Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
12.29.2008 NaviCOPA Web Server Remote Buffer Overflow Exploit The vulnerability is caused due to a boundary error within the handling of HTTP GET requests. This may allow execution of arbitrary code by sending an overly long, specially crafted HTTP GET request to the server. CVE-2006-5112 Exploits/Remote Windows
12.12.2013 ABB MicroSCADA Wserver Buffer Overflow Exploit This vulnerability is a buffer overflow and allows remote attackers to execute arbitrary code on vulnerable installations of ABB MicroSCADA Wserver without authentication. The specific flaw exists within the wserver.exe component which listens on TCP port 12221. This component performs insufficient bounds checking on user-supplied data which results in stack buffer ovreflow. NOCVE-9999-61094 Exploits/Remote Windows
03.19.2013 Schneider Electric Interactive Graphical SCADA System Buffer Overflow Exploit This Stack-based buffer overflow exploits a vulnerability in Schneider Electric's Interactive Graphical SCADA System (IGSS) that allows remote attackers to execute arbitrary code by sending a specially crafted packet to TCP port-12397. CVE-2013-0657 Exploits/Remote Windows
05.16.2010 HP Storage Data Protector MSG_PROTOCOL Buffer Overflow Exploit This module exploits a remote buffer overflow in the OmniInet.exe service included in the HP OpenView Storage Data Protector application by sending a malformed MSG_PROTOCOL packet. CVE-2007-2280 Exploits/Remote Windows
04.18.2011 Progea Movicon SCADA-HMI TCPUploadServer Remote Exploit This module exploits a remote vulnerability in the TCPUploadServer service included in the Movicon 11 application to install an agent by writing and running an executable file. NOCVE-9999-47538 Exploits/Remote Windows
04.03.2007 IIS HTR ChunkedEncoding exploit update This update adds support for Windows 2000 SP0 and fixes a reliability issue. The module exploits a vulnerability in the .HTR ISAPI filter in early versions of IIS. CVE-2002-0079 Exploits/Remote Windows
02.02.2012 Symantec PCAnywhere awhost32 Remote Code Execution Exploit The flaw exists within the awhost32 component which is used when handling incoming connections. This process listens on TCP port 5631. When handling an authentication request the process copies the user supplied username unsafely to a fixed-length buffer. CVE-2011-3478 Exploits/Remote Windows
04.21.2008 SurgeMail Mail Server Exploit update This module exploits a buffer overflow in SurgeMail Mail Server and installs an agent into the target host. A buffer overflow vulnerability is located in the function which handles the real CGI executables. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to this module. This exploit perform three attempts to disable DEP in XP SP2 and Windows 2003. CVE-2008-1054 Exploits/Remote Windows
04.18.2012 Miniserv Perl Format String Exploit Update This update fixes an issue with the SSL support in the exploit for Usermin's and Webmin's perl format string vulnerability (CVE-2005-3912). CVE-2005-3912 Exploits/Remote Linux
09.04.2007 Sun Java Web Start JNLP Stack Buffer Overflow Exploit This module exploits a stack-based buffer overflow vulnerability in the javaws.exe program and deploys an agent when successful. The exploit triggers a vulnerability in the Java Runtime Environment allowing an attacker to execute arbitrary code on the remote machine. CVE-2007-3655 Exploits/Remote Windows
08.07.2011 MSRPC RRAS Exploit Update This module exploits a stack-based buffer overflow in the Windows Routing and Remote Access Service. This update fixes an issue in the agent connector. CVE-2006-2370 Exploits/Remote Windows
06.22.2010 Novell ZENworks Configuration Management Preboot Service Remote Buffer Overflow Exploit This module exploits a remote stack-based buffer overflow in the Preboot Service component of Novell ZENworks Configuration Management by sending a specially crafted packet to the port 998/TCP. NOCVE-9999-43820 Exploits/Remote Windows
11.09.2009 Kerio PF Administration Exploit Update Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet. This update improves the reliability of the exploit when using the "Reuse connection" method to connect new agents. CVE-2003-0220 Exploits/Remote Windows
02.08.2009 CA BrightStor ARCserve Backup Media Server Exploit Update This module exploits a buffer overflow in the handling of RPC data in the Computer Associates BrightStor ARCServe Backup Media Server service (mediasvr.exe) which is a component of BrightStor ARCserve Backup Tape Engine. This update adds support for Windows 2003 SP1 and SP2, Windows Vista SP1 and Windows XP SP3. CVE-2007-1785 Exploits/Remote Windows
07.09.2008 Microsoft WINS Exploit (MS08-034) Update A memory corruption vulnerability in the ChkNtfSock function of wins.exe allows remote code execution. This update adds support for Windows 2000 Server SP4, Windows 2003 Server SP1 and SP2. CVE-2008-1451 Exploits/Remote Windows
08.26.2010 Adobe ColdFusion locale Remote Code Execution Exploit An important vulnerability has been identified in ColdFusion version 8.0, 8.0.1, 9.0, 9.0.1 for Windows, Macintosh and UNIX. This directory traversal vulnerability could lead to information disclosure (CVE-2010-2861). Adobe has provided a solution for this reported vulnerability. It recomends that users update their product. CVE-2010-2861 Exploits/Remote Windows, Linux
07.12.2007 mDNSResponder buffer overflow exploit This module exploits a buffer overflow vulnerability in the mDNSResponder service running on certain versions of Apple Mac OS X. The vulnerability is exploited remotely by sending a specially crafted UPnP Internet Gateway Device (IGD) packet and installing an agent. CVE-2007-2386 Exploits/Remote Mac OS X
12.02.2010 ProFTPD Remote Backdoor Command Execution A backdoor introduced by attackers allows unauthenticated users remote root access to systems which run the maliciously modified version of the ProFTPD daemon. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. NOCVE-9999-46189 Exploits/Remote FreeBSD, Linux
09.28.2008 HP OpenView Ovalarmsrv Remote Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the ovalarmsrv module of the HP OpenView Network NodeManager application. The exploit triggers a stack-based buffer overflow by sending a specially crafted packet to port 2954/TCP of the vulnerable system and installs an agent if successful. This module works disabling DEP on Windows 2003 Enterprise Edition sp2 in the context of the vulnerable application. CVE-2008-1851 Exploits/Remote Windows
10.14.2013 Nginx HTTP Server Chuncked Encoding Buffer Overflow Exploit This module exploits a buffer overflow vulnerability present in Nginx by bypassing the stack cookie protection and by reordering the TCP packets to make it reliable. CVE-2013-2028 Exploits/Remote Linux
11.30.2011 OpenX Remote Code Execution Exploit Update This update adds support for Solaris and Mac OS X platforms CVE-2009-4098 Exploits/Remote Solaris, Linux, Mac OS X
07.05.2010 Evological EvoCam Remote Buffer Overflow Exploit The vulnerability is caused due to a boundary error in the included web server when processing HTTP requests. This can be exploited to cause a stack-based buffer overflow via an overly long GET request. CVE-2010-2309 Exploits/Remote Mac OS X
03.01.2011 HP OpenView NNM ovas Remote Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the ovas service, part of the HP OpenView Network Node Manager application. The exploit triggers a stack-based buffer overflow by sending a specially crafted POST request with a malformed Destination Node variable to the vulnerable system and installs an agent if successful. CVE-2011-0263 Exploits/Remote Windows
01.21.2008 SAP MaxDB Remote Command Injection Exploit Update This update adds the CVE number of the vulnerability to the module. CVE-2008-0244 Exploits/Remote Windows
11.05.2008 Now SMS MMS Gateway Web Authorization Buffer Overflow Exploit update 2 This package provides an update for the Now SMS MMS Gateway Web Authorization Buffer Overflow Exploit for Impact Professional 7.6 CVE-2008-0871 Exploits/Remote Windows
11.28.2006 MSRPC WKSSVC NetpManageIPCConnect exploit A remote code execution vulnerability exists in the Workstation service that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. CVE-2006-4691 Exploits/Remote Windows
11.20.2013 HP System Management iprange Parameter Buffer Overflow Exploit This module exploits a Buffer Overflow on HP System Management. The vulnerability exists when handling a crafted iprange parameter on a request against /proxy/DataValidation. CVE-2013-2362 Exploits/Remote Windows
12.17.2007 Lighttpd FastCGI Exploit This module exploits a header overflow vulnerability in lighttpd when using fast_cgi module in lighttpd before version 1.4.18. CVE-2007-4727 Exploits/Remote Linux
07.16.2013 PCMan FTP Server USER Command Buffer Overflow Exploit PCMan's FTP Server is prone to a buffer-overflow when handling an overly long USER command. NOCVE-9999-58668 Exploits/Remote Windows
10.02.2011 Measuresoft ScadaPro Remote Exploit This module exploits a remote command execution vulnerability in the service.exe service included in the Measuresoft ScadaPro application by sending a sequence of malformed packets to the 11234/TCP port. CVE-2011-3497 Exploits/Remote Windows

Pages