Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
07.01.2014 Ericom AccessNow Server Buffer Overflow Exploit AccessNowServer32.exe is prone to a buffer overflow when handling a malformed HTTP request. CVE-2014-3913 Exploits/Remote Windows
05.31.2012 HP Data Protector EXEC_CMD Exploit This module exploits a buffer overflow vulnerability in HP Data Protector by sending a specially crafted EXEC_CMD request. CVE-2011-1866 Exploits/Remote Windows
01.05.2011 Mantis Manage_proj_page Remote Code Execution Exploit Update 5 This module exploits a Remote Code Execution vulnerability in Mantis version 1.1.3 when handling the sort parameter in manage_proj_page without the proper validation that leads to a remote code execution on Mantis' Web server. This update adds support for the OSX platform. CVE-2008-4687 Exploits/Remote Solaris, Linux, Windows, AIX, Mac OS X
01.24.2012 Omni-NFS Server NFSD Stack Buffer Overflow Exploit A buffer overflow exist in nfsd.exe in XLink Omni-NFS Server and allows remote attackers to execute arbitrary code via a crafted TCP packet to port 2049 (nfsd). CVE-2006-5780 Exploits/Remote Windows
07.09.2009 Zabbix 1.6.2 Remote Code Execution Exploit A Remote Code Execution issue has been found in Zabbix version 1.6.2 and no authentication is required in order to exploit this vulnerability. Magic Quotes must be turned off in order to exploit this vulnerability. NOTE: Magic quotes is no longer supported by PHP starting with PHP 6.0 NOCVE-9999-37058 Exploits/Remote Linux
12.25.2006 CA BrightStor ARCserve Backup Discovery Service exploit This module exploits a vulnerability in BrightStor ARCserve/Enterprise Backup, which can be leveraged by an attacker to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the Discovery Service when processing received network traffic. This can be exploited to cause a buffer overflow by sending an overly large TCP data stream to port 41523. CVE-2006-5143 Exploits/Remote Windows
04.09.2013 Apple Mac OS X Samba NetWkstaTransportEnum Request Remote Buffer Overflow Exploit This module exploits a vulnerability in Mac OS X Samba server. When a specially crafted call to "NetWkstaTransportEnum" RPC function is processed by the Samba server, it produces a heap overflow. CVE-2012-1182 Exploits/Remote Mac OS X
07.13.2011 Novell File Reporter Engine RECORD Tag Parsing Exploit This module exploits a buffer overflow in Novell File Reporter by sending a specially crafted packet. CVE-2011-2220 Exploits/Remote Windows
05.31.2010 HP OpenView NNM getnnmdata CGI Buffer Overflow Exploit This module exploits a stack-based buffer overflow in HP OpenView Network Node Manager by sending a specially crafted request to getnnmdata.exe. CVE-2010-1553 Exploits/Remote Windows
01.28.2010 Net Transport eDonkey Protocol Buffer Overflow Exploit The vulnerability is caused due to a boundary error in the processing of eDonkey "OP_LOGINREQUEST" packets. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet to the ed2k port of an affected system. NOCVE-9999-41933 Exploits/Remote Windows
02.06.2014 Zavio Camera RTSP Video Stream Unauthenticated Access Exploit The RTSP protocol authentication in the Zavio F3105 IP camera is disabled by default. This configuration error allows remote attackers to access the live video stream without being asked for credentials. CVE-2013-2569 Exploits/Remote
02.06.2012 Traq Command Injection Exploit Traq is vulnerable to an authentication bypass vulnerability, this module exploits this vulnerability in order to install a plugin hook to ultimately install an agent in the target host. NOCVE-9999-50813 Exploits/Remote Windows, Solaris, Linux, Mac OS X
08.11.2009 Bopup Communications Server Remote Buffer Overflow Exploit The vulnerability is caused due to a boundary error and can be exploited to cause a stack-based buffer overflow via a specially crafted TCP packet sent to port 19810. Successful exploitation allows execution of arbitrary code. CVE-2009-2227 Exploits/Remote Windows
11.30.2011 Xoops mydirname Remote Code Execution Exploit Update This update adds support for Solaris platform. NOCVE-9999-38580 Exploits/Remote Solaris, Linux
05.14.2013 EMC AlphaStor Device Manager 0x41 Command Buffer Overflow Exploit A flaw exists within Device Manager (rrobotd.exe), which listens by default on port 3000, when parsing the 0x41 command. CVE-2013-0930 Exploits/Remote Windows
08.08.2011 IBM Lotus Domino LSUB IMAP Server Buffer Overflow Exploit Update Exploits a stack buffer overflow in the Lotus Domino IMAP Server for windows version 7.0.2FP1 after authentication. This update solves the unsupported icon target problem CVE-2007-3510 Exploits/Remote Windows
02.07.2006 Blue Coat Systems WinProxy Exploit This module exploits a buffer overflow vulnerability in Blue Coat Systems Inc.'s WinProxy. CVE-2005-4085 Exploits/Remote Windows
09.29.2013 Adobe ColdFusion APSB13-03 Remote Code Execution Exploit Adobe ColdFusion is vulnerable to a remote authentication-bypass, allowing the attacker to upload an agent and execute it. The agent may have SYSTEM privileges if ColdFusion is installed as a service in Windows. CVE-2013-0625 Exploits/Remote Windows
12.09.2012 Remote Exploits File Header Update This update only modifies the description in the file header. CVE-2008-1914 Exploits/Remote Windows
10.19.2014 Kolibri WebServer HTTP POST Request Buffer Overflow Exploit Kolibri Webserver is vulnerable to a stack buffer overflow as a result of failure to properly validate user-supplied input when handling HTTP POST requests. CVE-2014-5289 Exploits/Remote Windows
09.24.2008 Alt-N Security Gateway Remote Buffer Overflow Exploit This module exploits a stack-based buffer overflow in the Alt-N Security Gateway by sending a specially crafted HTTP request to the TCP port 4000. CVE-2008-4193 Exploits/Remote Windows
07.26.2012 Simple Web Server GET Request Buffer Overflow Exploit The vulnerability is caused due to a boundary error within Simple Web Server when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. NOCVE-9999-53352 Exploits/Remote Windows
04.23.2012 LotusCMS router PHP Command Injection Exploit Input passed via the "page" parameter to index.php is not properly sanitised in the "Router()" function in core/lib/router.php before being used in an "eval()" call. This can be exploited to execute arbitrary PHP code. NOCVE-9999-51709 Exploits/Remote Solaris, Linux
10.20.2013 TP-Link Camera servetest Command Injection Exploit This module exploits an OS command injection vulnerability in the /cgi-bin/admin/servetest file of several TP-Link surveillance cameras. This vulnerability allows remote authenticated users to execute arbitrary commands on affected cameras. CVE-2013-2578 Exploits/Remote
01.05.2012 CoDeSys SCADA Webserver Buffer Overflow Exploit webserver.exe is a component in 3S CoDeSys for handling the HTTP connections on port 8080. The process is affected by a buffer overflow that copies the input URI in a limited buffer allowing code execution. NOCVE-9999-50546 Exploits/Remote Windows
07.12.2007 mDNSResponder buffer overflow exploit This module exploits a buffer overflow vulnerability in the mDNSResponder service running on certain versions of Apple Mac OS X. The vulnerability is exploited remotely by sending a specially crafted UPnP Internet Gateway Device (IGD) packet and installing an agent. CVE-2007-2386 Exploits/Remote Mac OS X
06.08.2009 EMC AlphaStor Server Agent Buffer Overflow Exploit Multiple stack-based buffer overflows in the Command Line Interface process in the Server Agent in EMC AlphaStor 3.1 for Windows allow remote attackers to execute arbitrary code via crafted TCP packets to port 41025. CVE-2008-2158 Exploits/Remote Windows
07.21.2010 Asterisk T.38 buffer Overflow Exploit Update This module exploits a buffer overflow vulnerability in the T38FaxRateManagement parameter when parsing SIP/SDP requests in 1.4.x prior to 1.4.3. This update improves the reliability of the module. CVE-2007-2293 Exploits/Remote Linux
02.19.2009 RealNetworks Helix DNA Server Remote Heap Overflow Exploit This module exploits a remote heap overflow in the Helix DNA Server (rmserver.exe) by sending a specially crafted RTSP packet to the 554/TCP port. CVE-2008-5911 Exploits/Remote Windows
06.08.2011 HP Rational Quality Manager Backdoor Account Code Execution Exploit This module exploits a remote code execution vulnerability in HP Rational Quality Manager by using an undocumented user account to upload an arbitrary file. CVE-2010-4094 Exploits/Remote Windows

Pages