Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
10.14.2013 Oracle WebLogic Server Apache Connector Exploit Update Exploits a buffer overflow in the Apache Connector of Oracle WebLogic Server (formerly known as BEA WebLogic Server). The target path used when launching this module against an Apache Server must be handled by the Apache Connector or the exploit will not succeed. This update changes the default connection method for the module. CVE-2008-3257 Exploits/Remote Windows, AIX, Linux
05.29.2007 Symantec Rtvscan buffer overflow exploit This module exploits a buffer overflow vulnerability in Symantec Client Security 3.x and Symantec Antivirus Corporate Edition 10.x that allows a remote un-authenticated attacker to compromise the target system and obtain system privileges. CVE-2006-2630 Exploits/Remote Windows
09.15.2011 Sunway Force Control SCADA httpsvr Exploit A buffer-overflow vulnerability affects the httpsvr.exe webserver included in the device. This issue occurs when handling an excessively large URI. CVE-2011-2960 Exploits/Remote Windows
09.02.2009 Exploit Modules Update for RPT This update applies missing attributes to a small number of exploits to ensure they are correctly selected by the Rapid Penetration Test Wizards. CVE-2008-1914 Exploits/Remote Windows, Linux
01.28.2013 Elastix PBX Remote PHP Injection Exploit This module exploits a remote PHP code injection vulnerability in Elastix PBX by uploading a renamed PHP file and leveraging a local file inclusion vulnerability to execute the PHP file. It also exploits a bad configuration in the /etc/sudoers file to elevate privileges from 'asterisk' user to 'root'. NOCVE-9999-56369 Exploits/Remote Linux
11.16.2014 Eudora Qualcomm WorldMail IMAPd Service UID Buffer Overflow Exploit Eudora Qualcomm WorldMail IMAPd Service is prone to a buffer overflow SEH gets overwritten when using UID command. NOCVE-9999-67004 Exploits/Remote Windows
12.02.2009 MSRPC CA ARCserve Backup Command Injection Exploit CA BrightStor ARCserve Backup is prone to a command injection vulnerability on the RPC interface that could permit the execution of arbitrary remote code. A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer. CVE-2008-4397 Exploits/Remote Windows
05.28.2014 Yokogawa Centum CS 3000 BKBCopyD Remote Buffer Overflow Exploit This module exploits a stack based buffer overflow in Yokogawa CENTUM CS 3000 by using its BKBCopyD.exe service. The Yokogawa Centum CS3000 solution uses different services in order to provide all its functionality. The BKBCopyD.exe service, started when running the FCS / Test Function, listens by default on TCP/20111. By sending a specially crafted packet to the port TCP/20111 it is possible to trigger a stack based buffer overflow which allows execution of arbitrary code with the privileges of the CENTUM user. CVE-2014-0784 Exploits/Remote Windows
01.03.2012 Phpldapadmin orderby Remote Code Execution Exploit Input passed to the "orderby" parameter in cmd.php (when "cmd" is set to "query_engine", "query" is set to "none", and "search" is set to e.g. "1") is not properly sanitised in lib/functions.php before being used in a "create_function()" function call. This can be exploited to inject and execute arbitrary PHP code. CVE-2011-4075 Exploits/Remote Linux, Mac OS X
10.19.2010 IBM Lotus Domino iCalendar Organizer Buffer Overflow Exploit A stack-based buffer overflow exists in the nRouter.exe component of IBM Lotus Domino when parsing the ORGANIZER field of an iCalendar invitation. This can be exploited by a remote, unauthenticated attacker to execute arbitrary code by sending a specially crafted e-mail to the Lotus Domino SMTP server. CVE-2010-3407 Exploits/Remote Windows
06.05.2008 MDaemon IMAP Fetch Exploit Update This module exploits a stack-based buffer overflow in the MDaemon Email Server 9.64. CVE-2008-1358 Exploits/Remote Windows
08.24.2006 MSRPC RRAS Exploit This module exploits a stack overflow in the Windows Routing and Remote Access Service (MS06-025) CVE-2006-2370 Exploits/Remote Windows
10.03.2012 Novell File Reporter NFRAgent VOL Tag Buffer Overflow Exploit The vulnerability exists within NFRAgent.exe listening on TCP port 3037. When parsing tags inside the VOL element, the process performs insufficient bounds checking on user-supplied data prior to copying it on the stack. NOCVE-9999-54601 Exploits/Remote Windows
01.06.2010 HP OpenView Storage Data Protector Remote Buffer Overflow Exploit This module exploits a remote buffer overflow in the OmniInet.exe service included in the HP OpenView Storage Data Protector application by sending a malformed MSG_PROTOCOL packet. CVE-2009-3844 Exploits/Remote Windows
06.11.2012 RabidHamster R4 Log Entry sprintf Buffer Overflow Exploit A stack overflow found in RabidHamster R4's web server by supplying a malformed HTTP request when generating a log. NOCVE-9999-52541 Exploits/Remote Windows
01.02.2011 FreeFloat FTP Server Reply Buffer Overflow Exploit FreeFloat FTP server is prone to a buffer-overflow vulnerability when handling overly long replies. NOCVE-9999-46263 Exploits/Remote Windows
12.12.2013 ABB MicroSCADA Wserver Buffer Overflow Exploit This vulnerability is a buffer overflow and allows remote attackers to execute arbitrary code on vulnerable installations of ABB MicroSCADA Wserver without authentication. The specific flaw exists within the wserver.exe component which listens on TCP port 12221. This component performs insufficient bounds checking on user-supplied data which results in stack buffer ovreflow. NOCVE-9999-61094 Exploits/Remote Windows
10.29.2006 SQL Server Hello exploit update This module exploits a vulnerability in Microsoft SQL Server. This update improves the exploit reliability and adds support for Windows 2003 CVE-2002-1123 Exploits/Remote Windows
03.19.2013 Schneider Electric Interactive Graphical SCADA System Buffer Overflow Exploit This Stack-based buffer overflow exploits a vulnerability in Schneider Electric's Interactive Graphical SCADA System (IGSS) that allows remote attackers to execute arbitrary code by sending a specially crafted packet to TCP port-12397. CVE-2013-0657 Exploits/Remote Windows
09.26.2007 MSRPC MSMQ Buffer Overflow exploit update This package updates the MSRPC MSMQ Buffer Overflow exploit module. CVE-2005-0059 Exploits/Remote Windows
05.16.2010 HP Storage Data Protector MSG_PROTOCOL Buffer Overflow Exploit This module exploits a remote buffer overflow in the OmniInet.exe service included in the HP OpenView Storage Data Protector application by sending a malformed MSG_PROTOCOL packet. CVE-2007-2280 Exploits/Remote Windows
06.23.2005 MSRPC MSMQ Buffer Overflow exploit This module exploits a buffer overflow in the Message Queuing component of Microsoft Windows allowing remote attackers to execute arbitrary code via a crafted message and installing an agent. CVE-2005-0059 Exploits/Remote Windows
04.18.2011 Progea Movicon SCADA-HMI TCPUploadServer Remote Exploit This module exploits a remote vulnerability in the TCPUploadServer service included in the Movicon 11 application to install an agent by writing and running an executable file. NOCVE-9999-47538 Exploits/Remote Windows
02.02.2012 Symantec PCAnywhere awhost32 Remote Code Execution Exploit The flaw exists within the awhost32 component which is used when handling incoming connections. This process listens on TCP port 5631. When handling an authentication request the process copies the user supplied username unsafely to a fixed-length buffer. CVE-2011-3478 Exploits/Remote Windows
11.21.2007 Imatix Xitami If-Modified-Since Remote Buffer Overflow Exploit This module exploits a remote stack buffer overflow in the Xitami Server version 2.5c CVE-2007-5067 Exploits/Remote Windows
08.07.2011 MSRPC RRAS Exploit Update This module exploits a stack-based buffer overflow in the Windows Routing and Remote Access Service. This update fixes an issue in the agent connector. CVE-2006-2370 Exploits/Remote Windows
06.22.2010 Novell ZENworks Configuration Management Preboot Service Remote Buffer Overflow Exploit This module exploits a remote stack-based buffer overflow in the Preboot Service component of Novell ZENworks Configuration Management by sending a specially crafted packet to the port 998/TCP. NOCVE-9999-43820 Exploits/Remote Windows
11.22.2005 MSRPC Netware Client Buffer Overflow exploit This module exploits an unchecked buffer in the Client Service for NetWare on Microsoft Windows, and installs an agent (MS05-046). CVE-2005-1985 Exploits/Remote Windows
11.09.2009 Kerio PF Administration Exploit Update Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet. This update improves the reliability of the exploit when using the "Reuse connection" method to connect new agents. CVE-2003-0220 Exploits/Remote Windows
08.26.2010 Adobe ColdFusion locale Remote Code Execution Exploit An important vulnerability has been identified in ColdFusion version 8.0, 8.0.1, 9.0, 9.0.1 for Windows, Macintosh and UNIX. This directory traversal vulnerability could lead to information disclosure (CVE-2010-2861). Adobe has provided a solution for this reported vulnerability. It recomends that users update their product. CVE-2010-2861 Exploits/Remote Windows, Linux

Pages