Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Titlesort descending Description Vulnerabilty Category Platform
03.04.2007 uTorrent Torrent File Handling Buffer Overflow Exploit This module exploits a stack-based buffer overflow in uTorrent 1.6 when parsing a malformed "announce" tag in a .torrent file. CVE-2007-0927 Exploits/Client Side Windows
03.25.2010 VariCAD DWB Buffer Overflow Exploit VariCAD is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks when opening .DWB files. NOCVE-9999-42557 Exploits/Client Side Windows
01.03.2007 VBE Object ID Buffer Overflow Exploit This module exploits a heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3, via a document with a long ID parameter. CVE-2003-0347 Exploits/Client Side Windows
03.01.2010 vBulletin acuparam Cross Site Scripting Exploit Input passed via the URL is not properly sanitised before being returned to the user within the search.php, sendmessage.php, showgroups.php, usercp.php, online.php, misc.php, memberlist.php, member.php, index.php, forumdisplay.php, inlinemod.php, newthread.php, private.php, profile.php, register.php, showthread.php, subscription.php, forum.php, faq.php, and calendar.php script. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. NOCVE-9999-42237 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
04.19.2010 vBulletin query Cross Site Scripting Exploit The application is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input to the 'query' parameter of the search pages. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. vBulletin 4.0.2 is vulnerable. This issue does not affect vBulletin 3.x versions. NOCVE-9999-42681 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
12.04.2012 VCMS Image Arbitrary Upload Exploit A unrestricted file upload vulnerability exists in includes/inline_image_upload.php within AutoSec Tools V-CMS 1.0. This allows remote attackers to execute arbitrary code by uploading a file with an executable extension and then accessing it via a direct request to the file in temp. CVE-2011-4828 Exploits/Remote Solaris, Linux, Windows, Mac OS X
08.17.2005 VERITAS Backup Exec Agent exploit This module exploits a stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 through 10.0 for Windows allowing remote attackers to execute arbitrary code. CVE-2005-0773 Exploits/Remote Windows
04.24.2008 Veritas Backup Exec exploit Update This module exploits a stack-based buffer overflow in the Agent Browser in VERITAS Backup Exec 7.3, 8.x before 8.60.3878 Hotfix 68, and 9.x before 9.1.4691 Hotfix 40, to install an agent on the target box. This update improves reliability for 8.x versions. CVE-2004-1172 Exploits/Remote Windows
12.12.2005 VERITAS NetBackup BPJava Exploit NetBackup Java user-interface is affected by a remote format string vulnerability. An attacker can exploit this vulnerability by crafting a malicious request that contains format specifiers. This module exploits this vulnerability and installs an agent. CVE-2005-2715 Exploits/Remote Windows, Linux
01.02.2007 VERITAS NetBackup BPJava Exploit update NetBackup Java user-interface is affected by a remote format string vulnerability. An attacker can exploit this vulnerability by crafting a malicious request that contains format specifiers. This module exploits this vulnerability and installs an agent. This update adds support for Linux. CVE-2005-2715 Exploits/Remote Windows, Linux
02.03.2010 Vermillion FTP Daemon Buffer Overflow Exploit The vulnerability is caused due to a boundary error with the handling of PORT commands. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted command passed to the affected server. NOCVE-9999-41966 Exploits/Remote Windows
05.18.2010 Vermillion FTP Daemon Buffer Overflow Exploit Update The vulnerability is caused due to a boundary error with the handling of PORT commands. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted command passed to the affected server. This update fix the Connect to connection method. NOCVE-9999-41966 Exploits/Remote Windows
05.19.2010 Vermillion FTP Daemon Buffer Overflow Exploit Update 2 The vulnerability is caused due to a boundary error with the handling of PORT commands. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted command passed to the affected server. This update fix the Connect to connection method for some virtual machines. NOCVE-9999-41966 Exploits/Remote Windows
07.23.2007 Versalsoft HTTP File Uploader Buffer Overflow Exploit This module exploits a vulnerability in the UFileUploaderD.dll control included in the HTTP File Upload ActiveX Control. The exploit is triggered when the AddFile() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. CVE-2007-2563 Exploits/Client Side Windows
03.09.2011 VicFTPS Server LIST Command DoS VicFTPS is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions. CVE-2008-2031 Denial of Service/Remote Windows
02.15.2011 VideoCharge Studio dwmapi DLL Hijacking Exploit VideoCharge Studio is prone to a vulnerability that may allow execution of dwmapi.dll if this dll is located in the same folder than a .VSC file. The attacker must entice a victim into opening a specially crafted .VSC file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code. NOCVE-9999-47003 Exploits/Client Side Windows
01.25.2011 VideoCharge Studio VSC File Buffer Overflow Exploit Video Charge Studio is prone to a buffer overflow vulnerability when parsing a malicious VSC files with a long Filename value field. NOCVE-9999-46284 Exploits/Client Side Windows
01.02.2008 VideoLAN VLC buffer overflow subtitle exploit VLC is able to handle the subtitles automatically in a very simple way, it just checks the presence of ssa files with the same name of the loaded video and a possible subtitles folder. The functions which handle the MicroDvd, SSA and Vplayer subtitle formats are vulnerable to some stack based buffer-overflow vulnerabilities which can allow an attacker to execute malicious code. Exploits/Client Side Windows
01.03.2008 VideoLAN VLC buffer overflow subtitle exploit update VLC is able to handle the subtitles automatically in a very simple way, it just checks the presence of ssa files with the same name of the loaded video and a possible subtitles folder. The functions which handle the MicroDvd, SSA and Vplayer subtitle formats are vulnerable to some stack based buffer-overflow vulnerabilities which can allow an attacker to execute malicious code. Added support for Windows Vista, 2003 and 2000. Exploits/Client Side Windows
01.30.2008 VideoLAN VLC Buffer Overflow Subtitle Exploit Update 2 VLC is able to handle the subtitles automatically in a very simple way,it just checks the presence of ssa files with the same name of the loaded video and a possible subtitles folder.The functions which handle the MicroDvd, SSA and Vplayer subtitle formats are vulnerable to some stack based buffer-overflow vulnerabilities which can allow an attacker to execute malicious code. This update adds support for Opera and Mozilla Firefox. CVE-2007-6681 Exploits/Client Side Windows
05.15.2008 VideoLAN VLC Buffer Overflow Subtitle Exploit Update 3 VLC is able to handle the subtitles automatically in a very simple way,it just checks the presence of SSA files with the same name of the loaded video and a possible subtitles folder. The functions which handle the MicroDVD, SSA and VPlayer subtitle formats are vulnerable to some stack based buffer-overflow vulnerabilities which can allow an attacker to execute malicious code. This exploit add support for VLC 0.86e version. CVE-2007-6681 Exploits/Client Side Windows
01.27.2011 VideoSpirit Pro Buffer Overflow Exploit VideoSpirit Pro is prone to a buffer overflow when parsing a .VISPRJ project file that contains an overly long "MP3" value. The vulnerability is caused due to a wrong check of the data before it is passed to strcpy(). This can be exploited to cause a stack-based buffer overflow via a specially crafted .VISPRJ file. CVE-2011-0499 Exploits/Client Side Windows
06.20.2012 VideoSpirit Pro Buffer Overflow Exploit Update VideoSpirit Pro is prone to a buffer overflow when parsing a .VISPRJ project file that contains an overly long "MP3" value. The vulnerability is caused due to a wrong check of the data before it is passed to strcpy(). This can be exploited to cause a stack-based buffer overflow via a specially crafted .VISPRJ file. This update adds the CVE number. CVE-2011-0499 Exploits/Client Side Windows
09.09.2009 VirtualMin Dom Parameter Cross Site Scripting Exploit Input passed to the "dom" parameter in left.cgi and via the URL to virtual-server/link.cgi is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. NOCVE-9999-39439 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
06.15.2010 Viscom Software Movie Player Pro SDK ActiveX Remote Buffer Overflow Exploit A stack-based buffer overflow occurs when you pass to "strFontName" parameter a string overly long than 24 bytes which leads into EIP overwrite allowing the execution of arbitrary code in the context of the logged on user. This happens because an inadequate space is stored into the buffer intended to receive the font name. CVE-2010-0356 Exploits/Client Side Windows
05.26.2011 VisiWave Site Survey Report File Processing Buffer Overflow Exploit The vulnerability is caused due to a boundary error in VisiWave Site Survey Report when handling report files. This can be exploited to cause a stack based buffer overflow via a specially crafted .VWR file. This module bypass DEP using ROP techniques. CVE-2011-2386 Exploits/Client Side Windows
11.18.2012 VisiWave Site Survey Report File Processing Buffer Overflow Exploit Update The vulnerability is caused due to a boundary error in VisiWave Site Survey Report when handling report files. This can be exploited to cause a stack based buffer overflow via a specially crafted .VWR file. This module bypass DEP using ROP techniques. This update adds CVE information. CVE-2011-2386 Exploits/Client Side Windows
11.25.2007 Visual Studio PDWizard.ocx Code Execution Exploit This module exploits a vulnerability in the PDWizard.ocx of the Visual Studio application. The module will run a malicious website in the CORE IMPACT console and wait for a user to connect and trigger the exploit. CVE-2007-4891 Exploits/Client Side Windows
08.12.2013 VLC Media Player ABC File Parsing Exploit The vulnerability is due to an error while parsing Parts field in ABC files which can result in an integer overflow in the libmodplug library used by VLC Media Player. NOCVE-9999-59318 Exploits/Client Side Windows
03.22.2011 VLC Media Player AMV File Memory Corruption Exploit A code execution vulnerability exists in the way that VLC handles specially crafted .AMV files. CVE-2010-3275 Exploits/Client Side Windows

Pages