Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
06.25.2009 Mantis Manage_proj_page Remote Code Execution Exploit Update This update gives this exploit support for Windows platforms. CVE-2008-4687 Exploits/Remote Linux, Windows
07.18.2013 Ultra Mini HTTPD Stack Buffer Overflow Exploit The vulnerability is caused due to a boundary error within Mini HTTPD when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. Arbitrary code can be directly executed by overwriting a return address. NOCVE-9999-58901 Exploits/Remote Windows
10.05.2011 phpScheduleit 1.2.10 Remote Code Execution Exploit Update Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter. This update adds support for the Solaris and FreeBSD platforms. CVE-2008-6132 Exploits/Remote Windows, Solaris, Linux, FreeBSD
09.02.2008 CA BrightStor ARCserve Backup LGServer Service Exploit This module exploits a buffer overflow vulnerability in the LGServer Service (LGServer.exe) component of CA BrightStor ARCserve Backup for Laptops and Desktops and installs an agent if successful. This vulnerability can be exploited remotely by sending a specially crafted packet to port TCP/1900. CVE-2008-1328 Exploits/Remote Windows
06.30.2011 Siemens Tecnomatix FactoryLink CSService Buffer Overflow Exploit A vulnerability found on Siemens FactoryLink vulnerability occurs when CSService.exe processes a CSMSG_ListFiles_REQ message, causing a stack overflow. NOCVE-9999-48567 Exploits/Remote Windows
12.22.2008 CesarFTP MKD Command Buffer Overflow Exploit An internal memory buffer may be overrun while handling long MKD commands. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the CesarFTP process. CVE-2006-2961 Exploits/Remote
10.14.2012 Samba LsarSetInformationPolicy Request Remote Buffer Overflow Exploit Update This update adds support to Debian 6.0.0 and adds support for attacking IPv6 targets. This module exploits a heap overflow bug in Samba Server by sending a crafted request packet via DCERPC call. CVE-2012-1182 Exploits/Remote Linux
07.11.2014 Apache Struts 2 devMode OGNL Remote Code Execution Exploit The best practice for web applications built on top of the Apache Struts 2 framework is to switch off Developer Mode (struts.devMode parameter in the struts.xml configuration file) before going into production. When devMode is left enabled, attackers can gain remote code execution by setting the 'debug=command' URL parameter and sending OGNL expressions through the 'expression' URL parameter. This module takes advantage of this misconfiguration scenario in order to deploy an agent in the target system. NOCVE-9999-62986 Exploits/Remote Windows, Mac OS X, Linux
10.23.2011 e107 Install Script Command Injection Exploit e107 CMS is vulnerable to a command injection in its installation script due to a lack of sanitization on the MySQL server parameter. CVE-2011-1513 Exploits/Remote Windows, Solaris, Linux, Mac OS X
08.02.2010 Symantec AMS Intel Handler Service Command Injection Exploit This module exploits command injection vulnerability in Symantec AMS Intel Handler Service and install an agent into the target machine. CVE-2010-0110 Exploits/Remote Windows
05.30.2010 HP OpenView NNM getnnmdata Hostname CGI Buffer Overflow Exploit This module exploits a stack-based buffer overflow in the getnnmdata.exe CGI application, a component of HP OpenView Network Node Manager, by sending an HTTP request with an invalid value for the Hostname parameter. CVE-2010-1555 Exploits/Remote Windows
11.15.2007 Ipswitch IMail Search On Exploit update for IMPACT 7.5 This module exploits a stack-based buffer overflow in the Ipswitch Imail Server 2006.0 and 2006.1. CVE-2007-2795 Exploits/Remote Windows
11.17.2008 MSRPC Server Service Remote Buffer Overflow Exploit (MS08-067) Update 2 This module exploits a vulnerability in the Microsoft Windows Server service sending a specially crafted RPC request. This update adds support for Windows 2003 Enterprise Edition sp2 with DEP enabled. CVE-2008-4250 Exploits/Remote Windows
01.26.2011 Golden FTP Server PASS Buffer Overflow Exploit This vulnerability on installations of Golden FTP Server is due to a boundary error with the handling of passwords. This can be exploited to cause a stack-based buffer overflow via the use of overly long, specially-crafted passwords passed to the affected server. CVE-2006-6576 Exploits/Remote Windows
10.28.2009 Novell eDirectory Network Request Buffer Overflow Exploit A boundary error exists in the dhost.dll component of Novell eDirectory post authentication when processing list of modules. This can be exploited to cause a stack-based buffer overflow via a specially crafted request with an overly long module name. WARNING:This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-4653 Exploits/Remote Windows
02.12.2012 Trend Micro Control Manager CmdProcessor.exe AddTask Remote Buffer Overflow Exploit The CmdProcessor.exe service of Trend Micro Control Manager is prone to a stack-based buffer overflow, which can be exploited by remote unauthenticated attackers to execute arbitrary code by sending a specially crafted IPC packet to the vulnerable service. CVE-2011-5001 Exploits/Remote Windows
09.04.2013 Graphite Pickle Remote Code Execution Exploit This module exploits an unsafe pickle operation of Graphite in order to install an agent. CVE-2013-5093 Exploits/Remote Linux
12.01.2011 PHPMyAdmin Setup Config Remote Code Execution Exploit Update This update adds support for Solaris and Mac OS X platforms. CVE-2009-1151 Exploits/Remote Solaris, Linux, Mac OS X
02.05.2008 Apache Mod_rewrite Remote Buffer Overflow Exploit This module exploits an Off-by-one error in the LDAP scheme handling in the Rewrite module (mod_rewrite) in Apache and installs an agent into the target host. CVE-2006-3747 Exploits/Remote
08.10.2011 CakePHP unserialize Remote Code Execution Exploit CakePHP is vulnerable to a file inclusion attack because of its use of the "unserialize()" function on unchecked user input. This makes it possible to inject arbitary objects into the scope. CVE-2010-4335 Exploits/Remote Linux
10.24.2012 Identity Viewer Protocol Fix This fixes a misspelling in the identity.xml file. Exploits/Remote
05.12.2011 HP OpenView NNM nnmRptConfig schd_select1 CGI Buffer Overflow Exploit This module exploits a stack-based buffer overflow in the nnmRptConfig.exe CGI application, a component of HP OpenView Network Node Manager, by sending a specially crafted packet. CVE-2011-0269 Exploits/Remote Windows
09.17.2014 Kolibri Web Server Get Request Buffer Overflow Exploit Buffer overflow in Kolibri Web Server allows remote attackers to execute arbitrary code via a long URI in a GET request. CVE-2014-4158 Exploits/Remote Windows
06.18.2007 MSRPC Trend Micro Server Protect buffer overflow exploit TrendMicro ServerProtect is prone to a buffer overflow vulnerability on the rpc interface that could permit the execution of arbitrary remote code. CVE-2007-2508 Exploits/Remote Windows
07.10.2008 IBM Lotus Sametime StMux Remote Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the Community Services Multiplexer (StMux.exe) by requesting a specially crafted URL. CVE-2008-2499 Exploits/Remote Windows
02.16.2011 SIELCO SISTEMI Winlog Malformed Packet Stack Buffer Overflow Exploit Stack-based buffer overflow in Sielco Sistemi Winlog when Run TCP/IP server is enabled, allows remote attackers to execute arbitrary code via a crafted 0x02 opcode to TCP port 46823. CVE-2011-0517 Exploits/Remote Windows
04.08.2014 OpenSSL TLS Heartbeat Read Overrun Memory Disclosure Exploit A missing boundary check in the TLS Heartbeat extension in OpenSSL can be abused by remote attackers to read up to 64 kb of memory from the server. This memory disclosure vulnerability can be used by remote unauthenticated attackers to obtain sensitive information from the affected server, including private keys and session cookies. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2014-0160 Exploits/Remote Linux
09.30.2013 Exim With Dovecot LDA Remote Code Execution Exploit The Dovecot documentation contains an example using a dangerous configuration option for Exim, which leads to a remote command execution vulnerability. NOCVE-9999-59209 Exploits/Remote Linux
04.14.2008 MSRPC WKSSVC NetpManageIPCConnect Exploit update This module exploits a stack buffer overflow in the Workstation Service. This package addresses a compatibility problem when porting the module from version 7.0 to 7.5 of the framework. CVE-2006-4691 Exploits/Remote Windows
09.11.2011 Moodle Tex Filter Remote Code Execution Exploit Update This module exploits a Moodle Tex Filter Remote Code Execution vulnerability installing an agent. This update adds support for the Solaris platform. NOCVE-9999-35969 Exploits/Remote Windows, Solaris, Linux

Pages