CORE Impact Pro Exploits and Security Updates

When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.

Use the controls below to navigate CORE Impact exploits and other modules.

Released Date Titlesort descending Description Vulnerabilty Category Platform
03.22.2011 VLC Media Player NSV Memory Corruption Exploit A code execution vulnerability exists in the way that VLC handles specially crafted .NSV (Nullsoft streaming video file) files when opening in Internet Explorer 6 or 7. CVE-2010-3276 Exploits/Client Side Windows
02.22.2009 VLC Media Player RealText Processing Stack Overflow Exploit This module exploits a vulnerability in VideoLan Media Player (VLC). A stack-based buffer overflow in the ParseRealText function in the Subtitle demux plugin (modules\demux\subtitle.c) in VLC Media Player 0.9.4 allows remote attackers to execute arbitrary code via a realtext RT media file with a header containing a crafted size value. CVE-2008-5036 Exploits/Client Side Windows
08.02.2009 VLC Media Player RealText Processing Stack Overflow Exploit Update This module exploits a vulnerability in VideoLan Media Player (VLC). A stack-based buffer overflow in the ParseRealText function in the Subtitle demux plugin (modules\demux\subtitle.c) in VLC Media Player 0.9.4 allows remote attackers to execute arbitrary code via a realtext RT media file with a header containing a crafted size value. CVE-2008-5036 Exploits/Client Side Windows
07.01.2014 VLC Media Player RTSP Processing Buffer Overflow Exploit VLC Media Player is prone to a buffer overflow when handling a specially crafted RTSP packets within the LIVE555 Plugin (liblive555_plugin.dll). CVE-2013-6934 Exploits/Client Side Windows
07.21.2009 VLC Media Player SMB URI Handling Buffer Overflow Exploit VLC Media Player is prone to a stack-based buffer-overflow vulnerability when handling playlist files having an overly long SMB URI. CVE-2009-2484 Exploits/Client Side Windows
11.05.2008 VLC Media Player TY File Stack Based Buffer Overflow Exploit This module exploits a vulnerability in VideoLan Media Player (VLC). Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value. CVE-2008-4654 Exploits/Client Side Windows
11.09.2008 VLC Media Player TY File Stack Based Buffer Overflow Exploit Update This module exploits a vulnerability in VideoLan Media Player (VLC). Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value. This update improves exploit reliability. CVE-2008-4654 Exploits/Client Side Windows
09.07.2010 VLC Media Player wintab32 DLL Hijacking Exploit VLC Media Player is prone to a vulnerability that may allow execution of wintab32.dll if this dll is located in the same folder than .MP3 file. NOCVE-9999-44964 Exploits/Client Side Windows
01.09.2011 VLC Media Player wintab32 DLL Hijacking Exploit Update VLC Media Player is prone to a vulnerability that may allow execution of wintab32.dll if this dll is located in the same folder as a .MP3 file. This update adds CVE number and makes exploit compatible with the last WebDav version. NOCVE-9999-44964 Exploits/Client Side Windows
05.15.2012 VLC MMS Stream Handling Buffer Overflow Exploit A Stack-based buffer overflow in VideoLAN VLC media player allows remote attackers to execute arbitrary code via a crafted MMS:// stream. CVE-2012-1775 Exploits/Client Side Windows
03.20.2014 VLC MMS Stream Handling Buffer Overflow Exploit Update A Stack-based buffer overflow in VideoLAN VLC media player allows remote attackers to execute arbitrary code via a crafted MMS:// stream. This version fix a bug with source ip calculation. CVE-2012-1775 Exploits/Client Side Windows
11.14.2012 VMware ESX RetrieveProperties Remote DoS A security vulnerability was found in the VMware vSphere Hypervisor (ESXi) subsystem, allowing an unauthenticated remote DoS. The vulnerability could allow denial of service if a specially crafted request is sent to the vSphere API by an unauthenticated user. CVE-2012-5703 Denial of Service/Remote
11.28.2012 VMware ESX RetrieveProperties Remote DoS Update The VMware vSphere API contains a denial of service vulnerability. This issue allows an unauthenticated user to send a maliciously crafted API request and disable the host daemon. Exploitation of the issue would prevent management activities on the host but any virtual machines running on the host would be unaffected. This update adds the correct CVE number. CVE-2012-5703 Denial of Service/Remote
10.04.2009 VMware Fusion Privilege Escalation Exploit This module exploits a privilege escalation vulnerability on VMware Fusion. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-3281 Exploits/Local Mac OS X
06.07.2011 VMWare Infrastructure Client tsgetxu71ex552.dll ActiveX Exploit The vulnerability exists within the way that Internet Explorer instantiates GET Extension Factory COM objects, which are not intended to be created inside of the browser. The object does not initialize properly, and this leads to a memory corruption vulnerability. CVE-2011-2217 Exploits/Client Side Windows
11.27.2012 VMware OVF Tool Format String Exploit Format String vulnerability in OVF Tool when parsing crafted OVF files. CVE-2012-3569 Exploits/Client Side Windows
02.24.2008 VMware Shared Folders Directory Traversal Exploit This module exploits a vulnerability in VMware shared folders. CVE-2008-0923 Exploits/Local Windows
10.03.2007 VMware Vielib.DLL ActiveX Code Execution Exploit This module exploits a vulnerability in the vielib.dll of the VMWare application. The module will run a malicious website in the CORE IMPACT console and wait for a user to connect and trigger the exploit. CVE-2007-4155 Exploits/Client Side Windows
09.03.2008 VMware VMCI Arbitrary Code Execution Vulnerability Exploit Using the VMWare VMCI Arbitrary Code Execution vulnerability it is possible run code in the host machine. This module sends a malformed message through hardware port to host exploiting the vmware-vmx.exe process and installing an agent. CVE-2008-2099 Exploits/Local Windows
01.20.2014 VMware VMCI Privilege Escalation Exploit When the "vmci.sys" driver processes a crafted call from user an array index out of bound is exploited CVE-2013-1406 Exploits/Local Windows
12.18.2011 VMware_vmwarbase_DLL_ISO_File_Buffer_Overflow_Exploit VMware Workstation and VMware Player are prone to a stack overflow when parsing a specially crafted ISO file. CVE-2011-3868 Exploits/Client Side Windows
01.05.2014 Vortex Light Alloy M3U Playlist Buffer Overflow Exploit A Buffer Overflow exist in Vortex Light Alloy when parsing .M3U files. The vulnerability is caused due to a boundary error in Vortex Light Alloy when handling .M3U files beginning with "http://", when the application tries to obtain a stream from an url. This can be exploited to cause a stack-based buffer overflow via a specially crafted .M3U file. CVE-2013-6874 Exploits/Client Side Windows
05.13.2009 VUPlayer CUE Buffer Overflow Exploit VUPlayer contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error when handling .CUE files. NOCVE-9999-37025 Exploits/Client Side Windows
01.20.2009 VUPlayer M3U Buffer Overflow Exploit VUPlayer contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in VUPlayer when handling .M3U files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .M3U file. CVE-2006-6251 Exploits/Client Side Windows
01.27.2009 W3C Amaya Web Browser INPUT Tag Buffer Overflow Exploit Multiple stack buffer overflow vulnerabilities have been discovered in Amaya, which can be exploited by malicious people to compromise a users system. This module runs a web server waiting for vulnerable clients (W3C Amaya Web Browser) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. NOCVE-9999-35964 Exploits/Client Side Windows
01.29.2014 Watermark Master Buffer Overflow Exploit Watermark Master is prone to a buffer overflow vulnerability when handling WCF files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing users to open a specially crafted WCF file. NOCVE-9999-60773 Exploits/Client Side Windows
01.03.2010 WebApps Cross-Site Scripting v10.0 rev 1 This update resolves a conflict found when replacing executables links with links to OS agents. Exploits/Cross Site Scripting (XSS)
03.16.2009 WebApps Cross-Site Scripting v8.0 rev 1 This package updates WebApps' Cross-Site Scripting features to improve accuracy of detection and reporting of vulnerabilities. Exploits/Cross Site Scripting (XSS)
08.02.2009 WebApps Cross-Site Scripting v9.0 rev 1 This update resolves a conflict found when interacting with a XSS vulnerablility in HTTPS pages. Exploits/Cross Site Scripting (XSS)
09.07.2009 WebApps Cross-Site Scripting v9.0 rev 2 This update resolves a conflict created when working with more than one XSS Exploit Generator at the same time. It also brings more stability when processing deleted Web Browser Agents. Exploits/Cross Site Scripting (XSS)

Pages