Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
10.24.2013 PineApp Mail-SeCure ldapsynchnow.php Remote Code Execution Exploit This module exploits a vulnerability present in PineApp Mail-SeCure. The specific flaw exists within the component ldapsynchnow.php, which lacks proper sanitization, thus allowing command injection. NOCVE-9999-59234 Exploits/Remote Linux
05.15.2008 TFTPServer SP Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the handling of Error Packet for overwrite all the .bss section and some portion of the .idata section. CVE-2008-2161 Exploits/Remote Windows
10.06.2011 HP iNode Management Center iNodeMngChecker Remote Code Execution Exploit The flaw exists within the iNodeMngChecker.exe component which listens by default on TCP port 9090. When handling the 0x0A0BF007 packet type the process blindly copies user supplied data into a fixed-length buffer on the stack. CVE-2011-1867 Exploits/Remote Windows
09.18.2007 Surgemail Search Exploit This module exploits a stack-based buffer overflow in the Surgemail Server 3.x and deploys an agent when successful. The exploit triggers a buffer-overflow vulnerability due to insufficient bounds checking of user supplied input allowing remote attackers to execute arbitrary code on the remote machine. CVE-2007-4377 Exploits/Remote Windows
06.29.2011 HP Data Protector Omniinet.exe Remote Buffer Overflow This module exploits a buffer overflow vulnerability in HP Data Protector by sending a specially crafted packet to the vulnerable Omniinet.exe service. CVE-2011-1865 Exploits/Remote Windows
11.05.2014 Apache Struts ClassLoader Manipulation Remote Code Execution Exploit Update This module exploits a vulnerability in Apache Struts. The specific vulnerability is in the ParametersInterceptor, which allows a direct manipulation of the ClassLoader and as a result an attacker can execute arbitrary Java code in the target machine. This update adds support for Apache Struts 2.3.16, Windows (x86 and x64) and Linux (x64) platforms. CVE-2014-0094 Exploits/Remote Windows, Linux
09.21.2010 Integard Home and Pro Remote Buffer Overflow Exploit The vulnerability is caused due to a boundary error within the handling of HTTP POST requests. This may allow execution of arbitrary code by sending an overly long, specially crafted HTTP POST request to the server. NOCVE-9999-45121 Exploits/Remote Windows
04.10.2011 Symantec AMS Intel Alert Service AMSSendAlertAck Buffer Overflow Exploit This module exploits a stack-based buffer overflow in the Intel Alert Handler Service. CVE-2010-0110 Exploits/Remote Windows
10.31.2005 MSRPC SPOOLSS Buffer Overflow exploit This module exploits a heap based buffer overflow in the Print Spooler service (MS05-043) and installs an agent. CVE-2005-1984 Exploits/Remote Windows
08.10.2010 Chuggnutt HTML to Text Converter Remote Code Execution Exploit This module exploits a Chuggnutt HTML to Text Converter preg_replace using eval switch in multiple web applications in order to install an agent. Currently, this module supports AtMail Open and RoundCube Webmail. Exploits/Remote Windows, Linux
07.18.2013 Ultra Mini HTTPD Stack Buffer Overflow Exploit The vulnerability is caused due to a boundary error within Mini HTTPD when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. Arbitrary code can be directly executed by overwriting a return address. NOCVE-9999-58901 Exploits/Remote Windows
03.03.2013 Procyon Core Server HMI Scada Coreservice Buffer Overflow Exploit Update Vulnerability in the coreservice.exe component of Procyon Core Server versions 1.13 and below. While processing a password, the application fails to do proper bounds checking before copying data into a buffer on the stack. This causes a buffer overflow and allows it to overwrite a structured exception handling record, allowing for unauthenticated remote code execution. This version updates runtime value to the appropriate for this case. CVE-2011-3322 Exploits/Remote Windows
06.02.2009 Apple CUPS HP-GL2 filter Remote Code Execution Exploit Update This module exploits a specific flaw in the Hewlett-Packard Graphics Language filter. Inadequate bounds checking on the pen width and pen color opcodes result in an arbitrary memory overwrite allowing for the execution of arbitrary code as the "hgltops" process uid. -Linux Support added CVE-2008-3641 Exploits/Remote Linux, Mac OS X
02.12.2009 Debian OpenSSL Predictable Random Number Generation Exploit Update 2 This module exploits the random number generator in Debian's OpenSSL package being predictable. This vulnerability is used to generate SSH keys and to install an agent into the target host. The exploit will generate the complete vulnerable keyspace, and will try to log as the provided user. If the user is root, the agent will have superuser capabilities. This update improves exploit performance when used through Network Attack and Penetration RPT. CVE-2008-0166 Exploits/Remote Linux
09.19.2007 Novell Messenger Server exploit update This package updates the Novell Messenger Server exploit. CVE-2006-0992 Exploits/Remote Windows
06.06.2012 AT TFTP Server Long Filename Buffer Overflow Exploit Update 2 The vulnerability is caused due to a boundary error during the processing of TFTP Read/Write request packet types. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet with an overly long filename field. This update ensures that the program receives all data. This update fixes an error on Impact v12.3. CVE-2006-6184 Exploits/Remote Windows
04.26.2011 Wireshark packet dect Remote Stack Buffer Overflow Exploit A heap-based buffer overflow was found in the DECT dissector of Wireshark. A remote attacker could use this flaw to cause the Wireshark executable to crash or potentially to execute arbitrary code with the privileges of the user running Wireshark. CVE-2011-1591 Exploits/Remote Windows
09.22.2009 Phpmyadmin Server_databases Remote Code Execution Exploit Update This updates provides more readable log messages when specific errors occur and improves the reliability of the exploit. CVE-2008-4096 Exploits/Remote Linux
04.22.2010 MySQL with yaSSL SSL Certificate Handling Remote Stack Buffer Overflow Exploit MySQL compiled with yaSSL is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. CVE-2009-4484 Exploits/Remote Linux
04.18.2013 Nagios history Buffer Overflow Exploit This module exploits a remote buffer overflow in Nagios history.cgi by sending a malformed host parameter. CVE-2012-6096 Exploits/Remote Linux
12.05.2011 Tikiwiki jhot Remote Code Execution Exploit An unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory. CVE-2006-4602 Exploits/Remote Solaris, Linux
08.14.2011 RPT exploits ordering improvements With this update, RPT will prioritize newer exploits when attacking a target. CVE-2011-1567 Exploits/Remote Windows, AIX, Linux, Mac OS X, Solaris, FreeBSD
08.06.2014 Atlassian JIRA Issue Collector Plugin Path Traversal Vulnerability Exploit A path traversal vulnerability affects the Issue Collector plugin in Atlassian JIRA. This module exploits that vulnerability to achieve remote code execution. The installed agent will have SYSTEM privileges. CVE-2014-2314 Exploits/Remote Windows
06.26.2012 EZHomeTech EzServer Buffer Overflow Exploit EzServer is prone to a buffer-overflow when handling packets with an overly long string. NOCVE-9999-52789 Exploits/Remote Windows
08.24.2011 MSRPC Server Service Remote Buffer Overflow Exploit Reliability Enhancement This updates improves the reliability and AV Evasion of MSRPC Server Service Remote Buffer Overflow Exploit against Windows 2000 targets, in those cases where the target OS and Version is unknown before launching the exploit. Exploits/Remote Windows
05.17.2013 Light HTTP Daemon Buffer Overflow Exploit Light HTTPD is prone to a buffer overflow when handling specially crafted GET request packets. NOCVE-9999-57945 Exploits/Remote Windows
07.05.2009 phpScheduleit 1.2.10 Remote Code Execution Exploit Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter. CVE-2008-6132 Exploits/Remote Windows, Linux
12.19.2011 e107 Install Script Command Injection Exploit Update This update appends support for solaris and Mac OS X. CVE-2011-1513 Exploits/Remote Windows, Solaris, Linux, Mac OS X
11.08.2012 EMC NetWorker nsrd RPC Service Format String Exploit Update A Format string vulnerability in the nsrd RPC service within EMC NetWorker? allows remote attackers to execute arbitrary code via format string specifiers in a crafted message. This update adds Linux Support. CVE-2012-2288 Exploits/Remote Linux, Windows
03.25.2009 Moodle Tex Filter Remote Code Execution Exploit Upgrade This update adds Windows (XP) to the supported target systems for this exploit. NOCVE-9999-35969 Exploits/Remote Windows, Linux