Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
02.22.2013 EMC AlphaStor Device Manager Command Injection Exploit The Device Manager service (rrobotd.exe) in EMC AlphaStor is prone to an OS command injection vulnerability when processing DCP commands. A remote unauthenticated attacker can exploit this in order to execute arbitrary code with SYSTEM privileges on the vulnerable machine. CVE-2013-0928 Exploits/Remote Windows
12.25.2006 Novell eDirectory HTTP Protocol exploit update This module exploits a buffer overflow in Novell eDirectory HTTP Protocol. CVE-2006-5478 Exploits/Remote Windows
02.01.2009 Microsoft SQL Server sp_replwritetovarbin Remote Heap Overflow Exploit This module exploits a heap-based buffer overflow in the Microsoft SQL Server by sending a specially crafted SQL query. It has two uses: One as a Remote Exploit which needs authentication, and another as an SQL Injection Agent installer module, which needs an SQL Agent as a target. CVE-2008-5416 Exploits/Remote Windows
10.09.2012 TurboFTP Server PORT Command Buffer Overflow Exploit TurboFTP Server is prone to a buffer-overflow when processing a malformed PORT command. NOCVE-9999-54992 Exploits/Remote Windows
07.25.2011 ActiveFax Server FTP Buffer Overflow Exploit ActiveFax Server's FTP service has a remote buffer overflow vulnerability that can be exploited by an authenticated atacker. NOCVE-9999-48689 Exploits/Remote Windows
08.12.2014 Symantec Workspace Streaming Agent XMLRPC Request putFile Method Remote Code Execution Vulnerability Exploit A vulnerability exists in the ManagementAgentServer.putFile XMLRPC call exposed by the as_agent.exe service, which allows for uploading arbitrary files under the server root. This module abuses the auto deploy feature in the JBoss as_ste.exe instance in order to achieve remote code execution. Abused services listen on a single machine deployment, and also in the backend role in a multiple machine deployment. CVE-2014-1649 Exploits/Remote Windows
04.22.2010 MySQL with yaSSL SSL Certificate Handling Remote Stack Buffer Overflow Exploit MySQL compiled with yaSSL is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. CVE-2009-4484 Exploits/Remote Linux
05.27.2010 MicroWorld eScan Products Remote Command Execution Exploit Multiple MicroWorld eScan products are vulnerable to a remote command-execution vulnerability because they fail to properly sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary commands with superuser privileges. Successful attacks will completely compromise affected computers. The issue affects the following products versions prior to 4.1.x: eScan for Linux Desktop, eScan for Linux File Servers, MailScan for Linux Mail servers, WebScan for Linux Proxy Servers. NOCVE-9999-42682 Exploits/Remote Linux
09.24.2008 Alt-N Security Gateway Remote Buffer Overflow Exploit This module exploits a stack-based buffer overflow in the Alt-N Security Gateway by sending a specially crafted HTTP request to the TCP port 4000. CVE-2008-4193 Exploits/Remote Windows
05.31.2012 Novell ZENworks Configuration Management Preboot Service Opcode 0x21 Buffer Overflow Exploit This module exploits a remote stack-based buffer overflow vulnerability in the Preboot Service component of Novell ZENworks Configuration Management, by sending a specially crafted packet to the port 998/TCP. NOCVE-9999-43820 Exploits/Remote Windows
02.20.2014 HP Data Protector Cell Manager Opcode 263 Buffer Overflow Exploit The specific flaw exists within crs.exe which listens by default on a random TCP port. When parsing opcodes 214, 215, 216, 219, 257, and 263, the process blindly copies user supplied data into a fixed-length stack buffer. CVE-2013-6195 Exploits/Remote Windows
01.22.2012 InduSoft Web Studio CEServer Remote Code Execution Exploit The flaw exists in the Remote Agent (CEServer.exe) that listens by default on TCP port 4322, the process can not perform any authentication and copy the packages designed to a fixed size buffer. CVE-2011-4051 Exploits/Remote Windows
03.29.2015 HP Network NNMi PMD Buffer Overflow Exploit This module exploits a stack-based buffer overflow in HP Network Node Manager I (NNMi). The PMD service in HP NNMi is vulnerable to a stack-based buffer overflow when handling a specially crafted stack_option packet. CVE-2014-2624 Exploits/Remote Linux
02.19.2009 RealNetworks Helix DNA Server Remote Heap Overflow Exploit This module exploits a remote heap overflow in the Helix DNA Server (rmserver.exe) by sending a specially crafted RTSP packet to the 554/TCP port. CVE-2008-5911 Exploits/Remote Windows
03.12.2008 MSRPC Novell Netware Client EnumPrinters() Buffer Overflow Exploit Novell Client for Netware is prone to a buffer overflow vulnerability on the nwspool.dll that could permit the execution of arbitrary remote code. A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer. This module exploits this vulnerability and installs an agent. CVE-2008-0639 Exploits/Remote Windows
05.15.2011 HP OpenView NNM jovgraph displayWidth Buffer Overflow Exploit This module exploits a stack-based buffer overflow in the jovgraph.exe CGI application, a component of HP OpenView Network Node Manager, by sending a specially crafted packet. CVE-2011-0261 Exploits/Remote Windows
09.04.2014 OpenSSL TLS Heartbeat Read Overrun Memory Disclosure Exploit Update A missing boundary check in the TLS Heartbeat extension in OpenSSL can be abused by remote attackers to read up to 64 kb of memory from the server. This memory disclosure vulnerability can be used by remote unauthenticated attackers to obtain sensitive information from the affected server, including private keys and session cookies. This update adds features to the module, like the ability to read 64 kb of data from vulnerable services, reporting the results in the Module Output window, and saving the memory dumps to disk. It also improves the compatibility with OpenSSL services and adds support for FTPS. CVE-2014-0160 Exploits/Remote Linux
10.17.2007 Sun Java Web Console format string exploit This module exploits a format string vulnerability in the Sun Java Web Console and installs an agent. CVE-2007-1681 Exploits/Remote Solaris
11.30.2011 Coppermine picEditor Remote Code Execution Exploit The include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) (before 1.4.15), when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via a shell. CVE-2008-0506 Exploits/Remote Solaris, Mac OS X
09.02.2009 Exploit Modules Update for RPT This update applies missing attributes to a small number of exploits to ensure they are correctly selected by the Rapid Penetration Test Wizards. CVE-2008-1914 Exploits/Remote Windows, Linux
10.11.2007 MSRPC DNS Server Exploit Update Added support for Windows 2003 Standard Edition SP0 and SP1. CVE-2007-1748 Exploits/Remote Windows
05.20.2015 IBM Lotus Domino BMP parsing Buffer Overflow Exploit IBM Domino is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when parsing BMP images. By sending a specially-crafted bitmap image, a remote attacker could overflow a buffer and execute arbitrary code on the system or make the application crash. CVE-2015-1903 Exploits/Remote Windows
06.16.2010 UnrealIRCd Backdoor Unauthorized Access Exploit This module exploits a remote command execution vulnerability found in UnrealIRCd by using an unauthorized backdoor. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-4893 Exploits/Remote Solaris, Linux
06.09.2008 Borland InterBase Remote Integer Overflow Exploit This module exploits a buffer overflow vulnerability in the database service (ibserver.exe) of the Borland InterBase 2007 application. The exploit triggers an integer overflow and causes a stack-based buffer overflow by sending a specially crafted packet to port 3050/TCP of the vulnerable system and installs an agent if successful. CVE-2008-2559 Exploits/Remote Windows
12.29.2008 NaviCOPA Web Server Remote Buffer Overflow Exploit The vulnerability is caused due to a boundary error within the handling of HTTP GET requests. This may allow execution of arbitrary code by sending an overly long, specially crafted HTTP GET request to the server. CVE-2006-5112 Exploits/Remote Windows
07.18.2012 FireFly Media Server Remote Format String Exploit This module exploits a remote format string vulnerability in FireFly Media Server by sending a sequence of HTTP requests to the 3689/TCP port. CVE-2007-5825 Exploits/Remote Linux
11.08.2009 Omni-NFS Enterprise FTP Server Buffer Overflow Exploit This vulnerability is caused by a buffer overflow in Omni-NFS Enterprise FTP Server, due to its lack of checking of user-supplied data within FTP requests. CVE-2006-5792 Exploits/Remote Windows
07.01.2007 Symantec Discovery XFERWAN Buffer Overflow Exploit This module exploits a stack-based buffer overflow vulnerability in the XferWan.exe component included with Symantec Discovery 6.5. The exploit sends a specially crafted TCP packet triggering a buffer overflow and installing an agent on the target system. CVE-2007-1173 Exploits/Remote Windows
12.09.2012 Remote Exploits File Header Update This update only modifies the description in the file header. CVE-2008-1914 Exploits/Remote Windows
09.26.2011 Iphone SSH Default Password Exploit This module exploits a default password vulnerability in jailbroken Iphone iOS. NOCVE-9999-49570 Exploits/Remote

Pages