Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
09.09.2009 IIS FTP NLST Buffer Overflow Exploit This module exploits a buffer overflow in the FTP server in Microsoft Internet Information Server (IIS) via a crafted NLST command that uses wildcards. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-3023 Exploits/Remote Windows
12.03.2012 Basilic diff PHP Code Execution Exploit This module abuses a metacharacter injection vulnerability in the diff.php script. This flaw allows an unauthenticated attacker to execute arbitrary commands as the www-data user account. NOCVE-9999-53067 Exploits/Remote Solaris, Linux, Mac OS X
06.03.2007 SNORT SMB Fragmentation Buffer Overflow exploit This module exploits a stack buffer overflow vulnerability in the Sourcefire Snort DCE/RPC preprocessor. An unauthenticated, remote attacker can exploit this vulnerability to execute arbitrary code with the privileges of the Snort process. CVE-2006-5276 Exploits/Remote Linux, FreeBSD
02.26.2009 Novell GroupWise Internet Agent Remote Buffer Overflow Exploit This module exploits an off-by-one condition by sending a specially crafted RCPT verb argument to a Novell GroupWise Internet Agent. CVE-2009-0410 Exploits/Remote Windows
08.28.2014 SolidWorks Workgroup PDM 2014 Opcode 2001 Remote Code Execution Exploit A stack buffer overflow occurs when copying a user supplied input to a fixed size stack buffer without boundary check leading to overwrite the SEH and the return address. The copying procedure stops when a null word is found and no size check is proceeded. NOCVE-9999-65834 Exploits/Remote Windows
07.03.2012 Netmechanica NetDecision HTTP Server Buffer Overflow Exploit Update A buffer overflow in NetDecision's HTTP service is exploited when a long URL is managed by the HTTP Server's active window. For successfull exploitation, the victim need to have the HttpSvr's window open. This version add CVE. CVE-2012-1465 Exploits/Remote Windows
02.07.2011 Quick TFTP Server Pro Mode Remote Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in Quick TFTP Server Pro when processing a very large mode field in a read or write request. CVE-2008-1610 Exploits/Remote Windows
12.01.2008 BigAnt IM Server HTTP GET Request Remote Buffer Overflow Exploit This module exploits a vulnerability in the AntServer Module (AntServer.exe), this can be exploited to cause a stack-based buffer overflow by sending a specially crafted, overly long HTTP GET request to default port 6080/TCP. CVE-2008-1914 Exploits/Remote Windows
11.08.2009 BigAnt IM Server HTTP GET Request Remote Buffer Overflow Exploit Update This module exploits a vulnerability in the AntServer Module (AntServer.exe) that can be exploited to cause a stack-based buffer overflow by sending a specially crafted, overly long HTTP GET request to default port 6660/TCP. This update adds support for the latest version of the software, which is still vulnerable to the attack. CVE-2008-1914 Exploits/Remote Windows
02.12.2008 Microsoft IGMPv3 DoS (MS08-001) This modules causes a Denial of Service in Microsoft Windows. CVE-2007-0069 Exploits/Remote Windows
01.06.2008 SynCE Command Injection exploit This module exploits a command injection error in the function runScripts in vdccm (SynCE daemon), reached through an information message remote request. CVE-2008-1136 Exploits/Remote FreeBSD, Linux
06.21.2007 MSRPC Samba Command Injection exploit update This update adds support for Debian, Ubuntu, and Mac OS-X 10.4. This module exploits a command injection vulnerability in the function _AddPrinterW in Samba 3, reached through an AddPrinter remote request. CVE-2007-2447 Exploits/Remote Linux, OpenBSD, FreeBSD, Mac OS X
03.17.2009 WinGate Proxy Server Buffer Overflow Exploit The vulnerability is caused due to a boundary error within the handling of POST requests. This may allow execution of arbitrary code by sending an overly long, specially crafted POST request to the proxy server CVE-2006-2926 Exploits/Remote Windows
10.08.2014 Yokogawa CENTUM CS 3000 BKCLogSvr Buffer Overflow Exploit Yokogawa CENTUM is prone to a buffer overflow when handling a specially crafted packet through BKCLogSrv.exe on UDP port 52302 CVE-2014-0781 Exploits/Remote Windows
06.04.2012 OpenSSH unexpected PAM authentication exploit Update This module exploits an error in the PAM authentication code and installs an agent into the target host. This update improves the reliability of the exploit. CVE-2003-0786 Exploits/Remote Solaris, Linux
08.29.2006 MailEnable IMAPD W3C Logging Buffer Overflow Exploit This module exploits a buffer overflow in the W3C logging for MailEnable Enterprise 1.1 allows remote attackers to execute arbitrary code. CVE-2005-3155 Exploits/Remote Windows
11.23.2009 HP Power Manager Administration Remote Buffer Overflow Exploit This module exploits a remote buffer overflow in the HP Power Manager Administration Web Server by sending a specially crafted POST request. CVE-2009-2685 Exploits/Remote Windows
04.12.2012 Netmechanica NetDecision HTTP Server Buffer Overflow Exploit A buffer overflow in NetDecision's HTTP service is exploited when a long URL is managed by the HTTP Server's active window. For successfull exploitation, the victim need to have the HttpSvr's window open. CVE-2012-1465 Exploits/Remote Windows
10.09.2013 Foscam Path Traversal Exploit This module exploits a path traversal vulnerability on Foscam IP cameras and commit a camera agent. CVE-2013-2560 Exploits/Remote
03.09.2008 SurgeMail Mail Server Exploit This module exploits a buffer overflow in SurgeMail Mail Server and installs an agent into the target host. A buffer overflow vulnerability is located in the function which handles the real CGI executables. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to this module. CVE-2008-1054 Exploits/Remote Windows
07.28.2009 Wireshark PROFINET Dissector Format String Exploit Wireshark is prone to a format-string vulnerability. Attackers can leverage this issue to execute arbitrary code within the context of the vulnerable application. Failed attacks will likely cause denial-of-service conditions. CVE-2009-1210 Exploits/Remote Windows
07.12.2007 Asterisk T.38 buffer overflow exploit This module exploits a buffer overflow vulnerability in the T38FaxRateManagement parameter when parsing SIP/SDP requests in 1.4.x prior to 1.4.3. After successful exploitation a agent will be installed. The process being exploited is usually run as root. CVE-2007-2293 Exploits/Remote Linux
02.28.2011 Quick n Easy FTP Server Login DoS This module shuts down the Quick 'n Easy FTP Server because it fails to properly handle user-supplied malformed packets when login. CVE-2009-1602 Exploits/Remote Windows
12.09.2008 AT TFTP Server Long Filename Buffer Overflow Exploit The vulnerability is caused due to a boundary error during the processing of TFTP Read/Write request packet types. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet with an overly long filename field. CVE-2006-6184 Exploits/Remote Windows
05.29.2005 MySQL MaxDB WebTool GET Request Buffer Overflow Exploit This module exploits a stack buffer overflow in the MySQL MaxDB WebTool Server and installs a level0 agent. CVE-2005-0684 Exploits/Remote Windows
06.10.2008 CitectSCADA Buffer Overflow Exploit Remote exploitation of a buffer overflow vulnerability in CitectSCADA allows for the remote execution of arbitrary code by attackers. CVE-2008-2639 Exploits/Remote Windows
11.10.2013 Ultra Mini HTTPD Stack Buffer Overflow Exploit Update The vulnerability is caused due to a boundary error within Mini HTTPD when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. Arbitrary code can be directly executed by overwriting a return address. This update only adds CVE Number. CVE-2013-5019 Exploits/Remote Windows
10.18.2010 Disk Pulse Server GetServerInfo Request Buffer Overflow Exploit A vulnerability exists in the way Disk Pulse Server v2.2.34 process a remote clients "GetServerInfo" request.The vulnerability is caused due to a boundary error in libpal.dll when handling network messages and can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 9120. NOCVE-9999-45456 Exploits/Remote Windows
07.11.2013 HP Data Protector Cell Manager Opcode 259 Remote Code Execution Exploit The specific flaw exists within crs.exe which listens by default on a random TCP port. When parsing different opcodes, the process blindly copies user supplied data into a fixed-length stack buffer. A remote attacker can abuse this to execute remote code under the context of the SYSTEM user. CVE-2013-2329 Exploits/Remote Windows
08.06.2009 Motorola Timbuktu Pro PlughNTCommand Stack Based Buffer Overflow Exploit This module exploits a remote stack-based buffer overflow in Motorola Timbuktu Pro by sending a long malformed string over the plughNTCommand named pipe. CVE-2009-1394 Exploits/Remote Windows

Pages