Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
05.18.2010 Vermillion FTP Daemon Buffer Overflow Exploit Update The vulnerability is caused due to a boundary error with the handling of PORT commands. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted command passed to the affected server. This update fix the Connect to connection method. NOCVE-9999-41966 Exploits/Remote Windows
09.24.2014 Bash Remote Code Execution Exploit This update includes a module exploiting a vulnerability found in Bash. When using the vulnerable Bash version as the interpreter for CGI pages, remote code execution through those pages is possible. CVE-2013-1966 Exploits/Remote Solaris, Linux, Windows
04.13.2014 HP Data Protector EXEC_BAR Remote Command Execution Exploit This module exploits a remote code execution vulnerability in HP Data Protector by sending a specially crafted EXEC_BAR request. CVE-2013-2347 Exploits/Remote Windows
03.19.2012 AT TFTP Server Long Filename Buffer Overflow Exploit Update The vulnerability is caused due to a boundary error during the processing of TFTP Read/Write request packet types. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet with an overly long filename field. This update ensures that the program receives all data. CVE-2006-6184 Exploits/Remote Windows
04.24.2008 Veritas Backup Exec exploit Update This module exploits a stack-based buffer overflow in the Agent Browser in VERITAS Backup Exec 7.3, 8.x before 8.60.3878 Hotfix 68, and 9.x before 9.1.4691 Hotfix 40, to install an agent on the target box. This update improves reliability for 8.x versions. CVE-2004-1172 Exploits/Remote Windows
09.09.2007 SIDVault LDAP Server Remote Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the LDAP service (sidvault.exe) of the SIDVault LDAP application. The exploit triggers a stack-based buffer overflow by sending a specially crafted packet to port 389/TCP of the vulnerable system and installs an agent if successful. CVE-2007-4566 Exploits/Remote Windows
06.09.2013 MongoDB nativeHelper Remote Code Execution Exploit This module exploits a vulnerability in MongoDB server. An arbitrary value passed as a parameter to the nativeHelper function in MongoDB server allows an attacker to control the execution flows to achieve remote code execution. CVE-2013-1892 Exploits/Remote Linux
01.08.2013 IBM Director CIM Server Remote Code Execution Exploit IBM Director is prone to a remote code execution vulnerability that affects the CIM server. Attackers can leverage this issue to execute arbitrary code with elevated privileges in the context of the CIM server process. CVE-2009-0880 Exploits/Remote Windows
06.01.2010 HP OpenView NNM snmpviewer CGI Buffer Overflow Exploit This module exploits a stack-based buffer overflow in the snmpviewer.exe CGI application, a component of HP OpenView Network Node Manager, by sending an HTTP request with an invalid value for the act and app parameters. CVE-2010-1552 Exploits/Remote Windows
06.01.2011 OracleDB CSA Remote Code Execution Exploit This module exploits a vulnerability in the Client System Analyzer component of the Oracle Database Server. CVE-2010-3600 Exploits/Remote Windows, Linux
11.04.2014 exploitlib local privilege escalation update This update fixes an issue in the dynamic_fork mem_execute implementation used by some privilege escalation exploits. Exploits/Remote
08.20.2008 IBM Lotus Domino Accept-Language Remote Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the Lotus Domino HTTP server (nHTTP.exe) by sending a specially crafted GET request. CVE-2008-2240 Exploits/Remote Windows
10.27.2013 MS SMB 2.0 Negociate Protocol Request Remote Exploit Update 3 This module exploits a vulnerability in srv2.sys via a SMB 2 malformed packet. This Update adds support for attacking over IPv6 and additional support for Windows Server 2008 CVE-2009-3103 Exploits/Remote Windows
09.28.2011 Procyon Core Server HMI Scada Coreservice Buffer Overflow Exploit Vulnerability in the coreservice.exe component of Procyon Core Server versions 1.13 and below. While processing a password, the application fails to do proper bounds checking before copying data into a buffer on the stack. This causes a buffer overflow and allows it to overwrite a structured exception handling record, allowing for unauthenticated remote code execution. CVE-2011-3322 Exploits/Remote Windows
02.05.2007 CA BrightStor Tape Engine exploit for Windows Vista We are pleased to announce the availability of the first CORE IMPACT exploit for Windows Vista along with initial support for Windows Vista as an exploit target. The first exploit we are releasing is an exploit for a vulnerability in CA BrightStor ARCserve Backup v11.5 (CVE-2007-0169). More exploits for Vista will follow as part of our exploit update service. This update adds support for Windows Vista as a target for the exploit, and includes modifications to the Windows agent and accompanying payloads to run on all previously supported versions of Windows. CVE-2007-0168 Exploits/Remote Windows
03.04.2010 OpenX Remote Code Execution Exploit The vulnerability is caused due to the banner-edit.php script allowing the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to e.g. execute arbitrary PHP code by uploading a specially crafted PHP script that contains the GIF magic number. CVE-2009-4098 Exploits/Remote Solaris, Linux, Mac OS X
10.06.2011 HP iNode Management Center iNodeMngChecker Remote Code Execution Exploit The flaw exists within the iNodeMngChecker.exe component which listens by default on TCP port 9090. When handling the 0x0A0BF007 packet type the process blindly copies user supplied data into a fixed-length buffer on the stack. CVE-2011-1867 Exploits/Remote Windows
04.16.2007 MSRPC DNS Server exploit This module exploits a buffer overflow in the DNS Server via a specially crafted RPC request. CVE-2007-1748 Exploits/Remote Windows
08.27.2015 Zimbra Collaboration Server skin Local File Include Exploit Update Zimbra is vulnerable to a Local File Inclusion vulnerability that allows attacker to get LDAP credentials which we may use for upload a JSP file allowing us to install an agent. This update workarounds a problem when proxying and using HTTPSConnection. CVE-2013-7091 Exploits/Remote Linux
06.29.2011 HP Data Protector Omniinet.exe Remote Buffer Overflow This module exploits a buffer overflow vulnerability in HP Data Protector by sending a specially crafted packet to the vulnerable Omniinet.exe service. CVE-2011-1865 Exploits/Remote Windows
04.10.2011 Symantec AMS Intel Alert Service AMSSendAlertAck Buffer Overflow Exploit This module exploits a stack-based buffer overflow in the Intel Alert Handler Service. CVE-2010-0110 Exploits/Remote Windows
06.05.2012 Samba Username Map Script Command Injection Exploit Update The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the SamrChangePassword function, when the "username map script" smb.conf option is enabled. This update adds Solaris support. CVE-2007-2447 Exploits/Remote Solaris, Linux
01.21.2008 SAP MaxDB Remote Command Injection Exploit Update This update adds the CVE number of the vulnerability to the module. CVE-2008-0244 Exploits/Remote Windows
01.07.2014 MongoDB mongoFind Uninitialized Memory Exploit The mongo::mongoFind method in MongoDB makes use of uninitialized memory. A remote attacker can fill that memory address with controlled data and then call the vulnerable function in order to execute arbitrary code on the affected server. NOCVE-9999-58919 Exploits/Remote Linux
01.30.2012 Plone popen2 Remote Command Execution Exploit This module exploits a remote command execution vulnerability in the Zope web application server used by Plone, by sending a specially crafted HTTP request to the affected web site. The vulnerability exists because it is possible to remotely invoke the popen2 function from the Python os package with arbitrary arguments in the context of the affected server. This can be exploited by remote unauthenticated attackers to execute arbitrary code on the vulnerable machine. CVE-2011-3587 Exploits/Remote Linux, FreeBSD
12.17.2007 Lighttpd FastCGI Exploit This module exploits a header overflow vulnerability in lighttpd when using fast_cgi module in lighttpd before version 1.4.18. CVE-2007-4727 Exploits/Remote Linux
08.17.2006 Windows Mailslot DoS Update The server driver (srv.sys) in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to cause a denial of service (crash) via a crafted packet on an SMB PIPE that triggers a null dereference. While investigating the Microsoft Server Service Mailslot heap overflow vulnerability reported in Microsoft Security Bulletin MS06-035 we discovered a second bug in the server service. This module exploits this vulnerability. For more info go to http://www.coresecurity.com/common/showdoc.php?idx=562&idxseccion=10 CVE-2006-3942 Exploits/Remote Windows
12.18.2008 MiniShare HTTP GET Request Buffer Overflow Exploit The vulnerability is caused due to a boundary error in the handling of HTTP "GET" requests. This can be exploited to cause a buffer overflow by sending a specially crafted overly long request with a pathname larger than 1787 bytes. CVE-2004-2271 Exploits/Remote Windows
04.06.2008 Apache mod_php Exploit Update 2 This update fixes an issue with the 'reuse connection' mode on Impact V7.5 CVE-2002-0081 Exploits/Remote Linux
01.12.2010 BigAnt IM Server USV Request Remote Buffer Overflow Exploit This module exploits a vulnerability in the AntServer Module (AntServer.exe) to cause a stack-based buffer overflow, by sending a specially crafted, overly long "USV" request to the TCP port where the server is listening. NOCVE-9999-41693 Exploits/Remote Windows

Pages