Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
04.09.2013 Apple Mac OS X Samba NetWkstaTransportEnum Request Remote Buffer Overflow Exploit This module exploits a vulnerability in Mac OS X Samba server. When a specially crafted call to "NetWkstaTransportEnum" RPC function is processed by the Samba server, it produces a heap overflow. CVE-2012-1182 Exploits/Remote Mac OS X
11.13.2006 McAfee ePolicy Orchestrator - Protection Pilot HTTP exploit This module exploits a buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126. CVE-2006-5156 Exploits/Remote Windows
10.03.2012 Novell File Reporter NFRAgent VOL Tag Buffer Overflow Exploit The vulnerability exists within NFRAgent.exe listening on TCP port 3037. When parsing tags inside the VOL element, the process performs insufficient bounds checking on user-supplied data prior to copying it on the stack. NOCVE-9999-54601 Exploits/Remote Windows
08.04.2014 Easy File Management Web Server UserID Cookie Handling Buffer Overflow Exploit The vulnerability is caused due to a boundary error when parsing the "UserID" value in the session cookie, which can be exploited to cause a stack-based buffer overflow. NOCVE-9999-65448 Exploits/Remote Windows
09.11.2005 MailEnable SMTP auth command exploit This module exploits a stack-based buffer overflow in Mailenable smtp for Windows, allowing remote attackers to execute arbitrary code via AUTH command input. CVE-2005-2223 Exploits/Remote Windows
06.11.2012 RabidHamster R4 Log Entry sprintf Buffer Overflow Exploit A stack overflow found in RabidHamster R4's web server by supplying a malformed HTTP request when generating a log. NOCVE-9999-52541 Exploits/Remote Windows
09.19.2007 Novell Messenger Server exploit update This package updates the Novell Messenger Server exploit. CVE-2006-0992 Exploits/Remote Windows
02.10.2014 HP ProCurve Manager SNAC UpdateDomainControllerServlet Exploit This module exploits a path traversal vulnerability in HP ProCurve Manager. The specific flaw exists within the UpdateDomainControllerServlet. This servlet improperly sanitizes the adCert argument allowing the remote attacker could upload a .jsp file and execute arbitrary code. Authentication is not required to exploit this vulnerability. CVE-2013-4811 Exploits/Remote Windows
08.05.2010 Oracle Secure Backup Authentication Bypass-Command Injection Exploit This module exploits an authentication bypass in the login.php in vulnerable versions of Oracle Secure Backup in order to execute arbitrary code via command injection parameters. CVE-2010-0904 Exploits/Remote Windows, Solaris
10.24.2011 Samba Username Map Script Command Injection Exploit The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the SamrChangePassword function, when the "username map script" smb.conf option is enabled. CVE-2007-2447 Exploits/Remote Linux
06.22.2010 Novell iManager Classname Buffer Overflow Exploit This module exploits a remote stack-based buffer overflow in Novell iManager when creating a class with an overly long name. CVE-2010-1929 Exploits/Remote Windows
11.01.2012 HP Data Protector EXEC_CMD Exploit Update This module exploits a buffer overflow vulnerability in HP Data Protector by sending a specially crafted EXEC_CMD request. This update fixes an issue when using InjectorEgg. CVE-2011-1866 Exploits/Remote Windows
02.02.2011 Kolibri Webserver HEAD Request Processing Buffer Overflow Exploit A vulnerability in Kolibri Webserver is caused by a buffer overflow error when handling overly long HEAD requests. This action could allow remote unauthenticated attackers to compromise a vulnerable web server via a specially crafted request. NOCVE-9999-46948 Exploits/Remote Windows
04.18.2011 7T Interactive Graphical SCADA System IGSSdataServer Remote Buffer Overflow Exploit This module exploits a remote stack-based buffer overflow in IGSSdataServer by sending a malformed packet to the 12401/TCP port. CVE-2011-1567 Exploits/Remote Windows
11.04.2009 Httpdx Web Server GET Request Buffer Overflow Exploit The vulnerability is caused due to a boundary error within Httpdx when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. CVE-2009-3711 Exploits/Remote Windows
06.21.2012 PHP-CGI Argument Injection Exploit Update This module exploits an argument injection vulnerability in PHP up to version 5.3.12 and 5.4.2 when running as a standalone CGI processor and takes advantage of the -d flag to achieve remote code execution. This update adds support for FreeBSD, OpenBSD, RedHat and Windows platforms. CVE-2012-1823 Exploits/Remote Windows, OpenBSD, Linux, FreeBSD
11.21.2007 Imatix Xitami If-Modified-Since Remote Buffer Overflow Exploit This module exploits a remote stack buffer overflow in the Xitami Server version 2.5c CVE-2007-5067 Exploits/Remote Windows
07.09.2009 Zabbix 1.6.2 Remote Code Execution Exploit A Remote Code Execution issue has been found in Zabbix version 1.6.2 and no authentication is required in order to exploit this vulnerability. Magic Quotes must be turned off in order to exploit this vulnerability. NOTE: Magic quotes is no longer supported by PHP starting with PHP 6.0 NOCVE-9999-37058 Exploits/Remote Linux
02.06.2012 NetTerm NetFTPD USER Buffer Overflow Exploit An internal memory buffer may be overrun while handling long "USER" command. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the NetTerm NetFTPD.exe process. CVE-2005-1323 Exploits/Remote Windows
11.23.2011 General Electric ihDataArchiver Service Remote Buffer Overflow Exploit This module exploits a remote buffer overflow vulnerability in the ihDataArchiver.exe service included in several GE SCADA applications by sending a malformed packet to the 14000/TCP port. CVE-2011-1918 Exploits/Remote Windows
06.15.2010 IBM Lotus Domino If-Modified-Since Buffer Overflow Exploit This module exploits a stack-based buffer overflow in the nHTTP.exe application, a component of Lotus Domino Server, by sending an HTTP request with an invalid value for the If-Modified-Since parameter. CVE-2007-0067 Exploits/Remote Windows
02.25.2010 SAdminD Buffer Overflow Exploit Update This modules exploits a stack buffer overflow of the sadmind daemon, and installs an agent as root. This update fix an issue when the module is launched from the Network Attack and Penetration Wizard. CVE-2008-4556 Exploits/Remote Solaris
04.03.2007 IIS HTR ChunkedEncoding exploit update This update adds support for Windows 2000 SP0 and fixes a reliability issue. The module exploits a vulnerability in the .HTR ISAPI filter in early versions of IIS. CVE-2002-0079 Exploits/Remote Windows
10.21.2014 SolidWorks Workgroup PDM 2014 Opcode 2001 Remote Code Execution Exploit Update A stack buffer overflow occurs when copying a user supplied input to a fixed size stack buffer without boundary check leading to overwrite the SEH and the return address. The copying procedure stops when a null word is found and no size check is proceeded. NOCVE-9999-65834 Exploits/Remote Windows
04.18.2012 Miniserv Perl Format String Exploit Update This update fixes an issue with the SSL support in the exploit for Usermin's and Webmin's perl format string vulnerability (CVE-2005-3912). CVE-2005-3912 Exploits/Remote Linux
01.10.2008 SAP MaxDB Remote Command Injection Exploit This module installs an agent using a remote command-injection vulnerability located in the database server. CVE-2008-0244 Exploits/Remote Windows
05.15.2014 Apache Struts ClassLoader Manipulation Remote Code Execution Exploit This module exploits a vulnerability in Apache Struts. The specific vulnerability is in the ParametersInterceptor, which allows a direct manipulation of the ClassLoader and as a result an attacker can execute arbitrary Java code in the target machine. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2014-0094 Exploits/Remote Linux
08.11.2009 Bopup Communications Server Remote Buffer Overflow Exploit The vulnerability is caused due to a boundary error and can be exploited to cause a stack-based buffer overflow via a specially crafted TCP packet sent to port 19810. Successful exploitation allows execution of arbitrary code. CVE-2009-2227 Exploits/Remote Windows
03.07.2012 Motorola Netopia netOctopus SDCS Buffer Overflow Exploit This module exploits a remote buffer overflow in the Motorola Netopia netOctopus SDCS server service. The vulnerability exists within the code responsible for parsing client requests. When reading in a request from the network, a 32-bit integer is read in that specifies the number of bytes that follow. This value is not validated, and is then used to read data into a fixed-size stack buffer. This results in an exploitable stack buffer overflow. CVE-2008-2153 Exploits/Remote Windows
10.20.2013 TP-Link Camera servetest Command Injection Exploit This module exploits an OS command injection vulnerability in the /cgi-bin/admin/servetest file of several TP-Link surveillance cameras. This vulnerability allows remote authenticated users to execute arbitrary commands on affected cameras. CVE-2013-2578 Exploits/Remote

Pages