Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
12.04.2012 VCMS Image Arbitrary Upload Exploit A unrestricted file upload vulnerability exists in includes/inline_image_upload.php within AutoSec Tools V-CMS 1.0. This allows remote attackers to execute arbitrary code by uploading a file with an executable extension and then accessing it via a direct request to the file in temp. CVE-2011-4828 Exploits/Remote Solaris, Linux, Windows, Mac OS X
07.23.2012 FlexNet License Server Manager lmgrd Buffer Overflow Exploit A stack buffer overflow exist in FlexNet License Server Manager due to the insecure usage of memcpy in the lmgrd service when handling crafted network packets. NOCVE-9999-52540 Exploits/Remote Windows
10.15.2013 TP-Link Camera uploadfile Unauthenticated File Upload Exploit This module exploits an unauthenticated file upload vulnerability on TP-Link IP cameras. Due to improper access restrictions, it is possible for a remote unauthenticated attacker to upload an arbitrary file to the /mnt/mtd directory on the camera by issuing a POST request against the file /cgi-bin/uploadfile. CVE-2013-2580 Exploits/Remote
11.30.2011 SugarCRM Remote Code Execution Exploit Update This update adds support for Solaris and Mac OS X platforms CVE-2009-2146 Exploits/Remote Linux, Solaris, Mac OS X
09.19.2007 Novell Messenger Server exploit update This package updates the Novell Messenger Server exploit. CVE-2006-0992 Exploits/Remote Windows
12.11.2008 3Com TFTP Transporting Mode Buffer Overflow Exploit This module exploits a buffer overflow vulnerability during the processing of TFTP Read/Write request packet types and cause a stack-based buffer overflow by sending a specially crafted packet with an overly long mode field. CVE-2006-6183 Exploits/Remote Windows
06.07.2011 Oracle VM Server Virtual Server Agent Command Injection Exploit By including shell meta characters within the second parameter to the 'urt_test_url' XML-RPC methodCall, an attacker can execute arbitrary commands. The service typically runs with root privileges. CVE-2010-3585 Exploits/Remote Linux
07.12.2007 mDNSResponder buffer overflow exploit This module exploits a buffer overflow vulnerability in the mDNSResponder service running on certain versions of Apple Mac OS X. The vulnerability is exploited remotely by sending a specially crafted UPnP Internet Gateway Device (IGD) packet and installing an agent. CVE-2007-2386 Exploits/Remote Mac OS X
08.26.2012 Ricoh DC DL-10 SR10 FTP USER Command Buffer Overflow Exploit Ricoh DC's DL-10 SR10 FTP Server is prone to a buffer-overflow vulnerability when handling data through the USER command. This can be exploited by supplying a long string of data to the affected command. NOCVE-9999-53623 Exploits/Remote Windows
07.20.2009 Soulseek Server Peer Search Buffer Overflow Exploit The application is prone to a stack-based buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data. Specifically, this issue occurs when performing a direct peer file search. CVE-2009-1830 Exploits/Remote Windows
05.16.2012 CA Total Defense UNCWS Web Service DeleteReports Remote Code Execution Exploit The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The DeleteReports method makes use of the uncsp_DeleteReports stored procedure, which is vulnerable to SQL Injection. A remote unauthenticated attacker can exploit this to execute arbitrary code on a vulnerable machine with SYSTEM privileges. CVE-2011-1653 Exploits/Remote Windows
11.21.2013 Apple Mac OS X Samba NetWkstaTransportEnum Request Remote Buffer Overflow Exploit Update This module exploits a vulnerability in Mac OS X Samba server. When a specially crafted call to "NetWkstaTransportEnum" RPC function is processed by the Samba server, it produces a heap overflow. This update adds support to Mac OSX 10.6.0 to 10.6.7 ( Server and not server versions ). Besides, this update improves the exploitation by reverting the Samba server impersonation and installing an agent with root privileges in all Mac OSX supported versions. CVE-2012-1182 Exploits/Remote Mac OS X
02.07.2010 WireShark LWRES Dissector Buffer Overflow Exploit This module exploits a stack-based buffer overflow in the WireShark LWRES dissector by sending a specially crafted LWRES packet. CVE-2010-0304 Exploits/Remote Windows
02.28.2011 Quick n Easy FTP Server Login DoS This module shuts down the Quick 'n Easy FTP Server because it fails to properly handle user-supplied malformed packets when login. CVE-2009-1602 Exploits/Remote Windows
10.02.2011 WinComLPD Remote Administration Buffer Overflow Exploit A buffer overflow in WinComLPD is triggered by sending an overly long authentication packet to the remote administration service. CVE-2008-5159 Exploits/Remote Windows
10.01.2012 HP Intelligent Management Center UAM sprintf Buffer Overflow Exploit A stack buffer overflow exists in HP Intelligent Management Center's uam.exe service which listens on port UDP/1811. The vulnerability is due to lack of validation of a string passed to sprintf. NOCVE-9999-54499 Exploits/Remote Windows
08.03.2009 Unisys Business Information Server Remote Buffer Overflow Exploit This module exploits a remote buffer overflow in the Unisys Business Information Server by sending a specially crafted packet to the 3989/TCP port. CVE-2009-1628 Exploits/Remote Windows
07.01.2014 Ericom AccessNow Server Buffer Overflow Exploit AccessNowServer32.exe is prone to a buffer overflow when handling a malformed HTTP request. CVE-2014-3913 Exploits/Remote Windows
02.24.2010 Openftpd Server Buffer Overflow Exploit The vulnerability is caused due to a boundary error within the authentication process. This can be exploited to cause a stack-based buffer overflow by sending an overly long, specially-crafted password to the affected server. NOCVE-9999-42236 Exploits/Remote Windows
04.28.2008 Arkeia Network Backup buffer overflow exploit update This package updates the Arkeia Network Backup exploit. CVE-2005-0491 Exploits/Remote Windows, Linux
07.11.2010 Microsoft Windows Print Spooler Buffer Overflow Exploit (MS09-022) Update This module exploits a buffer overflow vulnerability in the EnumeratePrintShares function in the Print Spooler Service in Microsoft Windows to install an agent in the target machine. This update adds TCP Spoofing Listener capabilities. CVE-2009-0228 Exploits/Remote Windows
01.08.2008 MySQL yaSSL Exploit This module exploits a remote buffer-overflow in MySQL servers using yaSSL. CVE-2008-0226 Exploits/Remote Windows, Linux, FreeBSD
02.12.2009 Oracle Secure Backup Command Injection Exploit This module exploits a command injection error in the Oracle Secure Backup Administration server. CVE-2008-5449 Exploits/Remote Windows, Linux
10.19.2011 MSRPC Server Service Remote Buffer Overflow Exploit (MS08-067) Update 5 This module exploits a vulnerability in the Microsoft Windows Server service by sending a specially crafted RPC request. This update adds reliability when exploiting all supported platforms. CVE-2008-4250 Exploits/Remote Windows
10.23.2008 Debian OpenSSL Predictable Random Number Generation Exploit Update This module exploits the random number generator in Debian's OpenSSL package being predictable. This vulnerability is used to generate SSH keys and to install an agent into the target host. This update contains: -Corrections of some documentation issues. -Performance optimizations. -New parameter for user's preferences. CVE-2008-0166 Exploits/Remote Linux
02.17.2015 HP Data Protector Remote Command Execution Exploit This module exploits a remote code execution vulnerability in HP Data Protector by sending a specially crafted request CVE-2014-2623 Exploits/Remote Windows
11.04.2012 HP Data Protector Express Create New Folder Buffer Overflow Exploit HP Data Protector Express is prone to a buffer-overflow when handling folder names in an insecure way by the dpwindtb.dll component. CVE-2012-0124 Exploits/Remote Windows
07.25.2011 Zend Server Java Bridge Design Flaw Remote Code Execution Exploit This module exploits a vulnerability in Java Bridge component of Zend Server. NOCVE-9999-47690 Exploits/Remote Windows, Linux, Mac OS X
02.06.2014 Zavio Camera RTSP Video Stream Unauthenticated Access Exploit The RTSP protocol authentication in the Zavio F3105 IP camera is disabled by default. This configuration error allows remote attackers to access the live video stream without being asked for credentials. CVE-2013-2569 Exploits/Remote
03.09.2008 SurgeMail Mail Server Exploit This module exploits a buffer overflow in SurgeMail Mail Server and installs an agent into the target host. A buffer overflow vulnerability is located in the function which handles the real CGI executables. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to this module. CVE-2008-1054 Exploits/Remote Windows