Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Datesort ascending Title Description Vulnerabilty Category Platform
01.28.2009 mIRC Buffer Overflow Exploit update The vulnerability is caused due to a boundary error in the processing of PRIVMSG IRC messages. This can be exploited to cause a stack-based buffer overflow by tricking a user into connecting to a malicious IRC server. CVE-2008-4449 Exploits/Client Side Windows
01.28.2009 HP OpenView NNM HTTP Request Stack Overflow Exploit This module exploits a buffer overflow vulnerability in the Toolbar application, part of the HP OpenView Network Node Manager application. The exploit triggers a stack-based buffer overflow by sending a specially crafted HTTP request to the ports 3443/TCP or 80/TCP of the vulnerable system and installs an agent if successful. CVE-2008-0067 Exploits/Remote Windows, Solaris
01.27.2009 W3C Amaya Web Browser INPUT Tag Buffer Overflow Exploit Multiple stack buffer overflow vulnerabilities have been discovered in Amaya, which can be exploited by malicious people to compromise a users system. This module runs a web server waiting for vulnerable clients (W3C Amaya Web Browser) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. NOCVE-9999-35964 Exploits/Client Side Windows
01.20.2009 Microsoft Internet Explorer XML Buffer Overflow Exploit Update This update improves the reliability of the exploit and adds support for Windows Vista. CVE-2008-4844 Exploits/Client Side Windows
01.20.2009 VUPlayer M3U Buffer Overflow Exploit VUPlayer contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in VUPlayer when handling .M3U files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .M3U file. CVE-2006-6251 Exploits/Client Side Windows
01.14.2009 Cain and Abel RDP Stack Overflow Exploit This module exploits a vulnerability caused by a boundary error in the processing of RDP files. This can be exploited to cause a stack-based buffer overflow by tricking a user into decoding a specially crafted RDP file. CVE-2008-5405 Exploits/Client Side
01.14.2009 XMPlay Playlist Files Buffer Overflow Exploit The vulnerability is caused due to a boundary error within the parsing of playlists (.m3u, .pls, and .asx) containing an overly long file name. This can be exploited to cause a stack-based buffer overflow via a specially crafted playlist file. CVE-2006-6063 Exploits/Client Side Windows
01.14.2009 Microsoft Windows SMB Buffer Underflow Exploit (MS08-063) Update This update add support to Microsoft Windows 2000 SP4 Professional, Server, Advanced Server and Windows 2003 SP0 Standard Edition and Enterprise Edition. CVE-2008-4038 Exploits/Remote Windows
01.12.2009 BulletProof FTP Client Buffer Overflow Exploit BulletProof FTP Client contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in BulletProof FTP Client when handling .BPS files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .BPS file. CVE-2008-5754 Exploits/Client Side
01.12.2009 MSRPC WKSSVC NetpManageIPCConnect Exploit Update 2 This module exploits a stack buffer overflow in the Workstation Service. This package addresses a compatibility problem when porting the module from version 7.6 to 8.0 of the framework. CVE-2006-4691 Exploits/Remote Windows
01.07.2009 Openfire Remote Command Injection Exploit This module exploits a Reflected Cross-Site Scripting vulnerability in Openfire to install an agent. CVE-2009-0496 Exploits/Client Side Windows, Mac OS X, Linux
12.29.2008 NaviCOPA Web Server Remote Buffer Overflow Exploit The vulnerability is caused due to a boundary error within the handling of HTTP GET requests. This may allow execution of arbitrary code by sending an overly long, specially crafted HTTP GET request to the server. CVE-2006-5112 Exploits/Remote Windows
12.29.2008 Mozilla Firefox UTF-8 Buffer Overflow Exploit This module exploits a buffer overflow in Mozilla Firefox when parsing a malformed UTF-8 encoded URL. CVE-2008-0016 Exploits/Client Side Windows, Linux
12.28.2008 Mac OS X smcFanControl Local Privilege Escalation Exploit This module exploits a buffer overflow vulnerability in smcFanControl on Apple Mac OS X 10.4.x when the software is installed with setuid root. An attacker can exploit this vulnerability to obtain root privileges. CVE-2008-6252 Exploits/Local Mac OS X
12.28.2008 Ffdshow URL Processing Buffer Overflow Exploit This module exploits a buffer overflow in the ffdshow codec when processing a specially crafted, long URL. CVE-2008-5381 Exploits/Client Side Windows
12.22.2008 CesarFTP MKD Command Buffer Overflow Exploit An internal memory buffer may be overrun while handling long MKD commands. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the CesarFTP process. CVE-2006-2961 Exploits/Remote
12.22.2008 Microsoft Works wkimgsrv.dll Memory Corruption Exploit This module exploits a vulnerability in the wkimgsrv.dll control shipped with Microsoft Works and many Microsoft Office Suites. The exploit is triggered when the WksPictureInterface() method processes a number as argument resulting in a memory corruption. The WksPictureInterface(), in certain circumstances, points to an invalid memory address that can be controlled to gain code execution. CVE-2008-1898 Exploits/Client Side Windows
12.22.2008 WFTPD Server SIZE Command Buffer Overflow Exploit An internal memory buffer may be overrun while handling long "SIZE" command. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the WFTPD Server process. CVE-2006-4318 Exploits/Remote
12.21.2008 Microsoft Windows SMB Credential Reflection Exploit (MS08-068) This module implements the SMB Relay attack to install an agent in the target machine. CVE-2008-4037 Exploits/Local Windows
12.18.2008 MiniShare HTTP GET Request Buffer Overflow Exploit The vulnerability is caused due to a boundary error in the handling of HTTP "GET" requests. This can be exploited to cause a buffer overflow by sending a specially crafted overly long request with a pathname larger than 1787 bytes. CVE-2004-2271 Exploits/Remote Windows
12.17.2008 BadBlue HTTP GET Request Buffer Overflow Exploit The vulnerability is caused due to a boundary error in ext.dll when processing an overly long PassThru command. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. CVE-2007-6377 Exploits/Remote Windows
12.16.2008 Realtek Media Player Playlist Buffer Overflow Exploit Realtek Media Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error when handling .PLA files. NOCVE-9999-0139 Exploits/Client Side
12.14.2008 Mercury IMAPD Login Buffer Overflow Exploit This module allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing the Mercury Mail Transport System. The vulnerability is caused due to a boundary error within Mercury/32 IMAPD Server Module (mercuryi.dll). This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed size memory buffer. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. Authentication is not required to exploit this vulnerability. CVE-2006-5961 Exploits/Remote Windows
12.11.2008 3Com TFTP Transporting Mode Buffer Overflow Exploit This module exploits a buffer overflow vulnerability during the processing of TFTP Read/Write request packet types and cause a stack-based buffer overflow by sending a specially crafted packet with an overly long mode field. CVE-2006-6183 Exploits/Remote Windows
12.11.2008 ProSysInfo TFTPDWIN Buffer Overflow Exploit This module exploits a buffer overflow vulnerability during the processing of requested resources to cause a stack-based buffer overflow by requesting a resource with an overly long name. CVE-2006-4948 Exploits/Remote Windows
12.10.2008 Opera file URI Handling Buffer Overflow Exploit Opera is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer. CVE-2008-5178 Exploits/Client Side Windows
12.09.2008 Mercury PH Server Module Buffer Overflow Exploit This module allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing the Mercury Mail Transport System. The vulnerability is caused due to a boundary error within Mercury/32 PH Server Module (mercuryh.dll). This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed size memory buffer. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. Authentication is not required to exploit this vulnerability. CVE-2005-4411 Exploits/Remote Windows
12.09.2008 AT TFTP Server Long Filename Buffer Overflow Exploit The vulnerability is caused due to a boundary error during the processing of TFTP Read/Write request packet types. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet with an overly long filename field. CVE-2006-6184 Exploits/Remote Windows
12.09.2008 Microsoft Internet Explorer XML Buffer Overflow Exploit This module exploits a buffer overflow in Internet Explorer 7 when handling malformed XML data. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2008-4844 Exploits/Client Side Windows
12.08.2008 SAdminD Buffer Overflow Exploit This modules exploits a stack buffer overflow of the sadmind daemon, and installs an agent as root. CVE-2008-4556 Exploits/Remote Solaris

Pages