CORE Impact Pro Exploits and Security Updates

When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.

Use the controls below to navigate CORE Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
04.22.2010 MySQL with yaSSL SSL Certificate Handling Remote Stack Buffer Overflow Exploit MySQL compiled with yaSSL is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. CVE-2009-4484 Exploits/Remote Linux
05.31.2012 Novell ZENworks Configuration Management Preboot Service Opcode 0x21 Buffer Overflow Exploit This module exploits a remote stack-based buffer overflow vulnerability in the Preboot Service component of Novell ZENworks Configuration Management, by sending a specially crafted packet to the port 998/TCP. NOCVE-9999-43820 Exploits/Remote Windows
02.06.2012 NetTerm NetFTPD USER Buffer Overflow Exploit An internal memory buffer may be overrun while handling long "USER" command. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the NetTerm NetFTPD.exe process. CVE-2005-1323 Exploits/Remote Windows
09.02.2008 CA BrightStor ARCserve Backup LGServer Service Exploit This module exploits a buffer overflow vulnerability in the LGServer Service (LGServer.exe) component of CA BrightStor ARCserve Backup for Laptops and Desktops and installs an agent if successful. This vulnerability can be exploited remotely by sending a specially crafted packet to port TCP/1900. CVE-2008-1328 Exploits/Remote Windows
11.23.2011 General Electric ihDataArchiver Service Remote Buffer Overflow Exploit This module exploits a remote buffer overflow vulnerability in the ihDataArchiver.exe service included in several GE SCADA applications by sending a malformed packet to the 14000/TCP port. CVE-2011-1918 Exploits/Remote Windows
01.14.2009 Microsoft Windows SMB Buffer Underflow Exploit (MS08-063) Update This update add support to Microsoft Windows 2000 SP4 Professional, Server, Advanced Server and Windows 2003 SP0 Standard Edition and Enterprise Edition. CVE-2008-4038 Exploits/Remote Windows
09.28.2009 Microsoft Windows SMB 2.0 Negotiate Protocol Request Remote Exploit This module exploits a vulnerability on srv2.sys via a SMB 2 malformed packet. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-3103 Exploits/Remote Windows
07.30.2008 Microsoft IGMPv3 Exploit (MS08-001) This exploit installs an agent using an overflow vulnerability located in Microsoft Windows tcpip.sys CVE-2007-0069 Exploits/Remote Windows
09.21.2010 Integard Home and Pro Remote Buffer Overflow Exploit The vulnerability is caused due to a boundary error within the handling of HTTP POST requests. This may allow execution of arbitrary code by sending an overly long, specially crafted HTTP POST request to the server. NOCVE-9999-45121 Exploits/Remote Windows
11.28.2013 Zavio Camera NTP Server OS Command Injection Exploit The Zavio F3105 IP camera is vulnerable to OS command injection when the /opt/cgi/view/param binary parses the General.Time.NTP.Server configuration parameter. This vulnerability allows authenticated users to execute arbitrary code on the affected cameras. CVE-2013-2570 Exploits/Remote
03.07.2012 Motorola Netopia netOctopus SDCS Buffer Overflow Exploit This module exploits a remote buffer overflow in the Motorola Netopia netOctopus SDCS server service. The vulnerability exists within the code responsible for parsing client requests. When reading in a request from the network, a 32-bit integer is read in that specifies the number of bytes that follow. This value is not validated, and is then used to read data into a fixed-size stack buffer. This results in an exploitable stack buffer overflow. CVE-2008-2153 Exploits/Remote Windows
08.10.2010 Chuggnutt HTML to Text Converter Remote Code Execution Exploit This module exploits a Chuggnutt HTML to Text Converter preg_replace using eval switch in multiple web applications in order to install an agent. Currently, this module supports AtMail Open and RoundCube Webmail. Exploits/Remote Windows, Linux
11.15.2007 Ipswitch IMail Search On Exploit update for IMPACT 7.5 This module exploits a stack-based buffer overflow in the Ipswitch Imail Server 2006.0 and 2006.1. CVE-2007-2795 Exploits/Remote Windows
02.10.2009 FileCopa LIST Command Remote Buffer Overflow Exploit FileCopa FTP Server is prone to a buffer-overflow vulnerability when handling data through the LIST command, a large amount of data can trigger an overflow in a finite-sized internal memory buffer. CVE-2006-3726 Exploits/Remote Windows
07.02.2014 AVTECH DVR Camera Administration Login Console Captcha Bypass Exploit The /cgi-bin/nobody/VerifyCode.cgi file in AVTECH DVR cameras allows remote attackers to perform administration login console captcha bypass by using an arbitrary hardcoded captcha and its matching verification code. This module tries to verify if the vulnerability is present in the target device. CVE-2013-4982 Exploits/Remote
09.29.2010 Microsoft Windows Print Spooler Service Impersonation Exploit (MS10-061) This module exploits a vulnerability in the "Print Spooler" service. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-2729 Exploits/Remote Windows
02.05.2007 CA BrightStor Tape Engine exploit for Windows Vista We are pleased to announce the availability of the first CORE IMPACT exploit for Windows Vista along with initial support for Windows Vista as an exploit target. The first exploit we are releasing is an exploit for a vulnerability in CA BrightStor ARCserve Backup v11.5 (CVE-2007-0169). More exploits for Vista will follow as part of our exploit update service. This update adds support for Windows Vista as a target for the exploit, and includes modifications to the Windows agent and accompanying payloads to run on all previously supported versions of Windows. CVE-2007-0168 Exploits/Remote Windows
07.18.2012 FireFly Media Server Remote Format String Exploit This module exploits a remote format string vulnerability in FireFly Media Server by sending a sequence of HTTP requests to the 3689/TCP port. CVE-2007-5825 Exploits/Remote Linux
02.05.2008 Apache Mod_rewrite Remote Buffer Overflow Exploit This module exploits an Off-by-one error in the LDAP scheme handling in the Rewrite module (mod_rewrite) in Apache and installs an agent into the target host. CVE-2006-3747 Exploits/Remote
11.30.2011 OpenX Remote Code Execution Exploit Update This update adds support for Solaris and Mac OS X platforms CVE-2009-4098 Exploits/Remote Solaris, Linux, Mac OS X
11.08.2009 Omni-NFS Enterprise FTP Server Buffer Overflow Exploit This vulnerability is caused by a buffer overflow in Omni-NFS Enterprise FTP Server, due to its lack of checking of user-supplied data within FTP requests. CVE-2006-5792 Exploits/Remote Windows
02.24.2009 PHPMyAdmin Server_databases Remote Code Execution Exploit This module exploits a vulnerability in PHPMyAdmin. server_databases.php fails when it attemps to sanitize the sort_by parameter. It allows an attacker to inject code, and execute it on the web server with www-data privileges. CVE-2008-4096 Exploits/Remote Linux
12.09.2012 Remote Exploits File Header Update This update only modifies the description in the file header. CVE-2008-1914 Exploits/Remote Windows
11.30.2008 Easy File Sharing FTP Server PASS Buffer Overflow Exploit The vulnerability is caused due to a boundary error with the handling of passwords. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted passwords passed to the affected server. CVE-2006-3952 Exploits/Remote Windows
10.20.2010 Mantis Manage_proj_page Remote Code Execution Exploit Update 3 This update adds support for Solaris platforms. CVE-2008-4687 Exploits/Remote Solaris, Linux, Windows, AIX, Mac OS X
04.16.2007 MSRPC DNS Server exploit This module exploits a buffer overflow in the DNS Server via a specially crafted RPC request. CVE-2007-1748 Exploits/Remote Windows
07.26.2012 Simple Web Server GET Request Buffer Overflow Exploit The vulnerability is caused due to a boundary error within Simple Web Server when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. NOCVE-9999-53352 Exploits/Remote Windows
02.10.2014 HP ProCurve Manager SNAC UpdateDomainControllerServlet Exploit This module exploits a path traversal vulnerability in HP ProCurve Manager. The specific flaw exists within the UpdateDomainControllerServlet. This servlet improperly sanitizes the adCert argument allowing the remote attacker could upload a .jsp file and execute arbitrary code. Authentication is not required to exploit this vulnerability. CVE-2013-4811 Exploits/Remote Windows
04.14.2008 MSRPC WKSSVC NetpManageIPCConnect Exploit update This module exploits a stack buffer overflow in the Workstation Service. This package addresses a compatibility problem when porting the module from version 7.0 to 7.5 of the framework. CVE-2006-4691 Exploits/Remote Windows
05.06.2010 Remote Exploits Service Package Update This package specify the service to be attacked, taking the info from services.py. CVE-2008-4038 Exploits/Remote Windows, Mac OS X

Pages