CORE Impact Pro Exploits and Security Updates

When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.

Use the controls below to navigate CORE Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
04.21.2009 Easy Chat Server Authentication Request Buffer Overflow Exploit A remote user of vulnerable installations of Easy Chat Server can send a specially crafted password parameter to chat.ghp to trigger a buffer overflow and execute arbitrary code on the target system. NOCVE-9999-36981 Exploits/Remote Windows
11.15.2007 MSRPC Samba Command Injection exploit update 2 for IMPACT 7.5 This update adds support for FreeBSD and OpenBSD. This module exploits a command injection vulnerability in the function AddPrinterW in Samba 3, reached through an AddPrinter remote request. CVE-2007-2447 Exploits/Remote Linux, OpenBSD, FreeBSD, Mac OS X
10.24.2008 MSRPC Server Service Remote Buffer Overflow Exploit (MS08-067) This module exploits a vulnerability in the Microsoft Server service sending a specially crafted RPC request. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2008-4250 Exploits/Remote Windows
11.09.2009 Kerio PF Administration Exploit Update Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet. This update improves the reliability of the exploit when using the "Reuse connection" method to connect new agents. CVE-2003-0220 Exploits/Remote Windows
02.12.2012 Trend Micro Control Manager CmdProcessor.exe AddTask Remote Buffer Overflow Exploit The CmdProcessor.exe service of Trend Micro Control Manager is prone to a stack-based buffer overflow, which can be exploited by remote unauthenticated attackers to execute arbitrary code by sending a specially crafted IPC packet to the vulnerable service. CVE-2011-5001 Exploits/Remote Windows
05.18.2011 EMC HomeBase SSL Service Remote Code Execution Exploit This module exploits a path traversal vulnerability in the SSL service of EMC HomeBase Server. CVE-2010-0620 Exploits/Remote Windows
12.01.2011 PHPMyAdmin Setup Config Remote Code Execution Exploit Update This update adds support for Solaris and Mac OS X platforms. CVE-2009-1151 Exploits/Remote Solaris, Linux, Mac OS X
11.21.2013 Apple Mac OS X Samba NetWkstaTransportEnum Request Remote Buffer Overflow Exploit Update This module exploits a vulnerability in Mac OS X Samba server. When a specially crafted call to "NetWkstaTransportEnum" RPC function is processed by the Samba server, it produces a heap overflow. This update adds support to Mac OSX 10.6.0 to 10.6.7 ( Server and not server versions ). Besides, this update improves the exploitation by reverting the Samba server impersonation and installing an agent with root privileges in all Mac OSX supported versions. CVE-2012-1182 Exploits/Remote Mac OS X
07.18.2013 Ultra Mini HTTPD Stack Buffer Overflow Exploit The vulnerability is caused due to a boundary error within Mini HTTPD when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. Arbitrary code can be directly executed by overwriting a return address. NOCVE-9999-58901 Exploits/Remote Windows
12.11.2008 3Com TFTP Transporting Mode Buffer Overflow Exploit This module exploits a buffer overflow vulnerability during the processing of TFTP Read/Write request packet types and cause a stack-based buffer overflow by sending a specially crafted packet with an overly long mode field. CVE-2006-6183 Exploits/Remote Windows
07.01.2014 Ericom AccessNow Server Buffer Overflow Exploit AccessNowServer32.exe is prone to a buffer overflow when handling a malformed HTTP request. CVE-2014-3913 Exploits/Remote Windows
12.05.2012 Novell File Reporter NFRAgent FSFUI Record File Upload Exploit This module exploits a Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter. This allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record. This vulnerability can be exploited remotely by sending a specially crafted packet to port TCP/3037. CVE-2012-4959 Exploits/Remote Windows
12.12.2006 MSRPC Netware Client CSNW Overflow exploit This module exploits a buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows allows remote attackers to execute arbitrary code via crafted messages. CVE-2006-4688 Exploits/Remote Windows
08.21.2005 CA BrightStor ARCserve Backup SQL agent exploit This module exploits a stack-based buffer overflow in CA BrightStor ARCserve Backup for Windows and installs a level0 agent. CVE-2005-1272 Exploits/Remote Windows
12.02.2009 MSRPC CA ARCserve Backup Command Injection Exploit CA BrightStor ARCserve Backup is prone to a command injection vulnerability on the RPC interface that could permit the execution of arbitrary remote code. A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer. CVE-2008-4397 Exploits/Remote Windows
04.22.2012 Novell ZENworks Configuration Management Preboot Service Opcode 0x4c Buffer Overflow Exploit A buffer-overflow vulnerability exists in the PreBoot Service when processing requests containing opcode 0x4c. CVE-2011-3176 Exploits/Remote Windows
02.06.2014 Zavio Camera RTSP Video Stream Unauthenticated Access Exploit The RTSP protocol authentication in the Zavio F3105 IP camera is disabled by default. This configuration error allows remote attackers to access the live video stream without being asked for credentials. CVE-2013-2569 Exploits/Remote
09.04.2013 Graphite Pickle Remote Code Execution Exploit This module exploits an unsafe pickle operation of Graphite in order to install an agent. CVE-2013-5093 Exploits/Remote Linux
08.13.2012 Samba LsarSetInformationPolicy Request Remote Buffer Overflow Exploit This module exploits a heap overflow bug in Samba Server by sending a crafted request packet via DCERPC call. CVE-2012-1182 Exploits/Remote Linux
04.20.2006 New features for MSRPC exploits Added support for NT and LM hashes as authentication mechanism. Added fragmentation support for /TCP and /SMB transports. Added fragmentation for DCERPC over any transport. This two different types of fragmentation can be combined or used independently. CVE-2005-0059 Exploits/Remote Windows
03.08.2011 Symantec AMS Intel Alert Handler Pin Number Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the Intel Handler Service. CVE-2010-0111 Exploits/Remote Windows
02.12.2009 Oracle Secure Backup Command Injection Exploit This module exploits a command injection error in the Oracle Secure Backup Administration server. CVE-2008-5449 Exploits/Remote Windows, Linux
01.06.2010 HP OpenView Storage Data Protector Remote Buffer Overflow Exploit This module exploits a remote buffer overflow in the OmniInet.exe service included in the HP OpenView Storage Data Protector application by sending a malformed MSG_PROTOCOL packet. CVE-2009-3844 Exploits/Remote Windows
10.23.2008 Debian OpenSSL Predictable Random Number Generation Exploit Update This module exploits the random number generator in Debian's OpenSSL package being predictable. This vulnerability is used to generate SSH keys and to install an agent into the target host. This update contains: -Corrections of some documentation issues. -Performance optimizations. -New parameter for user's preferences. CVE-2008-0166 Exploits/Remote Linux
10.18.2009 TFTPServer SP Buffer Overflow Exploit Update This module exploits a buffer overflow vulnerability in the handling of Error Packet for overwrite all the .bss section and some portion of the .idata section. This module add the service specification tag. CVE-2008-2161 Exploits/Remote Windows
01.09.2012 DameWare Mini Remote Control Username Exploit This module exploits a vulnerability in DameWare Mini Remote Control by sending a specially crafted packet to port 6129/TCP. CVE-2005-2842 Exploits/Remote Windows
09.30.2013 Exim With Dovecot LDA Remote Code Execution Exploit The Dovecot documentation contains an example using a dangerous configuration option for Exim, which leads to a remote command execution vulnerability. NOCVE-9999-59209 Exploits/Remote Linux
10.05.2011 phpScheduleit 1.2.10 Remote Code Execution Exploit Update Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter. This update adds support for the Solaris and FreeBSD platforms. CVE-2008-6132 Exploits/Remote Windows, Solaris, Linux, FreeBSD
12.14.2008 Mercury IMAPD Login Buffer Overflow Exploit This module allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing the Mercury Mail Transport System. The vulnerability is caused due to a boundary error within Mercury/32 IMAPD Server Module (mercuryi.dll). This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed size memory buffer. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. Authentication is not required to exploit this vulnerability. CVE-2006-5961 Exploits/Remote Windows
10.22.2009 Microsoft Windows TCPIP Timestamp Remote DoS (MS09-048) This module exploits a memory corruption in the Microsoft Windows TCP/IP implementation by sending a sequence of TCP/IP packets with a specially crafted Timestamp values. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-1925 Exploits/Remote Windows

Pages