Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
11.30.2009 OracleDB AUTH_SESSKEY Remote Buffer Overflow Exploit This module exploits a vulnerability in the Oracle Database Server. The vulnerability is triggered when the server processes a long string inside the AUTH_SESSKEY property resulting in a stack-based buffer overflow. CVE-2009-1979 Exploits/Remote Windows
01.02.2011 FreeFloat FTP Server Reply Buffer Overflow Exploit FreeFloat FTP server is prone to a buffer-overflow vulnerability when handling overly long replies. NOCVE-9999-46263 Exploits/Remote Windows
04.03.2008 MSRPC Trend Micro Server Protect buffer overflow exploit Update TrendMicro ServerProtect is prone to a buffer overflow vulnerability on the rpc interface that could permit the execution of arbitrary remote code. This update corrects the actual exploited CVE number. CVE-2007-2508 Exploits/Remote Windows
06.22.2010 Novell ZENworks Configuration Management Preboot Service Remote Buffer Overflow Exploit This module exploits a remote stack-based buffer overflow in the Preboot Service component of Novell ZENworks Configuration Management by sending a specially crafted packet to the port 998/TCP. NOCVE-9999-43820 Exploits/Remote Windows
02.02.2012 Symantec PCAnywhere awhost32 Remote Code Execution Exploit The flaw exists within the awhost32 component which is used when handling incoming connections. This process listens on TCP port 5631. When handling an authentication request the process copies the user supplied username unsafely to a fixed-length buffer. CVE-2011-3478 Exploits/Remote Windows
10.02.2014 MediaWiki Thumb.php Remote Command Execution Exploit MediaWiki with DjVU or PDF file upload allows a remote attackers to execute arbitrary commands by exploting a bug in the with parameter in thumb.php while previewing the uploaded file. CVE-2014-1610 Exploits/Remote Linux
08.24.2006 MSRPC RRAS Exploit This module exploits a stack overflow in the Windows Routing and Remote Access Service (MS06-025) CVE-2006-2370 Exploits/Remote Windows
04.28.2014 EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code Execution Exploit This module exploits a remote code execution vulnerability in EMC Data Protection Advisor (DAP). Vulnerable installations of EMC DPA exposes the EJBInvokerServlet invoker servlet which does not require any type of authentication by default on certain profiles and allow remote attackers to invoke MBean methods and execute arbitrary code. CVE-2012-0874 Exploits/Remote Windows
08.26.2010 Adobe ColdFusion locale Remote Code Execution Exploit An important vulnerability has been identified in ColdFusion version 8.0, 8.0.1, 9.0, 9.0.1 for Windows, Macintosh and UNIX. This directory traversal vulnerability could lead to information disclosure (CVE-2010-2861). Adobe has provided a solution for this reported vulnerability. It recomends that users update their product. CVE-2010-2861 Exploits/Remote Windows, Linux
06.08.2011 HP Rational Quality Manager Backdoor Account Code Execution Exploit This module exploits a remote code execution vulnerability in HP Rational Quality Manager by using an undocumented user account to upload an arbitrary file. CVE-2010-4094 Exploits/Remote Windows
05.02.2013 BigAnt IM Server DDNF Username Buffer Overflow Exploit BigAnt IM Server is vulnerable to a buffer-overflow within the AntDS.exe component when handling an overly long username. NOCVE-9999-57633 Exploits/Remote Windows
10.29.2006 SQL Server Hello exploit update This module exploits a vulnerability in Microsoft SQL Server. This update improves the exploit reliability and adds support for Windows 2003 CVE-2002-1123 Exploits/Remote Windows
12.04.2012 VCMS Image Arbitrary Upload Exploit A unrestricted file upload vulnerability exists in includes/inline_image_upload.php within AutoSec Tools V-CMS 1.0. This allows remote attackers to execute arbitrary code by uploading a file with an executable extension and then accessing it via a direct request to the file in temp. CVE-2011-4828 Exploits/Remote Solaris, Linux, Windows, Mac OS X
06.23.2005 MSRPC MSMQ Buffer Overflow exploit This module exploits a buffer overflow in the Message Queuing component of Microsoft Windows allowing remote attackers to execute arbitrary code via a crafted message and installing an agent. CVE-2005-0059 Exploits/Remote Windows
09.02.2009 Exploit Modules Update for RPT This update applies missing attributes to a small number of exploits to ensure they are correctly selected by the Rapid Penetration Test Wizards. CVE-2008-1914 Exploits/Remote Windows, Linux
07.23.2012 FlexNet License Server Manager lmgrd Buffer Overflow Exploit A stack buffer overflow exist in FlexNet License Server Manager due to the insecure usage of memcpy in the lmgrd service when handling crafted network packets. NOCVE-9999-52540 Exploits/Remote Windows
07.29.2008 Now SMS MMS Gateway Web Authorization Buffer Overflow Exploit A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing the web interface of Now SMS MMS Gateway. CVE-2008-0871 Exploits/Remote Windows
06.23.2011 DATAC RealWin SCADA Server Login Buffer Overflow Exploit DATAC Realwin is prone to a buffer-overflow when processing On_FC_CONNECT_FCS_LOGIN packets with an overly long user name. CVE-2011-1563 Exploits/Remote Windows
11.30.2011 OpenX Remote Code Execution Exploit Update This update adds support for Solaris and Mac OS X platforms CVE-2009-4098 Exploits/Remote Solaris, Linux, Mac OS X
01.28.2013 BigAnt IM Server AntDS Buffer Overflow Exploit BigAnt IM Server is prone to a buffer-overflow within AntDS.exe component when handling a specially crafted filename header. CVE-2012-6275 Exploits/Remote Windows
02.08.2010 WireShark LWRES Dissector Buffer Overflow Exploit Update This module exploits a stack-based buffer overflow in the WireShark LWRES dissector by sending a specially crafted LWRES packet. This update adds support for more WireShark versions. CVE-2010-0304 Exploits/Remote Windows
06.17.2014 OpenSSL ChangeCipherSpec Message Vulnerability Checker This module exploits a vulnerability in OpenSSL by sending a "Change Ciper Spec" message to the server. This vulnerability allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake. CVE-2014-0224 Exploits/Remote Linux
05.16.2012 CA Total Defense UNCWS Web Service deleteReportFilter Remote Code Execution Exploit The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The deleteReportFilter method makes use of the uncsp_DeleteFilter stored procedure, which is vulnerable to SQL Injection. CVE-2011-1653 Exploits/Remote Windows
12.03.2008 SNMPc Trap Packet Remote Buffer Overflow Exploit This module exploits a remote buffer overflow in the SNMPc Network Manager by sending a specially crafted Trap packet with a long Community String to the UDP port 164 and installs an agent if successful. CVE-2008-2214 Exploits/Remote Windows
12.02.2010 ProFTPD Remote Backdoor Command Execution A backdoor introduced by attackers allows unauthenticated users remote root access to systems which run the maliciously modified version of the ProFTPD daemon. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. NOCVE-9999-46189 Exploits/Remote FreeBSD, Linux
11.14.2007 HP Linux Imaging and Printing exploit for Impact 7.5 A vulnerability has been identified in HP Linux Imaging and Printing System (HPLIP), which could be exploited by local attackers to obtain elevated privileges. This issue is caused by input validation errors in the hpssd daemon that does not validate user-supplied data before being passed to a popen3() call, which could be exploited by malicious users to inject and execute arbitrary commands with root privileges. This package include local and remote versions of the exploit. CVE-2007-5208 Exploits/Remote Linux, FreeBSD
06.05.2008 Apache Tomcat buffer overflow exploit update This module exploits a buffer overflow vulnerability in the Apache Tomcat JK Web Server Connector and installs an agent. An attacker can use an overly long URL to trigger a buffer overflow in the URL work map routine (map_uri_to_worker()) in the mod_jk.so library, resulting in the compromise of the target system. This package improves the reliability of the exploit. CVE-2007-0774 Exploits/Remote Linux
10.02.2011 Measuresoft ScadaPro Remote Exploit This module exploits a remote command execution vulnerability in the service.exe service included in the Measuresoft ScadaPro application by sending a sequence of malformed packets to the 11234/TCP port. CVE-2011-3497 Exploits/Remote Windows
07.21.2014 Adobe ColdFusion l10n.cfm Remote Code Execution Exploit The /CFIDE/adminapi/customtags/l10n.cfm page in Adobe ColdFusion does not properly validate its attributes.file parameter. This can be abused by a remote unauthenticated attacker to execute arbitrary code on vulnerable servers. CVE-2013-3336 Exploits/Remote Windows, Linux
01.05.2006 MSRPC UMPNPMGR exploit update This module exploits a stack buffer overflow in the Microsoft Windows Plug and Play service and installs a level0 agent (MS05-039). This update adds support for Windows XP Professional (Services packs 0, 1 and 2) and Support for Windows 2003. Exploits/Remote

Pages