS08-034) A memory corruption vulnerability in the ChkNtfSock function of wins.exe allows remote code execution. The WINS service listens on more than one UDP port (it listens on 42/udp and also on a dynamic UDP port). This attack targets the dynamic udp port, thus it requires the identification of such dynamic port by the user. This can be accomplished by running a port scanner module such as the 'Port Scanner - UDP' module. CVE-2008-1451 Exploits/Remote
10.28.2009 Novell eDirectory Network Request Buffer Overflow Exploit A boundary error exists in the dhost.dll component of Novell eDirectory post authentication when processing list of modules. This can be exploited to cause a stack-based buffer overflow via a specially crafted request with an overly long module name. WARNING:This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-4653 Exploits/Remote Windows
09.18.2007 Surgemail Search Exploit This module exploits a stack-based buffer overflow in the Surgemail Server 3.x and deploys an agent when successful. The exploit triggers a buffer-overflow vulnerability due to insufficient bounds checking of user supplied input allowing remote attackers to execute arbitrary code on the remote machine. CVE-2007-4377 Exploits/Remote Windows
01.29.2012 Omni-NFS Enterprise FTP Server Buffer Overflow Exploit Update This vulnerability is caused by a buffer overflow in Omni-NFS Enterprise FTP Server, due to its lack of checking of user-supplied data within FTP requests. This update add CVE. CVE-2006-5792 Exploits/Remote Windows
08.29.2006 MailEnable IMAPD W3C Logging Buffer Overflow Exploit This module exploits a buffer overflow in the W3C logging for MailEnable Enterprise 1.1 allows remote attackers to execute arbitrary code. CVE-2005-3155 Exploits/Remote Windows
05.02.2013 BigAnt IM Server DDNF Username Buffer Overflow Exploit BigAnt IM Server is vulnerable to a buffer-overflow within the AntDS.exe component when handling an overly long username. NOCVE-9999-57633 Exploits/Remote Windows
09.04.2008 CA BrightStor ARCserve Backup Message Service Exploit CA BrightStor ARCserve Backup is prone to a buffer overflow vulnerability on the RPC interface that could permit the execution of arbitrary remote code. A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer. CVE-2006-5143 Exploits/Remote Windows
09.18.2007 Ipswitch IMail login exploit update This package updates the Ipswitch IMail login exploit. CVE-2005-1255 Exploits/Remote Windows
11.12.2009 Free Download Manager Control Server Remote Buffer Overflow Exploit A boundary error in the Remote Control Server when processing Authorization headers in HTTP requests can be exploited to cause a stack-based buffer overflow via an HTTP request containing an overly long Authorization header. CVE-2009-0183 Exploits/Remote Windows

Pages