Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
11.04.2009 Httpdx Web Server GET Request Buffer Overflow Exploit The vulnerability is caused due to a boundary error within Httpdx when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. CVE-2009-3711 Exploits/Remote Windows
05.15.2008 TFTPServer SP Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the handling of Error Packet for overwrite all the .bss section and some portion of the .idata section. CVE-2008-2161 Exploits/Remote Windows
09.18.2007 Surgemail Search Exploit This module exploits a stack-based buffer overflow in the Surgemail Server 3.x and deploys an agent when successful. The exploit triggers a buffer-overflow vulnerability due to insufficient bounds checking of user supplied input allowing remote attackers to execute arbitrary code on the remote machine. CVE-2007-4377 Exploits/Remote Windows
06.15.2010 IBM Lotus Domino If-Modified-Since Buffer Overflow Exploit This module exploits a stack-based buffer overflow in the nHTTP.exe application, a component of Lotus Domino Server, by sending an HTTP request with an invalid value for the If-Modified-Since parameter. CVE-2007-0067 Exploits/Remote Windows
11.21.2012 AzeoTech DAQFactory NETB Datagram Parsing Buffer Overflow Exploit A Buffer Overflow exist in DAQFactory service who listens on the UDP port 20034 when logs the informations of the incoming NETB packets. CVE-2011-3492 Exploits/Remote Windows
02.25.2010 SAdminD Buffer Overflow Exploit Update This modules exploits a stack buffer overflow of the sadmind daemon, and installs an agent as root. This update fix an issue when the module is launched from the Network Attack and Penetration Wizard. CVE-2008-4556 Exploits/Remote Solaris
10.02.2014 MediaWiki Thumb.php Remote Command Execution Exploit MediaWiki with DjVU or PDF file upload allows a remote attackers to execute arbitrary commands by exploting a bug in the with parameter in thumb.php while previewing the uploaded file. CVE-2014-1610 Exploits/Remote Linux
04.28.2014 EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code Execution Exploit This module exploits a remote code execution vulnerability in EMC Data Protection Advisor (DAP). Vulnerable installations of EMC DPA exposes the EJBInvokerServlet invoker servlet which does not require any type of authentication by default on certain profiles and allow remote attackers to invoke MBean methods and execute arbitrary code. CVE-2012-0874 Exploits/Remote Windows
09.04.2008 CA BrightStor ARCserve Backup Message Service Exploit CA BrightStor ARCserve Backup is prone to a buffer overflow vulnerability on the RPC interface that could permit the execution of arbitrary remote code. A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer. CVE-2006-5143 Exploits/Remote Windows
08.26.2009 Symantec Intel Alert Originator Service Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the Intel Alert Originator service by sending a specially crafted packet to the 38292/TCP port. CVE-2009-1430 Exploits/Remote Windows
09.18.2007 Ipswitch IMail login exploit update This package updates the Ipswitch IMail login exploit. CVE-2005-1255 Exploits/Remote Windows
03.17.2010 Microsoft SQL Server sp_replwritetovarbin Remote Heap Overflow Exploit Update This module exploits a heap-based buffer overflow in the Microsoft SQL Server by sending a specially crafted SQL query. This update adds support for executestatement() functionality within the WebApps vector. It has two uses: One as a Remote Exploit which needs authentication, and another as an SQL Injection Agent installer module, which needs an SQL Agent as a target. CVE-2008-5416 Exploits/Remote Windows
09.09.2009 IIS FTP NLST Buffer Overflow Exploit This module exploits a buffer overflow in the FTP server in Microsoft Internet Information Server (IIS) via a crafted NLST command that uses wildcards. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-3023 Exploits/Remote Windows
07.04.2013 ASN.1 Bit String SPNEGO exploit Update Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 encodings that cause arbitrary heap data to be overwritten. This update modifies the runtime value for this exploit. CVE-2003-0818 Exploits/Remote Windows
06.20.2011 Sun Java Runtime Environment Trusted Methods Chaining Exploit The specific flaw exists within the code responsible for ensuring proper privileged execution of methods. If an untrusted method in an applet attempts to call a method that requires privileges, Java will walk the call stack and for each entry verify that the method called is defined within a class that has that privilege. However, this does not take into account an untrusted object that has extended the trusted class without overwriting the target method. Additionally, this can be bypassed by abusing a similar trust issue with interfaces. An attacker can leverage these insecurities to execute vulnerable code under the context of the user invoking the JRE. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Runtime. Authentication is not required to exploit this vulnerability. CVE-2010-0840 Exploits/Remote Windows, Linux, Mac OS X
04.26.2010 Microsoft Windows Media Services Remote Exploit (MS10-025) Update This module exploits a remote buffer overflow in the Microsoft Windows Media Services by sending a specially crafted packet to the 1755/TCP port. This module also works against targets with the original MS10-025 update installed. CVE-2010-0478 Exploits/Remote Windows
12.02.2008 FutureSoft TFTP Server 2000 Buffer Overflow Exploit This module exploits a buffer overflow in FutureSoft TFTP Server, that allows remote attackers to execute arbitrary code via a long malformed filename. CVE-2005-1812 Exploits/Remote Windows
06.17.2014 OpenSSL ChangeCipherSpec Message Vulnerability Checker This module exploits a vulnerability in OpenSSL by sending a "Change Ciper Spec" message to the server. This vulnerability allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake. CVE-2014-0224 Exploits/Remote Linux
09.30.2009 MS SMB 2.0 Negociate Protocol Request Remote BSOD Exploit Update This update improves the exploit reliability. This module exploits a vulnerability on srv2.sys via a SMB 2 malformed packet. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-3103 Exploits/Remote Windows
01.08.2008 MySQL yaSSL Exploit This module exploits a remote buffer-overflow in MySQL servers using yaSSL. CVE-2008-0226 Exploits/Remote Windows, Linux, FreeBSD
10.20.2010 Mantis Manage_proj_page Remote Code Execution Exploit Update 3 This update adds support for Solaris platforms. CVE-2008-4687 Exploits/Remote Solaris, Linux, Windows, AIX, Mac OS X
07.05.2011 HP Data Protector Client EXEC_SETUP Remote Code Execution Exploit This module exploits a design flaw in HP Data Protector by sending a specially crafted EXEC_SETUP request. The specific flaw exists within the implementation of the EXEC_SETUP command. This command instructs a Data Protector client to download and execute a setup file. A malicious attacker can instruct the client to access a file off of a share thus executing arbitrary code under the context of the current user. CVE-2011-0922 Exploits/Remote Windows
05.06.2010 Remote Exploits Service Package Update This package specify the service to be attacked, taking the info from services.py. CVE-2008-4038 Exploits/Remote Windows, Mac OS X
10.25.2012 EMC NetWorker nsrd RPC Service Format String Exploit A Format string vulnerability in the nsrd RPC service within EMC NetWorker? allows remote attackers to execute arbitrary code via format string specifiers in a crafted message. CVE-2012-2288 Exploits/Remote Linux, Windows
04.13.2011 DATAC RealWin ADDTAGMS Buffer Overflow Exploit DATAC RealWin is prone to a buffer overflow vulnerability when handling On_FC_CTAGLIST_FCS_ADDTAGMS packets with an overly long string. CVE-2011-1563 Exploits/Remote Windows
01.27.2010 AIX rpc.cmsd Buffer Overflow Exploit This module exploits a remote buffer overflow vulnerability on the Calendar Manager Service Daemon. CVE-2009-3699 Exploits/Remote AIX
07.21.2014 Adobe ColdFusion l10n.cfm Remote Code Execution Exploit The /CFIDE/adminapi/customtags/l10n.cfm page in Adobe ColdFusion does not properly validate its attributes.file parameter. This can be abused by a remote unauthenticated attacker to execute arbitrary code on vulnerable servers. CVE-2013-3336 Exploits/Remote Windows, Linux
12.06.2009 OpenSSH Channel Exploit Update Exploits an off-by-one bug in channel management code in OpenSSH. This update excludes the module from automated attacks launched by the "Network Attack and Penetration" feature, since the module requires credentials of a known account on the vulnerable system, and hence won't work with default parameters. CVE-2002-0083 Exploits/Remote OpenBSD, Linux
01.29.2012 Omni-NFS Enterprise FTP Server Buffer Overflow Exploit Update This vulnerability is caused by a buffer overflow in Omni-NFS Enterprise FTP Server, due to its lack of checking of user-supplied data within FTP requests. This update add CVE. CVE-2006-5792 Exploits/Remote Windows
03.09.2008 SurgeMail Mail Server Exploit This module exploits a buffer overflow in SurgeMail Mail Server and installs an agent into the target host. A buffer overflow vulnerability is located in the function which handles the real CGI executables. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to this module. CVE-2008-1054 Exploits/Remote Windows

Pages