Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
05.28.2014 Yokogawa Centum CS 3000 BKBCopyD Remote Buffer Overflow Exploit This module exploits a stack based buffer overflow in Yokogawa CENTUM CS 3000 by using its BKBCopyD.exe service. The Yokogawa Centum CS3000 solution uses different services in order to provide all its functionality. The BKBCopyD.exe service, started when running the FCS / Test Function, listens by default on TCP/20111. By sending a specially crafted packet to the port TCP/20111 it is possible to trigger a stack based buffer overflow which allows execution of arbitrary code with the privileges of the CENTUM user. CVE-2014-0784 Exploits/Remote Windows
11.13.2006 McAfee ePolicy Orchestrator - Protection Pilot HTTP exploit This module exploits a buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126. CVE-2006-5156 Exploits/Remote Windows
01.03.2012 Phpldapadmin orderby Remote Code Execution Exploit Input passed to the "orderby" parameter in cmd.php (when "cmd" is set to "query_engine", "query" is set to "none", and "search" is set to e.g. "1") is not properly sanitised in lib/functions.php before being used in a "create_function()" function call. This can be exploited to inject and execute arbitrary PHP code. CVE-2011-4075 Exploits/Remote Linux, Mac OS X
09.11.2005 MailEnable SMTP auth command exploit This module exploits a stack-based buffer overflow in Mailenable smtp for Windows, allowing remote attackers to execute arbitrary code via AUTH command input. CVE-2005-2223 Exploits/Remote Windows
10.19.2010 IBM Lotus Domino iCalendar Organizer Buffer Overflow Exploit A stack-based buffer overflow exists in the nRouter.exe component of IBM Lotus Domino when parsing the ORGANIZER field of an iCalendar invitation. This can be exploited by a remote, unauthenticated attacker to execute arbitrary code by sending a specially crafted e-mail to the Lotus Domino SMTP server. CVE-2010-3407 Exploits/Remote Windows
12.14.2008 Mercury IMAPD Login Buffer Overflow Exploit This module allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing the Mercury Mail Transport System. The vulnerability is caused due to a boundary error within Mercury/32 IMAPD Server Module (mercuryi.dll). This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed size memory buffer. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. Authentication is not required to exploit this vulnerability. CVE-2006-5961 Exploits/Remote Windows
10.03.2012 Novell File Reporter NFRAgent VOL Tag Buffer Overflow Exploit The vulnerability exists within NFRAgent.exe listening on TCP port 3037. When parsing tags inside the VOL element, the process performs insufficient bounds checking on user-supplied data prior to copying it on the stack. NOCVE-9999-54601 Exploits/Remote Windows
01.06.2010 HP OpenView Storage Data Protector Remote Buffer Overflow Exploit This module exploits a remote buffer overflow in the OmniInet.exe service included in the HP OpenView Storage Data Protector application by sending a malformed MSG_PROTOCOL packet. CVE-2009-3844 Exploits/Remote Windows
06.11.2012 RabidHamster R4 Log Entry sprintf Buffer Overflow Exploit A stack overflow found in RabidHamster R4's web server by supplying a malformed HTTP request when generating a log. NOCVE-9999-52541 Exploits/Remote Windows
12.25.2006 CA BrightStor ARCserve Backup Discovery Service exploit This module exploits a vulnerability in BrightStor ARCserve/Enterprise Backup, which can be leveraged by an attacker to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the Discovery Service when processing received network traffic. This can be exploited to cause a buffer overflow by sending an overly large TCP data stream to port 41523. CVE-2006-5143 Exploits/Remote Windows
01.02.2011 FreeFloat FTP Server Reply Buffer Overflow Exploit FreeFloat FTP server is prone to a buffer-overflow vulnerability when handling overly long replies. NOCVE-9999-46263 Exploits/Remote Windows
10.05.2009 MS SMB 2.0 Negociate Protocol Request Remote Exploit Update 2 This update uses two different methods to exploit the targets, and it also improves the exploited target stability when repairing the SMB service. This module exploits a vulnerability on srv2.sys via a SMB 2 malformed packet. CVE-2009-3103 Exploits/Remote Windows
12.12.2013 ABB MicroSCADA Wserver Buffer Overflow Exploit This vulnerability is a buffer overflow and allows remote attackers to execute arbitrary code on vulnerable installations of ABB MicroSCADA Wserver without authentication. The specific flaw exists within the wserver.exe component which listens on TCP port 12221. This component performs insufficient bounds checking on user-supplied data which results in stack buffer ovreflow. NOCVE-9999-61094 Exploits/Remote Windows
07.05.2009 Oracle Secure Backup NDMP_CONNECT_CLIENT_AUTH Buffer Overflow Exploit Update This module exploits a vulnerability in Oracle Secure Backup when sending a specially crafted NDMP_CONNECT_CLIENT_AUTH packet. This update improves exploit reliability and adds a ndmp library for ndmp based exploits. CVE-2008-5444 Exploits/Remote Windows
03.26.2009 Oracle Secure Backup NDMP_CONNECT_CLIENT_AUTH Buffer Overflow Exploit This module exploits a vulnerability in Oracle Secure Backup when sending a specially crafted NDMP_CONNECT_CLIENT_AUTH packet. CVE-2008-5444 Exploits/Remote Windows
03.19.2013 Schneider Electric Interactive Graphical SCADA System Buffer Overflow Exploit This Stack-based buffer overflow exploits a vulnerability in Schneider Electric's Interactive Graphical SCADA System (IGSS) that allows remote attackers to execute arbitrary code by sending a specially crafted packet to TCP port-12397. CVE-2013-0657 Exploits/Remote Windows
05.16.2010 HP Storage Data Protector MSG_PROTOCOL Buffer Overflow Exploit This module exploits a remote buffer overflow in the OmniInet.exe service included in the HP OpenView Storage Data Protector application by sending a malformed MSG_PROTOCOL packet. CVE-2007-2280 Exploits/Remote Windows
10.28.2008 Alt-N Security Gateway Remote Buffer Overflow Exploit Update 2 This module exploits a stack-based buffer overflow in the Alt-N Security Gateway by sending a specially crafted HTTP request to the TCP port 4000. This update add the CVE number. CVE-2008-4193 Exploits/Remote Windows
04.18.2011 Progea Movicon SCADA-HMI TCPUploadServer Remote Exploit This module exploits a remote vulnerability in the TCPUploadServer service included in the Movicon 11 application to install an agent by writing and running an executable file. NOCVE-9999-47538 Exploits/Remote Windows
02.02.2012 Symantec PCAnywhere awhost32 Remote Code Execution Exploit The flaw exists within the awhost32 component which is used when handling incoming connections. This process listens on TCP port 5631. When handling an authentication request the process copies the user supplied username unsafely to a fixed-length buffer. CVE-2011-3478 Exploits/Remote Windows
02.07.2006 Blue Coat Systems WinProxy Exploit This module exploits a buffer overflow vulnerability in Blue Coat Systems Inc.'s WinProxy. CVE-2005-4085 Exploits/Remote Windows
04.20.2009 MSRPC Server Service Remote Buffer Overflow Exploit (MS08-067) Update 3 This module exploits a vulnerability in the Microsoft Windows Server service by sending a specially crafted RPC request. This update adds support for Windows 2003 Enterprise Edition sp2 with DEP enabled. This update also adds support for XP SP2 and 2003 SP1 as well as improves the reliability of the exploit against all supported platforms. CVE-2008-4250 Exploits/Remote Windows
08.07.2011 MSRPC RRAS Exploit Update This module exploits a stack-based buffer overflow in the Windows Routing and Remote Access Service. This update fixes an issue in the agent connector. CVE-2006-2370 Exploits/Remote Windows
06.22.2010 Novell ZENworks Configuration Management Preboot Service Remote Buffer Overflow Exploit This module exploits a remote stack-based buffer overflow in the Preboot Service component of Novell ZENworks Configuration Management by sending a specially crafted packet to the port 998/TCP. NOCVE-9999-43820 Exploits/Remote Windows
12.11.2008 ProSysInfo TFTPDWIN Buffer Overflow Exploit This module exploits a buffer overflow vulnerability during the processing of requested resources to cause a stack-based buffer overflow by requesting a resource with an overly long name. CVE-2006-4948 Exploits/Remote Windows
06.26.2008 Samba nttrans Exploit Update This update improves reliability on Solaris. CVE-2003-0085 Exploits/Remote Solaris, Linux
11.09.2009 Kerio PF Administration Exploit Update Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet. This update improves the reliability of the exploit when using the "Reuse connection" method to connect new agents. CVE-2003-0220 Exploits/Remote Windows
06.20.2006 Exchange CDO Calendar PreEnum exploit This module exploits a stack based buffer overflow handling the mail headers in the OWA (Outlook Web Access) service when processing meeting requests of Exchange Server clients (MS06-019). CVE-2006-0027 Exploits/Remote Windows
08.26.2010 Adobe ColdFusion locale Remote Code Execution Exploit An important vulnerability has been identified in ColdFusion version 8.0, 8.0.1, 9.0, 9.0.1 for Windows, Macintosh and UNIX. This directory traversal vulnerability could lead to information disclosure (CVE-2010-2861). Adobe has provided a solution for this reported vulnerability. It recomends that users update their product. CVE-2010-2861 Exploits/Remote Windows, Linux
05.25.2009 XBMC GET Request Remote Buffer Overflow Exploit This module exploits a vulnerability in XBMC by sending a specially crafted, overly long HTTP GET request to the application's web server which causes a stack-based buffer overflow, allowing arbitrary code execution. NOCVE-9999-37459 Exploits/Remote Windows

Pages