CORE Impact Pro Exploits and Security Updates

When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.

Use the controls below to navigate CORE Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
07.18.2012 FireFly Media Server Remote Format String Exploit This module exploits a remote format string vulnerability in FireFly Media Server by sending a sequence of HTTP requests to the 3689/TCP port. CVE-2007-5825 Exploits/Remote Linux
11.21.2007 Imatix Xitami If-Modified-Since Remote Buffer Overflow Exploit This module exploits a remote stack buffer overflow in the Xitami Server version 2.5c CVE-2007-5067 Exploits/Remote Windows
02.05.2014 HP ProCurve Manager SNAC UpdateCertificatesServlet Exploit This module exploits a path traversal vulnerability in HP ProCurve Manager. The specific flaw exists within the UpdateCertificatesServlet. This servlet improperly sanitizes the fileName argument allowing the remote attacker could upload a .jsp file and execute arbitrary code. Authentication is not required to exploit this vulnerability. CVE-2013-4812 Exploits/Remote Windows
06.06.2007 LANDesk Management Suite Alert Service Exploit This module exploits a buffer overflow vulnerability in the Alert Service (aolnsrvr.exe) component of LANDesk Management Suite 8.7 and installs an agent if successful. This vulnerability can be exploited remotely by sending a specially crafted packet to port UDP/65535. CVE-2007-1674 Exploits/Remote Windows
09.11.2011 Moodle Tex Filter Remote Code Execution Exploit Update This module exploits a Moodle Tex Filter Remote Code Execution vulnerability installing an agent. This update adds support for the Solaris platform. NOCVE-9999-35969 Exploits/Remote Windows, Solaris, Linux
06.08.2006 RealVNC 4.1.1 Authentication Exploit This exploit simulates a RealVNC client and establishes a connection with a Real VNC server without using a password. After that, it opens a console, writes the exploit and executes it in ntsd.exe CVE-2006-2369 Exploits/Remote Windows
02.27.2011 HP Performance Insight helpmanager Servlet Remote Code Execution Exploit This module exploits an insufficient input validation and authentication error to upload and execute an arbitrary .JSP file in HP Performance Insight. CVE-2010-0447 Exploits/Remote Windows
04.22.2012 Novell ZENworks Configuration Management Preboot Service Opcode 0x4c Buffer Overflow Exploit A buffer-overflow vulnerability exists in the PreBoot Service when processing requests containing opcode 0x4c. CVE-2011-3176 Exploits/Remote Windows
07.05.2009 phpScheduleit 1.2.10 Remote Code Execution Exploit Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter. CVE-2008-6132 Exploits/Remote Windows, Linux
06.28.2007 Sun Java Web SOCKS Proxy Authentication Exploit This module exploits a stack-based buffer overflow vulnerability in the SOCKS proxy included in the Sun Java Web Proxy Server. The exploit sends specially crafted packets during the SOCKS connection negotiation and installs an agent if successful. CVE-2007-2881 Exploits/Remote Linux
09.29.2013 Bifrost Server Buffer Overflow Exploit Bifrost Server is prone to a buffer overflow vulnerability which can be exploited remotely by sending a specially crafted packet to port TCP/81. NOCVE-9999-58713 Exploits/Remote Windows
03.25.2009 Moodle Tex Filter Remote Code Execution Exploit Upgrade This update adds Windows (XP) to the supported target systems for this exploit. NOCVE-9999-35969 Exploits/Remote Windows, Linux
06.05.2013 Wordpress W3 Total Cache PHP Remote Code Execution Exploit This module exploits a vulnerability in W3 Total Cache plugin for Wordpress. Certain macros such as mfunc allow to inject PHP code into comments. By injecting a crafted comment into a valid post an attacker can execute arbitrary PHP code on systems running vulnerable installations of W3 Total Cache. CVE-2013-2010 Exploits/Remote Linux
10.23.2008 Alt-N Security Gateway Remote Buffer Overflow Exploit Update This module exploits a stack-based buffer overflow in the Alt-N Security Gateway by sending a specially crafted HTTP request to the TCP port 4000. This module adds support for Windows 2000 Professional SP4. CVE-2008-4193 Exploits/Remote Windows
06.12.2011 Avaya Windows Portable Device Manager (WinPDM) Buffer Overfow Exploit A boundary error in the Unite Host Router service (UniteHostRouter.exe) when processing certain requests can be exploited to cause a stack-based buffer overflow. NOCVE-9999-48394 Exploits/Remote Windows
04.05.2010 MSRPC DCOM Exploit Update This update improves the reliability of the exploit when using Reuse Connection method. CVE-2003-0352 Exploits/Remote Windows
03.08.2011 Symantec AMS Intel Alert Service Modem String Buffer Overflow Exploit This module exploits a stack-based buffer overflow vulnerability in Symantec AMS Intel Handler Service and installs an agent onto the target machine. CVE-2010-0111 Exploits/Remote Windows
03.12.2008 MSRPC Novell Netware Client EnumPrinters() Buffer Overflow Exploit Novell Client for Netware is prone to a buffer overflow vulnerability on the nwspool.dll that could permit the execution of arbitrary remote code. A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer. This module exploits this vulnerability and installs an agent. CVE-2008-0639 Exploits/Remote Windows
01.09.2012 DameWare Mini Remote Control Username Exploit This module exploits a vulnerability in DameWare Mini Remote Control by sending a specially crafted packet to port 6129/TCP. CVE-2005-2842 Exploits/Remote Windows
10.18.2010 Sync Breeze Server Login Request Buffer Overflow Exploit A vulnerability exists in Sync Breeze Server v2.2.34 when processing a remote clients "LOGIN" request.The vulnerability is caused due to a boundary error in libpal.dll when handling network messages and can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 9120. NOCVE-9999-45457 Exploits/Remote Windows
10.17.2007 Sun Java Web Console format string exploit This module exploits a format string vulnerability in the Sun Java Web Console and installs an agent. CVE-2007-1681 Exploits/Remote Solaris
10.15.2013 TP-Link Camera uploadfile Unauthenticated File Upload Exploit This module exploits an unauthenticated file upload vulnerability on TP-Link IP cameras. Due to improper access restrictions, it is possible for a remote unauthenticated attacker to upload an arbitrary file to the /mnt/mtd directory on the camera by issuing a POST request against the file /cgi-bin/uploadfile. CVE-2013-2580 Exploits/Remote
10.05.2011 phpScheduleit 1.2.10 Remote Code Execution Exploit Update Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter. This update adds support for the Solaris and FreeBSD platforms. CVE-2008-6132 Exploits/Remote Windows, Solaris, Linux, FreeBSD
06.30.2011 Siemens Tecnomatix FactoryLink CSService Buffer Overflow Exploit A vulnerability found on Siemens FactoryLink vulnerability occurs when CSService.exe processes a CSMSG_ListFiles_REQ message, causing a stack overflow. NOCVE-9999-48567 Exploits/Remote Windows
10.14.2012 Samba LsarSetInformationPolicy Request Remote Buffer Overflow Exploit Update This update adds support to Debian 6.0.0 and adds support for attacking IPv6 targets. This module exploits a heap overflow bug in Samba Server by sending a crafted request packet via DCERPC call. CVE-2012-1182 Exploits/Remote Linux
06.20.2008 Microsoft WINS Exploit (MS08-034) A memory corruption vulnerability in the ChkNtfSock function of wins.exe allows remote code execution. The WINS service listens on more than one UDP port (it listens on 42/udp and also on a dynamic UDP port). This attack targets the dynamic udp port, thus it requires the identification of such dynamic port by the user. This can be accomplished by running a port scanner module such as the 'Port Scanner - UDP' module. CVE-2008-1451 Exploits/Remote
06.09.2008 Borland InterBase Remote Integer Overflow Exploit This module exploits a buffer overflow vulnerability in the database service (ibserver.exe) of the Borland InterBase 2007 application. The exploit triggers an integer overflow and causes a stack-based buffer overflow by sending a specially crafted packet to port 3050/TCP of the vulnerable system and installs an agent if successful. CVE-2008-2559 Exploits/Remote Windows
11.21.2013 Apple Mac OS X Samba NetWkstaTransportEnum Request Remote Buffer Overflow Exploit Update This module exploits a vulnerability in Mac OS X Samba server. When a specially crafted call to "NetWkstaTransportEnum" RPC function is processed by the Samba server, it produces a heap overflow. This update adds support to Mac OSX 10.6.0 to 10.6.7 ( Server and not server versions ). Besides, this update improves the exploitation by reverting the Samba server impersonation and installing an agent with root privileges in all Mac OSX supported versions. CVE-2012-1182 Exploits/Remote Mac OS X
10.23.2011 e107 Install Script Command Injection Exploit e107 CMS is vulnerable to a command injection in its installation script due to a lack of sanitization on the MySQL server parameter. CVE-2011-1513 Exploits/Remote Windows, Solaris, Linux, Mac OS X
08.02.2010 Symantec AMS Intel Handler Service Command Injection Exploit This module exploits command injection vulnerability in Symantec AMS Intel Handler Service and install an agent into the target machine. CVE-2010-0110 Exploits/Remote Windows

Pages