CORE Impact Pro Exploits and Security Updates

When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.

Use the controls below to navigate CORE Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
04.10.2012 SolarWinds Storage Manager Server SQL Injection Authentication Bypass Exploit This module exploits a vulnerability in the SolarWinds Storage Manager Server. The LoginServlet page available on port 9000 is vulnerable to SQL injection via the loginName field. An attacker can send a specially crafted username and execute arbitrary SQL commands leading to remote code execution. NOCVE-9999-51501 Exploits/Remote Windows
10.27.2013 TinyWebGallery Remote Code Execution Exploit Update This module exploits a TinyWebGallery local file-include vulnerability because TinyWebGallery fails to properly sanitize user-supplied input. The module takes advantage of the logging capabilities of the attacked software to remotely execute arbitrary code. This update fixes some issues related with an updated library. Support for various platforms was added. CVE-2009-1911 Exploits/Remote Windows, Solaris, Linux
04.22.2010 MySQL with yaSSL SSL Certificate Handling Remote Stack Buffer Overflow Exploit MySQL compiled with yaSSL is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. CVE-2009-4484 Exploits/Remote Linux
09.13.2011 Agent modules realibility fix This update improves the reliability of the Microsoft Package and Register, Send Agent by Email, Install agent using SMB, Instal agent using USB and Install agent using SSH modules. Exploits/Remote
11.21.2007 HP OpenView Remote Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the Shared Trace Service (ovtrcsvc.exe) of the HP OpenView application. The exploit triggers a stack-based buffer overflow by sending a specially crafted packet to port 5053/TCP of the vulnerable system and installs an agent if successful. CVE-2007-3872 Exploits/Remote Windows, Solaris
02.05.2013 Exploit Description Update This update modifies the description in the file header. CVE-2008-1611 Exploits/Remote Windows
05.03.2007 CA BrightStor ARCserve Backup mediasvr.exe Exploit This module exploits a buffer overflow vulnerability in the CA BrightStor ARCserve Backup mediasvr.exe. The vulnerability is caused by an input validation error in the mediasvr.exe component when it processes specially crafted RPC requests. CVE-2007-1785 Exploits/Remote Windows
05.01.2006 Novell Messenger Server Exploit This module sends a http request at nmma.exe service producing a buffer overflow and installs an agent. CVE-2006-0992 Exploits/Remote Windows
03.25.2009 Moodle Tex Filter Remote Code Execution Exploit Upgrade This update adds Windows (XP) to the supported target systems for this exploit. NOCVE-9999-35969 Exploits/Remote Windows, Linux
09.02.2009 Exploit Modules Update for RPT This update applies missing attributes to a small number of exploits to ensure they are correctly selected by the Rapid Penetration Test Wizards. CVE-2008-1914 Exploits/Remote Windows, Linux
10.23.2008 Alt-N Security Gateway Remote Buffer Overflow Exploit Update This module exploits a stack-based buffer overflow in the Alt-N Security Gateway by sending a specially crafted HTTP request to the TCP port 4000. This module adds support for Windows 2000 Professional SP4. CVE-2008-4193 Exploits/Remote Windows
12.16.2010 Microsoft Windows Print Spooler Service Impersonation Exploit (MS10-061) Update 2 This update adds support to Microsoft Windows 2003, Vista, 2008 and Seven. This module exploits a vulnerability in the "Print Spooler" service. CVE-2010-2729 Exploits/Remote Windows
01.26.2011 Apache Chunked Encoding Exploit Update This package fixes a bug in the Apache chunked encoding exploit. CVE-2002-0392 Exploits/Remote OpenBSD, Windows
01.16.2014 MongoDB mongoFind Uninitialized Memory Exploit Update The mongo::mongoFind method in MongoDB makes use of uninitialized memory. A remote attacker can fill that memory address with controlled data and then call the vulnerable function in order to execute arbitrary code on the affected server. This update adds the CVE number. CVE-2013-3969 Exploits/Remote Linux
07.13.2011 IBM Tivoli Endpoint lcfd opts Argument Buffer Overflow Exploit This module exploits a stack-based buffer overflow vulnerability in IBM Tivoli Endpoint by sending a specially crafted HTTP request. The specific flaw exists within the lcfd.exe process which listens by default on TCP port 9495. To reach this page remotely authentication is required. However, by abusing a built-in account an attacker can access the restricted pages. While parsing requests to one of these, the process blindly copies the contents of a POST variable to a 256 byte stack buffer. CVE-2011-1220 Exploits/Remote Windows
08.27.2007 Ipswitch IMail Search On Exploit This module exploits a stack-based buffer overflow in the IMAP server in IMail 2006.1 in Ipswitch Collaboration Suite (ICS). CVE-2007-2795 Exploits/Remote Windows
11.08.2009 BigAnt IM Server HTTP GET Request Remote Buffer Overflow Exploit Update This module exploits a vulnerability in the AntServer Module (AntServer.exe) that can be exploited to cause a stack-based buffer overflow by sending a specially crafted, overly long HTTP GET request to default port 6660/TCP. This update adds support for the latest version of the software, which is still vulnerable to the attack. CVE-2008-1914 Exploits/Remote Windows
12.11.2008 3Com TFTP Transporting Mode Buffer Overflow Exploit This module exploits a buffer overflow vulnerability during the processing of TFTP Read/Write request packet types and cause a stack-based buffer overflow by sending a specially crafted packet with an overly long mode field. CVE-2006-6183 Exploits/Remote Windows
10.18.2006 WS_FTP 5.05 XMD5 buffer overflow exploit This module exploits a stack overflow in WS_FTP 5.05 in XMD5 command and installs an agent. CVE-2006-5000 Exploits/Remote Windows
02.01.2012 TFTPServer SP RRQ Buffer Overflow Exploit TFTP Server is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer. CVE-2008-1611 Exploits/Remote Windows
11.22.2010 Drupal BlogAPI Remote Execution Exploit Update 4 The BlogAPI module does not validate the extension of files that it is used to upload, enabling users with the "administer content with blog api" permission to upload harmful files. This module uploads an IMPACT agent, creates a php file to execute the agent and then makes a request to the file. The result is an IMPACT agent running on the webserver. This update adds support for the AIX platform. CVE-2008-4792 Exploits/Remote Solaris, Linux, AIX
08.21.2005 MailEnable IMAP status command exploit This module exploits a buffer overflow in the status command of MailEnable and installs an agent. The status command requires an authenticated session, so valid credentials are required. CVE-2005-2278 Exploits/Remote Windows
09.15.2013 FreeFTPd PASS Command Buffer Overflow Exploit FreeFTPd is prone to a buffer overflow when handling an overly long PASS command. NOCVE-9999-59669 Exploits/Remote Windows
06.09.2008 ASUS Remote Console Buffer Overflow Exploit This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing ASUS Remote Console. This exploit disables DEP in the supported systems. CVE-2008-1491 Exploits/Remote Windows
05.20.2013 EMC AlphaStor Library Control Program Buffer Overflow Exploit The vulnerability is caused due to an error in the AlphaStor Library Control Program when processing commands and can be exploited to cause a buffer overflow. CVE-2013-0946 Exploits/Remote Windows
11.18.2009 MSRPC _LlsrLicenseRequestW Remote Heap Overflow Exploit (MS09-064) This module exploits a remote heap-based overflow in the Microsoft Windows License Logging Service by sending a specially crafted RPC request. CVE-2009-2523 Exploits/Remote Windows
05.18.2011 IBM Lotus Domino iCalendar Attachment Name Buffer Overflow Exploit A stack-based buffer overflow exists in the nRouter.exe component of IBM Lotus Domino when parsing the filename of an attachment within an iCalendar invitation. This can be exploited by a remote, unauthenticated attacker to execute arbitrary code by sending a specially crafted e-mail to the Lotus Domino SMTP server. This module bypasses Data Execution Prevention (DEP) in order to install an agent on the target machine. CVE-2011-0915 Exploits/Remote Windows
11.19.2012 Invision Power Board Unserialize Remote Code Execution Exploit Invision Power Board is vulnerable to a remote code execution due to the use of the unserialize method on user input passed through cookies without a proper sanitization. CVE-2012-5692 Exploits/Remote Solaris, Linux
02.09.2011 Wireshark PROFINET Dissector Format String Exploit Update Wireshark is prone to a format-string vulnerability. Attackers can leverage this issue to execute arbitrary code within the context of the vulnerable application. Failed attacks will likely cause denial-of-service conditions. This update adds windows 7 support. CVE-2009-1210 Exploits/Remote Windows
01.14.2007 IIS IDA-IDQ exploit update This update adds support for Windows NT4 for the IDA-IDQ exploit CVE-2001-0500 Exploits/Remote Windows