Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
07.20.2009 Soulseek Server Peer Search Buffer Overflow Exploit The application is prone to a stack-based buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data. Specifically, this issue occurs when performing a direct peer file search. CVE-2009-1830 Exploits/Remote Windows
11.25.2009 MSRPC CA BrightStor ARCserve Backup ReportRemoteExecuteCML Buffer Overflow Exploit CA BrightStor ARCserve Backup is prone to a stack based buffer overflow vulnerability on the RPC interface that could permit the execution of arbitrary remote code. A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer. CVE-2008-4397 Exploits/Remote Windows
06.09.2008 Borland InterBase Remote Integer Overflow Exploit This module exploits a buffer overflow vulnerability in the database service (ibserver.exe) of the Borland InterBase 2007 application. The exploit triggers an integer overflow and causes a stack-based buffer overflow by sending a specially crafted packet to port 3050/TCP of the vulnerable system and installs an agent if successful. CVE-2008-2559 Exploits/Remote Windows
07.05.2011 HP Data Protector Client EXEC_SETUP Remote Code Execution Exploit This module exploits a design flaw in HP Data Protector by sending a specially crafted EXEC_SETUP request. The specific flaw exists within the implementation of the EXEC_SETUP command. This command instructs a Data Protector client to download and execute a setup file. A malicious attacker can instruct the client to access a file off of a share thus executing arbitrary code under the context of the current user. CVE-2011-0922 Exploits/Remote Windows
10.25.2012 EMC NetWorker nsrd RPC Service Format String Exploit A Format string vulnerability in the nsrd RPC service within EMC NetWorker? allows remote attackers to execute arbitrary code via format string specifiers in a crafted message. CVE-2012-2288 Exploits/Remote Linux, Windows
04.13.2011 DATAC RealWin ADDTAGMS Buffer Overflow Exploit DATAC RealWin is prone to a buffer overflow vulnerability when handling On_FC_CTAGLIST_FCS_ADDTAGMS packets with an overly long string. CVE-2011-1563 Exploits/Remote Windows
07.21.2014 Adobe ColdFusion l10n.cfm Remote Code Execution Exploit The /CFIDE/adminapi/customtags/l10n.cfm page in Adobe ColdFusion does not properly validate its attributes.file parameter. This can be abused by a remote unauthenticated attacker to execute arbitrary code on vulnerable servers. CVE-2013-3336 Exploits/Remote Windows, Linux
01.29.2012 Omni-NFS Enterprise FTP Server Buffer Overflow Exploit Update This vulnerability is caused by a buffer overflow in Omni-NFS Enterprise FTP Server, due to its lack of checking of user-supplied data within FTP requests. This update add CVE. CVE-2006-5792 Exploits/Remote Windows
08.03.2009 Unisys Business Information Server Remote Buffer Overflow Exploit This module exploits a remote buffer overflow in the Unisys Business Information Server by sending a specially crafted packet to the 3989/TCP port. CVE-2009-1628 Exploits/Remote Windows
05.02.2013 BigAnt IM Server DDNF Username Buffer Overflow Exploit BigAnt IM Server is vulnerable to a buffer-overflow within the AntDS.exe component when handling an overly long username. NOCVE-9999-57633 Exploits/Remote Windows
09.29.2010 Microsoft Windows Print Spooler Service Impersonation Exploit (MS10-061) This module exploits a vulnerability in the "Print Spooler" service. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-2729 Exploits/Remote Windows
12.22.2008 WFTPD Server SIZE Command Buffer Overflow Exploit An internal memory buffer may be overrun while handling long "SIZE" command. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the WFTPD Server process. CVE-2006-4318 Exploits/Remote
03.08.2012 Citrix Provisioning Services Streamprocess Opcodes Buffer Overflow Exploit Update This module exploits a remote buffer overflow in the streamprocess.exe service included in the Citrix Provisioning Services application by sending a malformed packet to the 6905/UDP port. This module adds support for Windows 2003. NOCVE-9999-50874 Exploits/Remote Windows
11.30.2010 Google Earth quserex DLL Hijacking Exploit Google Earth is prone to a vulnerability that may allow execution of quserex.dll if this dll is located in the same folder than .KMZ file. CVE-2010-3134 Exploits/Remote Windows
05.03.2007 CA BrightStor ARCserve Backup mediasvr.exe Exploit This module exploits a buffer overflow vulnerability in the CA BrightStor ARCserve Backup mediasvr.exe. The vulnerability is caused by an input validation error in the mediasvr.exe component when it processes specially crafted RPC requests. CVE-2007-1785 Exploits/Remote Windows
12.17.2007 IBM Lotus Domino LSUB IMAP Server Buffer Overflow Exploit Exploits a stack buffer overflow in the Lotus Domino IMAP Server for windows version 7.0.2FP1 after authentication. CVE-2007-3510 Exploits/Remote Windows
05.01.2006 Novell Messenger Server Exploit This module sends a http request at nmma.exe service producing a buffer overflow and installs an agent. CVE-2006-0992 Exploits/Remote Windows
05.22.2013 SAP Netweaver Message Server _MsJ2EE_AddStatistics Memory Corruption Exploit The Message Server component of SAP Netweaver is prone to a memory corruption vulnerability when the _MsJ2EE_AddStatistics function handles a specially crafted request with iflag value 0x0c MS_J2EE_SEND_TO_CLUSTERID, or 0x0d MS_J2EE_SEND_BROADCAST. This vulnerability can be exploited by remote unauthenticated attackers to execute arbitrary code on the vulnerable server. CVE-2013-1592 Exploits/Remote Windows
04.29.2015 Citrix NetScaler SOAP Handler Remote Code Execution Exploit Update This module exploits a vulnerability in Citrix NetScaler server. Citrix NetScaler is prone to a memory-corruption vulnerability when handling certain SOAP requests. This update improves exploit reliability. NOCVE-9999-69407 Exploits/Remote FreeBSD
12.05.2012 Novell File Reporter NFRAgent FSFUI Record File Upload Exploit This module exploits a Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter. This allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record. This vulnerability can be exploited remotely by sending a specially crafted packet to port TCP/3037. CVE-2012-4959 Exploits/Remote Windows
10.07.2014 Bash Environment Variables Remote Code Execution Exploit for SSH A vulnerability in GNU Bash when processing trailing strings after function definitions in the values of environment variables allows remote attackers to execute arbitrary code via a crafted environment. This vulnerability can be leveraged to bypass restricted SSH access (i.e. when the SSH server forces the execution of a specific command, ignoring any command supplied by the client, either by specifying a 'ForceCommand' directive in the 'sshd_config' file, or by using the 'command' keyword in the 'authorized_keys' file) when the default shell for the user is Bash, allowing the remote attacker to execute arbitrary commands on the vulnerable system. The module included leverages this vulnerability to install an agent. CVE-2014-6271 Exploits/Remote Linux
11.19.2008 Oracle WebLogic Server Apache Connector Exploit Exploits a buffer overflow in the Apache Connector of Oracle WebLogic Server (formerly known as BEA WebLogic Server). CVE-2008-3257 Exploits/Remote Windows, AIX
05.20.2008 MSRPC Trend Micro Server Protect buffer overflow exploit Update 2 This update improves the reliability of the exploit. CVE-2007-2508 Exploits/Remote Windows
05.06.2010 Remote Exploits Service Package Update This package specify the service to be attacked, taking the info from services.py. CVE-2008-4038 Exploits/Remote Windows, Mac OS X
02.04.2010 PhpMyAdmin Unserialize Remote Code Execution Exploit phpMyAdmin is vulnerable to a remote code execution due the use of the unserialize method on user supplied data. This data is written in the config file and is accessible from the internet by default. CVE-2009-4605 Exploits/Remote Windows, Solaris, Linux, Mac OS X
01.26.2011 Apache Chunked Encoding Exploit Update This package fixes a bug in the Apache chunked encoding exploit. CVE-2002-0392 Exploits/Remote OpenBSD, Windows
06.02.2011 Tomcat Deploy Manager Default Account Code Execution Exploit This module exploits a remote code execution vulnerability in Tomcat Web Server by using an default user account to upload an arbitrary file. CVE-2009-3548 Exploits/Remote Windows
08.13.2012 Samba LsarSetInformationPolicy Request Remote Buffer Overflow Exploit This module exploits a heap overflow bug in Samba Server by sending a crafted request packet via DCERPC call. CVE-2012-1182 Exploits/Remote Linux
02.27.2011 ActFax Server LPD-LPR Buffer Overflow Exploit This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing ActFax Server. The vulnerability is caused due to a boundary error when processing an overly long Print Job command on the Line Printer Daemon Server (LPD-Server) . This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. NOCVE-9999-47199 Exploits/Remote Windows
08.09.2010 File Sharing Wizard HEAD Command Buffer Overflow Exploit File Sharing Wizard is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. CVE-2010-2331 Exploits/Remote Windows

Pages