Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
06.07.2011 Oracle VM Server Virtual Server Agent Command Injection Exploit By including shell meta characters within the second parameter to the 'urt_test_url' XML-RPC methodCall, an attacker can execute arbitrary commands. The service typically runs with root privileges. CVE-2010-3585 Exploits/Remote Linux
08.26.2012 Ricoh DC DL-10 SR10 FTP USER Command Buffer Overflow Exploit Ricoh DC's DL-10 SR10 FTP Server is prone to a buffer-overflow vulnerability when handling data through the USER command. This can be exploited by supplying a long string of data to the affected command. NOCVE-9999-53623 Exploits/Remote Windows
05.16.2012 CA Total Defense UNCWS Web Service DeleteReports Remote Code Execution Exploit The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The DeleteReports method makes use of the uncsp_DeleteReports stored procedure, which is vulnerable to SQL Injection. A remote unauthenticated attacker can exploit this to execute arbitrary code on a vulnerable machine with SYSTEM privileges. CVE-2011-1653 Exploits/Remote Windows
11.21.2013 Apple Mac OS X Samba NetWkstaTransportEnum Request Remote Buffer Overflow Exploit Update This module exploits a vulnerability in Mac OS X Samba server. When a specially crafted call to "NetWkstaTransportEnum" RPC function is processed by the Samba server, it produces a heap overflow. This update adds support to Mac OSX 10.6.0 to 10.6.7 ( Server and not server versions ). Besides, this update improves the exploitation by reverting the Samba server impersonation and installing an agent with root privileges in all Mac OSX supported versions. CVE-2012-1182 Exploits/Remote Mac OS X
03.17.2008 Trend Micro OfficeScan Buffer Overflow Exploit The vulnerability is caused due to a boundary error within Trend Micro OfficeScan Corporate Edition when processing passwords with cgiChkMasterPwd.exe vulnerable module. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to this module. CVE-2008-1365 Exploits/Remote Windows
08.27.2007 RSH Daemon for Windows Remote Buffer Overflow Exploit This module exploits a stack-based buffer overflow vulnerability in the Windows RSH application (rshd.exe). The module sends a specially crafted packet to port 514/tcp and installs an agent if successful. CVE-2007-4005 Exploits/Remote Windows
10.02.2011 WinComLPD Remote Administration Buffer Overflow Exploit A buffer overflow in WinComLPD is triggered by sending an overly long authentication packet to the remote administration service. CVE-2008-5159 Exploits/Remote Windows
11.13.2006 McAfee ePolicy Orchestrator - Protection Pilot HTTP exploit This module exploits a buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126. CVE-2006-5156 Exploits/Remote Windows
12.18.2008 MiniShare HTTP GET Request Buffer Overflow Exploit The vulnerability is caused due to a boundary error in the handling of HTTP "GET" requests. This can be exploited to cause a buffer overflow by sending a specially crafted overly long request with a pathname larger than 1787 bytes. CVE-2004-2271 Exploits/Remote Windows
10.01.2012 HP Intelligent Management Center UAM sprintf Buffer Overflow Exploit A stack buffer overflow exists in HP Intelligent Management Center's uam.exe service which listens on port UDP/1811. The vulnerability is due to lack of validation of a string passed to sprintf. NOCVE-9999-54499 Exploits/Remote Windows
09.11.2005 MailEnable SMTP auth command exploit This module exploits a stack-based buffer overflow in Mailenable smtp for Windows, allowing remote attackers to execute arbitrary code via AUTH command input. CVE-2005-2223 Exploits/Remote Windows
01.12.2010 BigAnt IM Server USV Request Remote Buffer Overflow Exploit This module exploits a vulnerability in the AntServer Module (AntServer.exe) to cause a stack-based buffer overflow, by sending a specially crafted, overly long "USV" request to the TCP port where the server is listening. NOCVE-9999-41693 Exploits/Remote Windows
07.01.2014 Ericom AccessNow Server Buffer Overflow Exploit AccessNowServer32.exe is prone to a buffer overflow when handling a malformed HTTP request. CVE-2014-3913 Exploits/Remote Windows
10.19.2011 MSRPC Server Service Remote Buffer Overflow Exploit (MS08-067) Update 5 This module exploits a vulnerability in the Microsoft Windows Server service by sending a specially crafted RPC request. This update adds reliability when exploiting all supported platforms. CVE-2008-4250 Exploits/Remote Windows
12.25.2006 CA BrightStor ARCserve Backup Discovery Service exploit This module exploits a vulnerability in BrightStor ARCserve/Enterprise Backup, which can be leveraged by an attacker to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the Discovery Service when processing received network traffic. This can be exploited to cause a buffer overflow by sending an overly large TCP data stream to port 41523. CVE-2006-5143 Exploits/Remote Windows
05.18.2010 Vermillion FTP Daemon Buffer Overflow Exploit Update The vulnerability is caused due to a boundary error with the handling of PORT commands. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted command passed to the affected server. This update fix the Connect to connection method. NOCVE-9999-41966 Exploits/Remote Windows
11.04.2012 HP Data Protector Express Create New Folder Buffer Overflow Exploit HP Data Protector Express is prone to a buffer-overflow when handling folder names in an insecure way by the dpwindtb.dll component. CVE-2012-0124 Exploits/Remote Windows
07.25.2011 Zend Server Java Bridge Design Flaw Remote Code Execution Exploit This module exploits a vulnerability in Java Bridge component of Zend Server. NOCVE-9999-47690 Exploits/Remote Windows, Linux, Mac OS X
02.06.2014 Zavio Camera RTSP Video Stream Unauthenticated Access Exploit The RTSP protocol authentication in the Zavio F3105 IP camera is disabled by default. This configuration error allows remote attackers to access the live video stream without being asked for credentials. CVE-2013-2569 Exploits/Remote
08.08.2011 Citrix Provisioning Services streamprocess Remote Buffer Overflow Exploit Update This module exploits a remote buffer overflow in the streamprocess.exe service included in the Citrix Provisioning Services application by sending a malformed packet to the 6905/UDP port. This update fixes an issue in the agent connector. NOCVE-9999-46895 Exploits/Remote Windows
06.01.2010 HP OpenView NNM snmpviewer CGI Buffer Overflow Exploit This module exploits a stack-based buffer overflow in the snmpviewer.exe CGI application, a component of HP OpenView Network Node Manager, by sending an HTTP request with an invalid value for the act and app parameters. CVE-2010-1552 Exploits/Remote Windows
02.07.2006 Blue Coat Systems WinProxy Exploit This module exploits a buffer overflow vulnerability in Blue Coat Systems Inc.'s WinProxy. CVE-2005-4085 Exploits/Remote Windows
09.29.2013 Bifrost Server Buffer Overflow Exploit Bifrost Server is prone to a buffer overflow vulnerability which can be exploited remotely by sending a specially crafted packet to port TCP/81. NOCVE-9999-58713 Exploits/Remote Windows
09.01.2011 ActFax Server FTP User Buffer Overflow Exploit This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing ActFax Server. The vulnerability is caused due to a boundary error when processing an overly long USER name on the FTP Server. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. NOCVE-9999-49018 Exploits/Remote Windows
02.01.2009 Microsoft SQL Server sp_replwritetovarbin Remote Heap Overflow Exploit This module exploits a heap-based buffer overflow in the Microsoft SQL Server by sending a specially crafted SQL query. It has two uses: One as a Remote Exploit which needs authentication, and another as an SQL Injection Agent installer module, which needs an SQL Agent as a target. CVE-2008-5416 Exploits/Remote Windows
05.25.2011 7T Interactive Graphical SCADA System IGSSdataServer Remote Buffer Overflow Exploit Update This module exploits a remote stack-based buffer overflow in IGSSdataServer by sending a malformed packet to the 12401/TCP port. This version add CVE. CVE-2011-1567 Exploits/Remote Windows
10.19.2014 Kolibri WebServer HTTP POST Request Buffer Overflow Exploit Kolibri Webserver is vulnerable to a stack buffer overflow as a result of failure to properly validate user-supplied input when handling HTTP POST requests. CVE-2014-5289 Exploits/Remote Windows
07.12.2007 mDNSResponder buffer overflow exploit This module exploits a buffer overflow vulnerability in the mDNSResponder service running on certain versions of Apple Mac OS X. The vulnerability is exploited remotely by sending a specially crafted UPnP Internet Gateway Device (IGD) packet and installing an agent. CVE-2007-2386 Exploits/Remote Mac OS X
01.28.2013 BigAnt IM Server AntDS Buffer Overflow Exploit BigAnt IM Server is prone to a buffer-overflow within AntDS.exe component when handling a specially crafted filename header. CVE-2012-6275 Exploits/Remote Windows
04.06.2010 Symantec Veritas VRTSweb Remote Exploit This module exploits a code execution vulnerability in the Veritas Web Server service by sending a specially crafted authentication request to the 14300/TCP port. CVE-2009-3027 Exploits/Remote Windows

Pages