CORE Impact Pro Exploits and Security Updates

When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.

Use the controls below to navigate CORE Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
08.29.2005 Exchange X-LINK2STATE CHUNK Exploit This module exploits a heap based buffer overflow handling the X-LINK2STATE command in the SMTP service of Exchange Server. CVE-2005-0560 Exploits/Remote Windows
10.02.2011 WinComLPD Remote Administration Buffer Overflow Exploit A buffer overflow in WinComLPD is triggered by sending an overly long authentication packet to the remote administration service. CVE-2008-5159 Exploits/Remote Windows
08.06.2009 Motorola Timbuktu Pro PlughNTCommand Stack Based Buffer Overflow Exploit This module exploits a remote stack-based buffer overflow in Motorola Timbuktu Pro by sending a long malformed string over the plughNTCommand named pipe. CVE-2009-1394 Exploits/Remote Windows
10.01.2012 HP Intelligent Management Center UAM sprintf Buffer Overflow Exploit A stack buffer overflow exists in HP Intelligent Management Center's uam.exe service which listens on port UDP/1811. The vulnerability is due to lack of validation of a string passed to sprintf. NOCVE-9999-54499 Exploits/Remote Windows
07.01.2014 Ericom AccessNow Server Buffer Overflow Exploit AccessNowServer32.exe is prone to a buffer overflow when handling a malformed HTTP request. CVE-2014-3913 Exploits/Remote Windows
01.15.2007 CA BrightStor Tape Engine buffer overflow exploit This module exploits a buffer overflow in CA Brightstor Tape Engine in BrightStor ARCserve Backup v11.5 CVE-2007-0168 Exploits/Remote Windows
04.09.2013 Apple Mac OS X Samba NetWkstaTransportEnum Request Remote Buffer Overflow Exploit This module exploits a vulnerability in Mac OS X Samba server. When a specially crafted call to "NetWkstaTransportEnum" RPC function is processed by the Samba server, it produces a heap overflow. CVE-2012-1182 Exploits/Remote Mac OS X
07.13.2011 Novell File Reporter Engine RECORD Tag Parsing Exploit This module exploits a buffer overflow in Novell File Reporter by sending a specially crafted packet. CVE-2011-2220 Exploits/Remote Windows
09.26.2007 MSRPC MSMQ Buffer Overflow exploit update This package updates the MSRPC MSMQ Buffer Overflow exploit module. CVE-2005-0059 Exploits/Remote Windows
05.31.2010 HP OpenView NNM getnnmdata CGI Buffer Overflow Exploit This module exploits a stack-based buffer overflow in HP OpenView Network Node Manager by sending a specially crafted request to getnnmdata.exe. CVE-2010-1553 Exploits/Remote Windows
08.04.2014 Easy File Management Web Server UserID Cookie Handling Buffer Overflow Exploit The vulnerability is caused due to a boundary error when parsing the "UserID" value in the session cookie, which can be exploited to cause a stack-based buffer overflow. NOCVE-9999-65448 Exploits/Remote Windows
02.10.2014 HP ProCurve Manager SNAC UpdateDomainControllerServlet Exploit This module exploits a path traversal vulnerability in HP ProCurve Manager. The specific flaw exists within the UpdateDomainControllerServlet. This servlet improperly sanitizes the adCert argument allowing the remote attacker could upload a .jsp file and execute arbitrary code. Authentication is not required to exploit this vulnerability. CVE-2013-4811 Exploits/Remote Windows
02.06.2012 Traq Command Injection Exploit Traq is vulnerable to an authentication bypass vulnerability, this module exploits this vulnerability in order to install a plugin hook to ultimately install an agent in the target host. NOCVE-9999-50813 Exploits/Remote Windows, Solaris, Linux, Mac OS X
11.30.2011 Xoops mydirname Remote Code Execution Exploit Update This update adds support for Solaris platform. NOCVE-9999-38580 Exploits/Remote Solaris, Linux
05.14.2013 EMC AlphaStor Device Manager 0x41 Command Buffer Overflow Exploit A flaw exists within Device Manager (rrobotd.exe), which listens by default on port 3000, when parsing the 0x41 command. CVE-2013-0930 Exploits/Remote Windows
08.08.2011 IBM Lotus Domino LSUB IMAP Server Buffer Overflow Exploit Update Exploits a stack buffer overflow in the Lotus Domino IMAP Server for windows version 7.0.2FP1 after authentication. This update solves the unsupported icon target problem CVE-2007-3510 Exploits/Remote Windows
11.21.2007 Imatix Xitami If-Modified-Since Remote Buffer Overflow Exploit This module exploits a remote stack buffer overflow in the Xitami Server version 2.5c CVE-2007-5067 Exploits/Remote Windows
09.17.2014 Openfiler Remote Code Execution Exploit Update Insufficient sanitization in Openfile's /admin/system.html 'Hostname' field, leads to remote code execution. This update fixes the exploit category. NOCVE-9999-65590 Exploits/Remote Linux
06.13.2007 Samba lsa_io_trans_names buffer overflow exploit This module exploits a buffer overflow vulnerability when parsing RPC requests through the LSA RPC interface in Samba 3.x. The exploit is triggered by sending a specially crafted RPC LsarLookupSids request to a vulnerable computer. CVE-2007-2446 Exploits/Remote Solaris, Linux
04.22.2010 MySQL with yaSSL SSL Certificate Handling Remote Stack Buffer Overflow Exploit MySQL compiled with yaSSL is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. CVE-2009-4484 Exploits/Remote Linux
04.06.2014 Schneider Electric Serial Modbus Driver Buffer Overflow Exploit The vulnerability is a buffer overflow in Schneider Electric OPC factory Suite which bundle the vulnerable component Schneider Electric Modbus Serial Driver (ModbusDrv.exe). CVE-2013-0662 Exploits/Remote Windows
08.07.2006 MSRPC SRVSVC NetrpPathCanonicalize (MS06-040) exploit This module exploits a remotely exploitable vulnerability in Windows' Server Service (MS06-040) over Microsoft DCERPC (ports 139 and 445). WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2006-3439 Exploits/Remote Windows
09.29.2013 Adobe ColdFusion APSB13-03 Remote Code Execution Exploit Adobe ColdFusion is vulnerable to a remote authentication-bypass, allowing the attacker to upload an agent and execute it. The agent may have SYSTEM privileges if ColdFusion is installed as a service in Windows. CVE-2013-0632 Exploits/Remote Windows
09.01.2011 ActFax Server FTP User Buffer Overflow Exploit This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing ActFax Server. The vulnerability is caused due to a boundary error when processing an overly long USER name on the FTP Server. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. NOCVE-9999-49018 Exploits/Remote Windows
01.10.2008 SAP MaxDB Remote Command Injection Exploit This module installs an agent using a remote command-injection vulnerability located in the database server. CVE-2008-0244 Exploits/Remote Windows
05.25.2011 7T Interactive Graphical SCADA System IGSSdataServer Remote Buffer Overflow Exploit Update This module exploits a remote stack-based buffer overflow in IGSSdataServer by sending a malformed packet to the 12401/TCP port. This version add CVE. CVE-2011-1567 Exploits/Remote Windows
10.20.2008 Microsoft Windows SMB Buffer Underflow DoS (MS08-063) This module exploits a remote vulnerability on the FIND_FIRTS2 SMB subcommand on the srv.sys driver. CVE-2008-4038 Exploits/Remote Windows
09.02.2009 Exploit Modules Update for RPT This update applies missing attributes to a small number of exploits to ensure they are correctly selected by the Rapid Penetration Test Wizards. CVE-2008-1914 Exploits/Remote Windows, Linux
01.28.2013 BigAnt IM Server AntDS Buffer Overflow Exploit BigAnt IM Server is prone to a buffer-overflow within AntDS.exe component when handling a specially crafted filename header. CVE-2012-6275 Exploits/Remote Windows
12.12.2006 MSRPC Netware Client CSNW Overflow exploit This module exploits a buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows allows remote attackers to execute arbitrary code via crafted messages. CVE-2006-4688 Exploits/Remote Windows

Pages