CORE Impact Pro Exploits and Security Updates

When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.

Use the controls below to navigate CORE Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
04.06.2010 SAP MaxDB Malformed Handshake Request Exploit This module exploits a stack buffer overflow vulnerability in SAP MaxDB by sending a specially crafted packet to 7210/TCP port. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-1185 Exploits/Remote Windows
10.27.2013 Apache Struts 2 DefaultActionMapper redirect Remote Code Execution Exploit Update The DefaultActionMapper class in Apache Struts2 supports a method for short-circuit navigation state changes by prefixing parameters with "action:" or "redirect:". The information contained in these prefixes is not properly sanitized before being evaluated as OGNL expressions on the server side, which allows remote attackers to execute arbitrary Java code on the server. This module exploits the vulnerability in any web application built on top of vulnerable versions of the Apache Struts 2 framework. CVE-2013-2251 Exploits/Remote Windows, Linux, Mac OS X
12.13.2011 Zabbix Remote Code Execution Exploit Update This module adds support for Mac OS X and Solaris platforms. NOCVE-9999-37058 Exploits/Remote Solaris, Linux, Mac OS X
09.26.2010 HP Data Protector DtbClsLogin Remote Exploit This module exploits a remote stack-based buffer overflow vulnerability in HP Data Protector, by sending a specially crafted packet to the port 3817/TCP, which will trigger a buffer overflow when processed by the DtbClsLogin function in the dpwindtb.dll module. CVE-2010-3007 Exploits/Remote Windows
04.28.2008 Arkeia Network Backup buffer overflow exploit update This package updates the Arkeia Network Backup exploit. CVE-2005-0491 Exploits/Remote Windows, Linux
02.13.2013 Sunway Force Control SCADA SMNP NetDBServer Buffer Overflow Exploit Update A stack based buffer overflow in the SNMP NetDBServer service of Sunway Forcecontrol is triggered when sending an overly long string to the listening service on port 2001. This version updates runtime value to the appropriate for this case. NOCVE-9999-51166 Exploits/Remote Windows
06.28.2009 Drupal BlogAPI Remote Code Execution Exploit The BlogAPI module does not validate the extension of files that it is used to upload, enabling users with the "administer content with blog api" permission to upload harmful files. This module uploads an IMPACT agent, creates a php file to execute the agent and then makes a request to the file. The result is an IMPACT agent running on the webserver. CVE-2008-4792 Exploits/Remote Linux
10.15.2008 MSRPC Microsoft Host Integration Remote Command Execution Exploit (MS08-059) This module exploits a remote command injection in the SNA RPC service included in Microsoft Host Integration Server. A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer. CVE-2008-3466 Exploits/Remote
05.17.2012 SAP Netweaver DiagTraceR3Info Remote Buffer Overflow Exploit The DiagTraceR3Info function of the disp+work.exe component of SAP Netweaver is prone to a remote buffer overflow when the work process trace level is set to values 2 or 3 for the Dialog Processor component. This vulnerability can be exploited to execute arbitrary code on the vulnerable machine by sending a specially crafted packet containing ST_R3INFO CODEPAGE items. CVE-2012-2611 Exploits/Remote Windows
12.05.2010 Httpdx FTP Server tolog() Function Format String Exploit This module exploits a format string vulnerability in HTTPDX FTP server by sending a specially crafted FTP command, corrupting the memory and executing arbitrary code. CVE-2009-4769 Exploits/Remote Windows
01.24.2012 Goodtech Telnet Daemon Buffer Overflow Exploit There is a buffer overflow vulnerability in the administration web server for GoodTech Telnet Server which allows remote attackers to execute arbitrary code via a long string to port 2380. CVE-2005-0768 Exploits/Remote Windows
10.20.2010 Disk Pulse Server GetServerInfo Request Buffer Overflow Exploit Update A vulnerability exists in the way Disk Pulse Server v2.2.34 process a remote clients "GetServerInfo" request.The vulnerability is caused due to a boundary error in libpal.dll when handling network messages and can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 9120. This update correct typo. NOCVE-9999-45456 Exploits/Remote Windows
03.03.2013 Procyon Core Server HMI Scada Coreservice Buffer Overflow Exploit Update Vulnerability in the coreservice.exe component of Procyon Core Server versions 1.13 and below. While processing a password, the application fails to do proper bounds checking before copying data into a buffer on the stack. This causes a buffer overflow and allows it to overwrite a structured exception handling record, allowing for unauthenticated remote code execution. This version updates runtime value to the appropriate for this case. CVE-2011-3322 Exploits/Remote Windows
07.04.2011 Mutable Decoder in Package and Register Mutable Decoder in Package and Register improves the randomness in executable agents generated by Impact (Package and Register, Serve Agent in WebServer, Send Agent by email and others). Exploits/Remote
12.03.2008 SNMPc Trap Packet Remote Buffer Overflow Exploit This module exploits a remote buffer overflow in the SNMPc Network Manager by sending a specially crafted Trap packet with a long Community String to the UDP port 164 and installs an agent if successful. CVE-2008-2214 Exploits/Remote Windows
05.03.2010 HP OpenView NNM OvWebHelp CGI Buffer Overflow Exploit This module exploits a vulnerability in HP OpenView NNM by sending a specially crafted request to OvWebHelp.exe. CVE-2009-4178 Exploits/Remote Windows
06.05.2008 Apache Tomcat buffer overflow exploit update This module exploits a buffer overflow vulnerability in the Apache Tomcat JK Web Server Connector and installs an agent. An attacker can use an overly long URL to trigger a buffer overflow in the URL work map routine (map_uri_to_worker()) in the mod_jk.so library, resulting in the compromise of the target system. This package improves the reliability of the exploit. CVE-2007-0774 Exploits/Remote Linux
06.06.2012 AT TFTP Server Long Filename Buffer Overflow Exploit Update 2 The vulnerability is caused due to a boundary error during the processing of TFTP Read/Write request packet types. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet with an overly long filename field. This update ensures that the program receives all data. This update fixes an error on Impact v12.3. CVE-2006-6184 Exploits/Remote Windows
02.07.2010 WireShark LWRES Dissector Buffer Overflow Exploit This module exploits a stack-based buffer overflow in the WireShark LWRES dissector by sending a specially crafted LWRES packet. CVE-2010-0304 Exploits/Remote Windows
04.03.2007 IIS HTR ChunkedEncoding exploit update This update adds support for Windows 2000 SP0 and fixes a reliability issue. The module exploits a vulnerability in the .HTR ISAPI filter in early versions of IIS. CVE-2002-0079 Exploits/Remote Windows
04.18.2012 Miniserv Perl Format String Exploit Update This update fixes an issue with the SSL support in the exploit for Usermin's and Webmin's perl format string vulnerability (CVE-2005-3912). CVE-2005-3912 Exploits/Remote Linux
04.18.2013 Nagios history Buffer Overflow Exploit This module exploits a remote buffer overflow in Nagios history.cgi by sending a malformed host parameter. CVE-2012-6096 Exploits/Remote Linux
07.31.2011 Blue Coat Authentication and Authorization Agent Buffer Overflow Exploit Blue Coat BCAAA is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks. This exploit bypasses DEP protection by using ROP techniques. NOCVE-9999-48688 Exploits/Remote Windows
01.14.2009 Microsoft Windows SMB Buffer Underflow Exploit (MS08-063) Update This update add support to Microsoft Windows 2000 SP4 Professional, Server, Advanced Server and Windows 2003 SP0 Standard Edition and Enterprise Edition. CVE-2008-4038 Exploits/Remote Windows
05.26.2010 MSRPC SRVSVC NetrpPathCanonicalize Exploit (MS06-040) Update 3 This update improves reliability when it's launched against Windows XP SP1 platforms. This module exploits a remotely exploitable vulnerability in Windows' Server Service (MS06-040) over Microsoft DCERPC (ports 139 and 445). CVE-2006-3439 Exploits/Remote Windows
04.25.2011 Novell File Reporter Agent XML Tag Remote Code Execution Exploit This module exploits a buffer overflow vulnerability in Novell File Reporter. This vulnerability can be exploited remotely by sending a specially crafted packet to port TCP/3037. CVE-2011-0994 Exploits/Remote Windows
07.30.2008 Microsoft IGMPv3 Exploit (MS08-001) This exploit installs an agent using an overflow vulnerability located in Microsoft Windows tcpip.sys CVE-2007-0069 Exploits/Remote Windows
08.06.2014 Atlassian JIRA Issue Collector Plugin Path Traversal Vulnerability Exploit A path traversal vulnerability affects the Issue Collector plugin in Atlassian JIRA. This module exploits that vulnerability to achieve remote code execution. The installed agent will have SYSTEM privileges. CVE-2014-2314 Exploits/Remote Windows
06.26.2012 EZHomeTech EzServer Buffer Overflow Exploit EzServer is prone to a buffer-overflow when handling packets with an overly long string. NOCVE-9999-52789 Exploits/Remote Windows
02.20.2014 HP Data Protector Cell Manager Opcode 263 Buffer Overflow Exploit The specific flaw exists within crs.exe which listens by default on a random TCP port. When parsing opcodes 214, 215, 216, 219, 257, and 263, the process blindly copies user supplied data into a fixed-length stack buffer. CVE-2013-6195 Exploits/Remote Windows

Pages