CORE Impact Pro Exploits and Security Updates

When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.

Use the controls below to navigate CORE Impact exploits and other modules.

Released Date Titlesort descending Description Vulnerabilty Category Platform
12.12.2005 VERITAS NetBackup BPJava Exploit NetBackup Java user-interface is affected by a remote format string vulnerability. An attacker can exploit this vulnerability by crafting a malicious request that contains format specifiers. This module exploits this vulnerability and installs an agent. CVE-2005-2715 Exploits/Remote Windows, Linux
01.02.2007 VERITAS NetBackup BPJava Exploit update NetBackup Java user-interface is affected by a remote format string vulnerability. An attacker can exploit this vulnerability by crafting a malicious request that contains format specifiers. This module exploits this vulnerability and installs an agent. This update adds support for Linux. CVE-2005-2715 Exploits/Remote Windows, Linux
02.03.2010 Vermillion FTP Daemon Buffer Overflow Exploit The vulnerability is caused due to a boundary error with the handling of PORT commands. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted command passed to the affected server. NOCVE-9999-41966 Exploits/Remote Windows
05.18.2010 Vermillion FTP Daemon Buffer Overflow Exploit Update The vulnerability is caused due to a boundary error with the handling of PORT commands. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted command passed to the affected server. This update fix the Connect to connection method. NOCVE-9999-41966 Exploits/Remote Windows
05.19.2010 Vermillion FTP Daemon Buffer Overflow Exploit Update 2 The vulnerability is caused due to a boundary error with the handling of PORT commands. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted command passed to the affected server. This update fix the Connect to connection method for some virtual machines. NOCVE-9999-41966 Exploits/Remote Windows
07.23.2007 Versalsoft HTTP File Uploader Buffer Overflow Exploit This module exploits a vulnerability in the UFileUploaderD.dll control included in the HTTP File Upload ActiveX Control. The exploit is triggered when the AddFile() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. CVE-2007-2563 Exploits/Client Side Windows
03.09.2011 VicFTPS Server LIST Command DoS VicFTPS is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions. CVE-2008-2031 Denial of Service/Remote Windows
02.15.2011 VideoCharge Studio dwmapi DLL Hijacking Exploit VideoCharge Studio is prone to a vulnerability that may allow execution of dwmapi.dll if this dll is located in the same folder than a .VSC file. The attacker must entice a victim into opening a specially crafted .VSC file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code. NOCVE-9999-47003 Exploits/Client Side Windows
01.25.2011 VideoCharge Studio VSC File Buffer Overflow Exploit Video Charge Studio is prone to a buffer overflow vulnerability when parsing a malicious VSC files with a long Filename value field. NOCVE-9999-46284 Exploits/Client Side Windows
01.02.2008 VideoLAN VLC buffer overflow subtitle exploit VLC is able to handle the subtitles automatically in a very simple way, it just checks the presence of ssa files with the same name of the loaded video and a possible subtitles folder. The functions which handle the MicroDvd, SSA and Vplayer subtitle formats are vulnerable to some stack based buffer-overflow vulnerabilities which can allow an attacker to execute malicious code. Exploits/Client Side Windows
01.03.2008 VideoLAN VLC buffer overflow subtitle exploit update VLC is able to handle the subtitles automatically in a very simple way, it just checks the presence of ssa files with the same name of the loaded video and a possible subtitles folder. The functions which handle the MicroDvd, SSA and Vplayer subtitle formats are vulnerable to some stack based buffer-overflow vulnerabilities which can allow an attacker to execute malicious code. Added support for Windows Vista, 2003 and 2000. Exploits/Client Side Windows
01.30.2008 VideoLAN VLC Buffer Overflow Subtitle Exploit Update 2 VLC is able to handle the subtitles automatically in a very simple way,it just checks the presence of ssa files with the same name of the loaded video and a possible subtitles folder.The functions which handle the MicroDvd, SSA and Vplayer subtitle formats are vulnerable to some stack based buffer-overflow vulnerabilities which can allow an attacker to execute malicious code. This update adds support for Opera and Mozilla Firefox. CVE-2007-6681 Exploits/Client Side Windows
05.15.2008 VideoLAN VLC Buffer Overflow Subtitle Exploit Update 3 VLC is able to handle the subtitles automatically in a very simple way,it just checks the presence of SSA files with the same name of the loaded video and a possible subtitles folder. The functions which handle the MicroDVD, SSA and VPlayer subtitle formats are vulnerable to some stack based buffer-overflow vulnerabilities which can allow an attacker to execute malicious code. This exploit add support for VLC 0.86e version. CVE-2007-6681 Exploits/Client Side Windows
01.27.2011 VideoSpirit Pro Buffer Overflow Exploit VideoSpirit Pro is prone to a buffer overflow when parsing a .VISPRJ project file that contains an overly long "MP3" value. The vulnerability is caused due to a wrong check of the data before it is passed to strcpy(). This can be exploited to cause a stack-based buffer overflow via a specially crafted .VISPRJ file. CVE-2011-0499 Exploits/Client Side Windows
06.20.2012 VideoSpirit Pro Buffer Overflow Exploit Update VideoSpirit Pro is prone to a buffer overflow when parsing a .VISPRJ project file that contains an overly long "MP3" value. The vulnerability is caused due to a wrong check of the data before it is passed to strcpy(). This can be exploited to cause a stack-based buffer overflow via a specially crafted .VISPRJ file. This update adds the CVE number. CVE-2011-0499 Exploits/Client Side Windows
09.09.2009 VirtualMin Dom Parameter Cross Site Scripting Exploit Input passed to the "dom" parameter in left.cgi and via the URL to virtual-server/link.cgi is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. NOCVE-9999-39439 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
06.15.2010 Viscom Software Movie Player Pro SDK ActiveX Remote Buffer Overflow Exploit A stack-based buffer overflow occurs when you pass to "strFontName" parameter a string overly long than 24 bytes which leads into EIP overwrite allowing the execution of arbitrary code in the context of the logged on user. This happens because an inadequate space is stored into the buffer intended to receive the font name. CVE-2010-0356 Exploits/Client Side Windows
05.26.2011 VisiWave Site Survey Report File Processing Buffer Overflow Exploit The vulnerability is caused due to a boundary error in VisiWave Site Survey Report when handling report files. This can be exploited to cause a stack based buffer overflow via a specially crafted .VWR file. This module bypass DEP using ROP techniques. CVE-2011-2386 Exploits/Client Side Windows
11.18.2012 VisiWave Site Survey Report File Processing Buffer Overflow Exploit Update The vulnerability is caused due to a boundary error in VisiWave Site Survey Report when handling report files. This can be exploited to cause a stack based buffer overflow via a specially crafted .VWR file. This module bypass DEP using ROP techniques. This update adds CVE information. CVE-2011-2386 Exploits/Client Side Windows
11.25.2007 Visual Studio PDWizard.ocx Code Execution Exploit This module exploits a vulnerability in the PDWizard.ocx of the Visual Studio application. The module will run a malicious website in the CORE IMPACT console and wait for a user to connect and trigger the exploit. CVE-2007-4891 Exploits/Client Side Windows
08.12.2013 VLC Media Player ABC File Parsing Exploit The vulnerability is due to an error while parsing Parts field in ABC files which can result in an integer overflow in the libmodplug library used by VLC Media Player. NOCVE-9999-59318 Exploits/Client Side Windows
03.22.2011 VLC Media Player AMV File Memory Corruption Exploit A code execution vulnerability exists in the way that VLC handles specially crafted .AMV files. CVE-2010-3275 Exploits/Client Side Windows
08.28.2007 VLC Media Player Format String exploit This module runs a web server waiting for vulnerable clients to connect to it. When the client connects, it will try to install an agent by exploiting a vulnerability in VLC 0.86, which allows user-assisted remote attackers to execute code via a crafted OGG file that triggers format string and overwrites a subroutine pointer during rendering. CVE-2007-3316 Exploits/Client Side Windows, Linux, Mac OS X
12.16.2007 VLC Media Player Format String exploit linux support update This module tries to attack VLC Media Player by sending a crafted OGG file that triggers a format string and overwrites a subroutine pointer during rendering. This update adds support for linux. CVE-2007-3316 Exploits/Client Side Windows, Linux
10.04.2007 VLC Media Player Format String exploit update This update adds support for Mac OS X, Windows 2000 and Windows 2003 platforms and support for 0.86 and 0.86a versions of VLC. CVE-2007-3316 Exploits/Client Side Windows, Linux, Mac OS X
04.25.2011 VLC Media Player libmodplug Buffer Overflow Exploit VLC Media Player is prone to a buffer overflow vulnerability due to insufficient validation of user supplied data. An attacker is able to execute arbitrary code in the context of the user when opening malicious .S3M media files. CVE-2011-1574 Exploits/Client Side Windows
06.21.2012 VLC Media Player libmodplug Buffer Overflow Exploit Update VLC Media Player is prone to a buffer overflow vulnerability due to insufficient validation of user supplied data. An attacker is able to execute arbitrary code in the context of the user when opening malicious .S3M media files. This version adds the CVE number. CVE-2011-1574 Exploits/Client Side Windows
06.01.2011 VLC Media Player MKV File Memory Corruption Exploit This module exploits a vulnerability in VideoLan Media Player (VLC). A memory corruption vulnerability in the MKV demuxer plugin (ibmkv_plugin) in VLC Media Player 1.1.6.1 and earlier allowing remote attackers to execute arbitrary code via a MKV media file. CVE-2011-0531 Exploits/Client Side Windows, Mac OS X
11.05.2009 VLC Media Player MP4 Demuxer Buffer Overflow Exploit VLC media player is prone to multiple stack-based buffer-overflow vulnerabilities. When parsing a MP4, ASF or AVI file with an overly deep box structure, a stack overflow might occur. It would overwrite the return address and thus redirect the execution flow. Attackers can exploit these issues to execute arbitrary code in the context of the affected application or crash the application, denying service to legitimate users. VLC media player 1.0.1 is vulnerable; prior versions may also be affected. NOCVE-9999-40279 Exploits/Client Side Windows
03.22.2011 VLC Media Player NSV Memory Corruption Exploit A code execution vulnerability exists in the way that VLC handles specially crafted .NSV (Nullsoft streaming video file) files when opening in Internet Explorer 6 or 7. CVE-2010-3276 Exploits/Client Side Windows

Pages