CORE Impact Pro Exploits and Security Updates

When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.

Use the controls below to navigate CORE Impact exploits and other modules.

Released Date Titlesort descending Description Vulnerabilty Category Platform
04.06.2010 Symantec Veritas VRTSweb Remote Exploit This module exploits a code execution vulnerability in the Veritas Web Server service by sending a specially crafted authentication request to the 14300/TCP port. CVE-2009-3027 Exploits/Remote Windows
07.23.2012 Symantec Web Gateway blocked_file.php Remote Code Execution Exploit The spywall/blocked_file.php script of Symantec Web Gateway allows remote unauthenticated users to upload files with arbitrary extensions. This can be abused by attackers to execute arbitrary PHP code on vulnerable systems. CVE-2012-0299 Exploits/Remote Code Execution Linux
07.01.2012 Symantec Web Gateway PHP Injection Exploit This module exploits a remote code execution vulnerability in Symantec Web Gateway by using a log injection and a local file inclusion to run an arbitrary PHP script. CVE-2012-0297 Exploits/Remote Linux
06.16.2009 Symantec WinFax Buffer Overflow Exploit This module exploits a stack overflow in library DCCFAXVW.DLL of Symantec WinFax Pro. When passing an overly long string to the AppendFax() method, arbitrary code may be executed. NOCVE-9999-38346 Exploits/Client Side Windows
10.18.2010 Sync Breeze Server Login Request Buffer Overflow Exploit A vulnerability exists in Sync Breeze Server v2.2.34 when processing a remote clients "LOGIN" request.The vulnerability is caused due to a boundary error in libpal.dll when handling network messages and can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 9120. NOCVE-9999-45457 Exploits/Remote Windows
01.06.2008 SynCE Command Injection exploit This module exploits a command injection error in the function runScripts in vdccm (SynCE daemon), reached through an information message remote request. CVE-2008-1136 Exploits/Remote FreeBSD, Linux
01.17.2008 Synce Command injection exploit update This update adds the vulnerability name to reports. CVE-2008-1136 Exploits/Remote FreeBSD, Linux
03.26.2012 Sysax Multi Server SSH Username Buffer Overflow Exploit This module exploits a stack based buffer overflow on Sysax Multi Server when parsing an overly long username at the beginning of an SSH session. NOCVE-9999-51516 Exploits/Remote Windows
05.13.2009 Talkative IRC PRIVMSG Buffer Overflow Exploit Talkative IRC is prone to a stack-based buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. NOCVE-9999-37116 Exploits/Client Side Windows
12.01.2010 TechSmith Snagit dwmapi DLL Hijacking Exploit TechSmith Snagit is prone to a vulnerability that may allow execution of dwmapi.dll if this dll is located in the same folder than .SNAG file. CVE-2010-3130 Exploits/Client Side Windows
01.23.2013 Tectia SSH Server Authentication Bypass Remote Code Execution Exploit The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords. CVE-2012-5975 Exploits/Remote Linux
01.05.2012 Telnetd encrypt_keyid Remote Buffer Overflow Exploit Buffer overflow in libtelnet/encrypt.c in various implementations of telnetd allows remote attackers to execute arbitrary code with root permissions via a long encryption key. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2011-4862 Exploits/Remote FreeBSD, Linux
01.12.2012 Telnetd encrypt_keyid Remote Buffer Overflow Exploit Update A buffer overflow in libtelnet/encrypt.c in Inetutils and Heimdal implementations of telnetd allows remote attackers to execute arbitrary code with root permissions via a long encryption key. This update adds support for Debian and newer FreeBSD platforms. CVE-2011-4862 Exploits/Remote FreeBSD, Linux
02.12.2007 telnetd solaris -f root exploit This is a remote exploit for an Authentication bypass vulnerability present in telnetd daemon for Solaris 10. CVE-2007-0882 Exploits/Remote Solaris
06.22.2010 Tembria Server Monitor HTTP Request DoS Tembria Server vulnerability is caused due to an error in the processing of HTTP requests sent to the included web server. CVE-2010-1316 Denial of Service/Remote Windows
01.31.2010 Testlink login Cross Site Scripting Exploit A cross-site scripting vulnerability is present in TestLink before 1.8.5 allowing remote attackers to inject arbitrary web script or HTML via the req parameter to login.php. CVE-2009-4237 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
05.15.2008 TFTPServer SP Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the handling of Error Packet for overwrite all the .bss section and some portion of the .idata section. CVE-2008-2161 Exploits/Remote Windows
10.18.2009 TFTPServer SP Buffer Overflow Exploit Update This module exploits a buffer overflow vulnerability in the handling of Error Packet for overwrite all the .bss section and some portion of the .idata section. This module add the service specification tag. CVE-2008-2161 Exploits/Remote Windows
02.01.2012 TFTPServer SP RRQ Buffer Overflow Exploit TFTP Server is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer. CVE-2008-1611 Exploits/Remote Windows
07.21.2011 The KMPlayer MP3 Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in The KMPplayer when parsing a malformed, specially crafted .MP3 file. NOCVE-9999-48670 Exploits/Client Side Windows
12.01.2011 Tikiwiki graph_formula Remote Code Execution Exploit tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which will be processed by the create_function. CVE-2007-5423 Exploits/Remote Solaris, Linux
12.05.2011 Tikiwiki jhot Remote Code Execution Exploit An unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory. CVE-2006-4602 Exploits/Remote Solaris, Linux
01.04.2012 TinyIdentD Remote Buffer Overflow Exploit The vulnerability is a buffer overflow in TinyIdentD via a long string to TCP port 113. CVE-2007-2711 Exploits/Remote Windows
01.20.2011 TinyWebGallery Remote Code Execution Exploit This module exploits a TinyWebGallery local file-include vulnerability because TinyWebGallery fails to properly sanitize user-supplied input. The module takes advantage of the logging capabilities of the attacked software to remotely execute arbitrary code. CVE-2009-1911 Exploits/Remote Code Execution Windows, Solaris, AIX, Linux
10.27.2013 TinyWebGallery Remote Code Execution Exploit Update This module exploits a TinyWebGallery local file-include vulnerability because TinyWebGallery fails to properly sanitize user-supplied input. The module takes advantage of the logging capabilities of the attacked software to remotely execute arbitrary code. This update fixes some issues related with an updated library. Support for various platforms was added. CVE-2009-1911 Exploits/Remote Windows, Solaris, Linux
11.27.2007 Tivoli Storage Manager Exploit This module exploits a stack-based buffer overflow in the IBM Tivoli Storage Manager Express CAD Service 5.3. CVE-2007-4880 Exploits/Remote Windows
06.02.2011 Tomcat Deploy Manager Default Account Code Execution Exploit This module exploits a remote code execution vulnerability in Tomcat Web Server by using an default user account to upload an arbitrary file. CVE-2009-3548 Exploits/Remote Windows
11.22.2011 Tomcat Deploy Manager Default Account Code Execution Exploit Update This update enhaces the functionality of this module. CVE-2009-3548 Exploits/Remote Windows
11.15.2011 Tomcat orderby Cross Site Scripting Exploit The session list screen (provided by sessionList.jsp) in affected versions uses the orderBy and sort request parameters without applying filtering and therefore is vulnerable to a cross-site scripting attack. Users should be aware that Tomcat 6 does not use httpOnly for session cookies by default so this vulnerability could expose session cookies from the manager application to an attacker. CVE-2010-4172 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
02.19.2009 Total Video Player M3U Playlist Buffer Overflow Exploit Total Video Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Total Video Player when handling .M3U files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .M3U file CVE-2007-0949 Exploits/Client Side Windows

Pages