Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Titlesort descending Description Vulnerabilty Category Platform
09.15.2011 Sunway Force Control SCADA httpsvr Exploit A buffer-overflow vulnerability affects the httpsvr.exe webserver included in the device. This issue occurs when handling an excessively large URI. CVE-2011-2960 Exploits/Remote Windows
02.06.2012 Sunway Force Control SCADA SMNP NetDBServer Buffer Overflow Exploit A stack based buffer overflow in the SNMP NetDBServer service of Sunway Forcecontrol is triggered when sending an overly long string to the listening service on port 2001. NOCVE-9999-51166 Exploits/Remote Windows
02.13.2013 Sunway Force Control SCADA SMNP NetDBServer Buffer Overflow Exploit Update A stack based buffer overflow in the SNMP NetDBServer service of Sunway Forcecontrol is triggered when sending an overly long string to the listening service on port 2001. This version updates runtime value to the appropriate for this case. NOCVE-9999-51166 Exploits/Remote Windows
10.25.2011 Sunway ForceControl SCADA YRWXls ActiveX Exploit A code execution vulnerability exists in the Login method of Sunway ForceControl YRWXls.ocx NOCVE-9999-49943 Exploits/Client Side Windows
08.21.2013 Super Player 3500 M3U Local Stack Buffer Overflow Exploit Super Player 3500 contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Super Player when handling long .m3u files. NOCVE-9999-59277 Exploits/Client Side Windows
08.12.2014 Supported services list update This package updates the list of network service TCP and UDP ports known to the Impact exploits framework. Exploits/Remote
03.09.2008 SurgeMail Mail Server Exploit This module exploits a buffer overflow in SurgeMail Mail Server and installs an agent into the target host. A buffer overflow vulnerability is located in the function which handles the real CGI executables. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to this module. CVE-2008-1054 Exploits/Remote Windows
04.21.2008 SurgeMail Mail Server Exploit update This module exploits a buffer overflow in SurgeMail Mail Server and installs an agent into the target host. A buffer overflow vulnerability is located in the function which handles the real CGI executables. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to this module. This exploit perform three attempts to disable DEP in XP SP2 and Windows 2003. CVE-2008-1054 Exploits/Remote Windows
09.18.2007 Surgemail Search Exploit This module exploits a stack-based buffer overflow in the Surgemail Server 3.x and deploys an agent when successful. The exploit triggers a buffer-overflow vulnerability due to insufficient bounds checking of user supplied input allowing remote attackers to execute arbitrary code on the remote machine. CVE-2007-4377 Exploits/Remote Windows
12.27.2005 SuSE Linux chfn exploit This module exploits a vulnerability in SuSE chfn command and escalates privileges to root. CVE-2005-3503 Exploits/Local Linux
12.02.2010 SWiSH Max dwmapi DLL Hijacking Exploit SWiSH Max is prone to a vulnerability that may allow execution of dwmapi.dll if this dll is located in the same folder than .SWI file. NOCVE-9999-45990 Exploits/Client Side Windows
10.28.2009 Symantec Altiris Deployment Solution ActiveX Exploit This module exploits an arbitrary file download and execute vulnerability in the Altiris.AeXNSPkgDL.1 ActiveX Control included in Symantec Altiris Deployment Solution. CVE-2009-3179 Exploits/Client Side Windows
02.03.2010 Symantec Altiris Deployment Solution RunCmd Buffer Overflow Exploit This module exploits a vulnerability in the AeXNSConsoleUtilities.dll control included in the Symantec ConsoleUtilities application. The vulnerability is triggered when the RunCmd method processes a long string argument resulting in a stack-based buffer overflow. CVE-2009-3033 Exploits/Client Side Windows
03.08.2011 Symantec AMS Intel Alert Handler Pin Number Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the Intel Handler Service. CVE-2010-0111 Exploits/Remote Windows
04.10.2011 Symantec AMS Intel Alert Service AMSSendAlertAck Buffer Overflow Exploit This module exploits a stack-based buffer overflow in the Intel Alert Handler Service. CVE-2010-0110 Exploits/Remote Windows
03.08.2011 Symantec AMS Intel Alert Service Modem String Buffer Overflow Exploit This module exploits a stack-based buffer overflow vulnerability in Symantec AMS Intel Handler Service and installs an agent onto the target machine. CVE-2010-0111 Exploits/Remote Windows
08.02.2010 Symantec AMS Intel Handler Service Command Injection Exploit This module exploits command injection vulnerability in Symantec AMS Intel Handler Service and install an agent into the target machine. CVE-2010-0110 Exploits/Remote Windows
05.31.2013 Symantec AMS Intel Handler Service DoS This module exploits a vulnerability in Symantec AMS Intel Handler service by sending a malformed packet to the 38292/TCP port to crash the application. CVE-2010-3268 Denial of Service/Remote Windows
03.05.2009 Symantec AppStream LaunchObj ActiveX Exploit This module exploits an arbitrary file download and execute vulnerability in the LaunchObj ActiveX Control included in Symantec AppStream Client. CVE-2008-4388 Exploits/Client Side Windows
08.01.2011 Symantec AppStream LaunchObj ActiveX Exploit Update This module exploits an arbitrary file download and execute vulnerability in the LaunchObj ActiveX Control included in Symantec AppStream Client. This update fixes an issue in the agent connector. CVE-2008-4388 Exploits/Client Side Windows
03.25.2008 Symantec BackupExec Calendar Buffer Overflow Exploit This module exploits a vulnerability in the Symantec BackupExec Calendar Control (PVCalendar.ocx). When the _DOWText0 property processes a long string argument, a stack based buffer overflow occurs allowing execution of arbitrary code. CVE-2007-6016 Exploits/Client Side Windows
11.18.2009 Symantec ConsoleUtilities ActiveX Control Buffer Overflow Exploit This module exploits a vulnerability in the AeXNSConsoleUtilities.dll control included in the Symantec ConsoleUtilities application. The exploit is triggered when the BrowseAndSaveFile method processes a long string argument resulting in a stack-based buffer overflow. CVE-2009-3031 Exploits/Client Side Windows
07.01.2007 Symantec Discovery XFERWAN Buffer Overflow Exploit This module exploits a stack-based buffer overflow vulnerability in the XferWan.exe component included with Symantec Discovery 6.5. The exploit sends a specially crafted TCP packet triggering a buffer overflow and installing an agent on the target system. CVE-2007-1173 Exploits/Remote Windows
05.30.2011 Symantec IM Manager Administrative Interface IMAdminSchedTask.asp Remote Code Execution Exploit This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is required to exploit this vulnerability in that a logged in user must be coerced into visiting a malicious link. The specific flaw exists within the ScheduleTask method exposed by the IMAdminSchedTask.asp page hosted on the web interface. This function does not properly sanitize user input from a POST variable before passing it to an eval call. An attacker can abuse this to inject and execute arbitrary ASP under the context of the user visiting the malicious link. CVE-2010-3719 Exploits/Client Side Windows
06.23.2011 Symantec IM Manager IMAdminSchedTask eval Command Injection Exploit This updates adds support for extra connection methods and web browser fingerprinting capabilities. Also, for consistency reasons, the module's display name was changed from "Symantec IM Manager Administrative Interface IMAdminSchedTask.asp Remote Code Execution Exploit" to "Symantec IM Manager IMAdminSchedTask eval Command Injection Exploit. CVE-2010-3719 Exploits/Client Side Windows
08.26.2009 Symantec Intel Alert Originator Service Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the Intel Alert Originator service by sending a specially crafted packet to the 38292/TCP port. CVE-2009-1430 Exploits/Remote Windows
09.03.2012 Symantec LiveUpdate Administrator Local Privilege Escalation Exploit This module exploits a privilege escalation vulnerability in Symantec LiveUpdate Administrator. CVE-2012-0304 Exploits/Local Windows
10.29.2012 Symantec Messaging Gateway SSH Support Account Exploit This module exploits a default password vulnerability in Symantec Messaging Gateway. CVE-2012-3579 Exploits/Remote Linux
06.14.2007 Symantec Norton Internet Security 2004 ActiveX Control Buffer Overflow Exploit This module exploits a buffer overflow in Norton Internet Security 2004, via a bug in ISLAert.dll, an ActiveX control installed by default. CVE-2007-1689 Exploits/Client Side Windows
02.02.2012 Symantec PCAnywhere awhost32 Remote Code Execution Exploit The flaw exists within the awhost32 component which is used when handling incoming connections. This process listens on TCP port 5631. When handling an authentication request the process copies the user supplied username unsafely to a fixed-length buffer. CVE-2011-3478 Exploits/Remote Windows

Pages