CORE Impact Pro Exploits and Security Updates

When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.

Use the controls below to navigate CORE Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
07.04.2013 ASN.1 Bit String SPNEGO exploit Update Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 encodings that cause arbitrary heap data to be overwritten. This update modifies the runtime value for this exploit. CVE-2003-0818 Exploits/Remote Windows
06.02.2010 IBM Informix librpc Remote Buffer Overflow Exploit This module exploits a remote buffer overflow in the RPC protocol parsing library (librpc.dll) included on IBM Informix Dynamic Server by sending a specially crafted authentication packet to the 36890/TCP port. CVE-2009-2753 Exploits/Remote Windows
09.16.2012 HP OpenView Performance Agent coda.exe Opcode 0x34 Buffer Overflow Exploit A buffer overflow exists in coda.exe process which listens on a random TCP port by default. The process trusts a value within a GET request as a size then proceeds to copy that many bytes of user-supplied data into a fixed-length buffer on the stack. CVE-2012-2019 Exploits/Remote Windows
06.15.2014 HP SiteScope issueSiebelCmd Remote Code Execution Exploit This module exploits a remote code execution vulnerability in HP SiteScope. The vulnerability exists in the APISiteScopeImpl web service, specifically in the issueSiebelCmd method, which allows the user to execute arbitrary commands without authentication. CVE-2013-4835 Exploits/Remote Windows, Linux
02.09.2011 Wireshark PROFINET Dissector Format String Exploit Update Wireshark is prone to a format-string vulnerability. Attackers can leverage this issue to execute arbitrary code within the context of the vulnerable application. Failed attacks will likely cause denial-of-service conditions. This update adds windows 7 support. CVE-2009-1210 Exploits/Remote Windows
01.12.2012 Telnetd encrypt_keyid Remote Buffer Overflow Exploit Update A buffer overflow in libtelnet/encrypt.c in Inetutils and Heimdal implementations of telnetd allows remote attackers to execute arbitrary code with root permissions via a long encryption key. This update adds support for Debian and newer FreeBSD platforms. CVE-2011-4862 Exploits/Remote FreeBSD, Linux
07.24.2013 PHP Charts Remote Code Execution Exploit This module exploits a vulnerability in PHP Charts 1.0. The url.php script eval()s every single GET key/value pair. Leading to code execution. NOCVE-9999-57634 Exploits/Remote
11.30.2009 OracleDB AUTH_SESSKEY Remote Buffer Overflow Exploit This module exploits a vulnerability in the Oracle Database Server. The vulnerability is triggered when the server processes a long string inside the AUTH_SESSKEY property resulting in a stack-based buffer overflow. CVE-2009-1979 Exploits/Remote Windows
07.21.2014 HP AutoPass License Server Remote Code Execution Exploit This module exploits a remote code execution vulnerability in HP AutoPass License Server. The CommunicationServlet component in HP AutoPass License Server does not enforce authentication and has a directory traversal vulnerability allowing a remote attacker to execute arbitrary code trough a JSP page uploaded to the vulnerable server. CVE-2013-6221 Exploits/Remote Windows
01.08.2008 MySQL yaSSL Exploit This module exploits a remote buffer-overflow in MySQL servers using yaSSL. CVE-2008-0226 Exploits/Remote Windows, Linux, FreeBSD
01.26.2012 HP Diagnostics Server magentservice Remote Buffer Overflow Exploit A buffer overflow in magentservice.exe within HP Diagnostics allows remote attackers to execute arbitrary code via a crafted size value in a packet. CVE-2011-4789 Exploits/Remote Windows
06.12.2007 Apache Tomcat buffer overflow exploit This module exploits a buffer overflow vulnerability in the Apache Tomcat JK Web Server Connector and installs an agent. An attacker can use an overly long URL to trigger a buffer overflow in the URL work map routine (map_uri_to_worker()) in the mod_jk.so library, resulting in the compromise of the target system. CVE-2007-0774 Exploits/Remote Linux
12.27.2009 SAP GUI SAPLPD Multiple Command Buffer Overflow Exploit Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands. CVE-2008-0621 Exploits/Remote Windows
05.02.2013 BigAnt IM Server DDNF Username Buffer Overflow Exploit BigAnt IM Server is vulnerable to a buffer-overflow within the AntDS.exe component when handling an overly long username. NOCVE-9999-57633 Exploits/Remote Windows
02.01.2009 Microsoft SQL Server sp_replwritetovarbin Remote Heap Overflow Exploit This module exploits a heap-based buffer overflow in the Microsoft SQL Server by sending a specially crafted SQL query. It has two uses: One as a Remote Exploit which needs authentication, and another as an SQL Injection Agent installer module, which needs an SQL Agent as a target. CVE-2008-5416 Exploits/Remote Windows
07.09.2009 Zabbix 1.6.2 Remote Code Execution Exploit A Remote Code Execution issue has been found in Zabbix version 1.6.2 and no authentication is required in order to exploit this vulnerability. Magic Quotes must be turned off in order to exploit this vulnerability. NOTE: Magic quotes is no longer supported by PHP starting with PHP 6.0 NOCVE-9999-37058 Exploits/Remote Linux
03.10.2014 OracleDB TNS Listener Remote Poisoning Vulnerability Exploit Oracle Database Server is prone to a remote vulnerability that allows attackers to poison the data handled by the remote 'TNS Listener' component of the application. This module tries to verify if the vulnerability is present in the 'TNS Listener' component of the database server, without deploying an agent. If a database instance name is supplied, it will be used to check for the vulnerability against the TNS listener of the target, but this could affect future client connections, as long as the module is running. If no database instance name is supplied, the module will try to register a random name. CVE-2012-1675 Exploits/Remote Windows, Linux
02.14.2012 CA iTechnology iGateway Debug Mode Buffer Overflow Exploit The CA iGateway component, contains a buffer overflow vulnerability due to improper bounds checking on HTTP GET requests by the iGateway component when debug mode is enabled. CVE-2005-3190 Exploits/Remote Windows
09.28.2011 DCERPC Based Exploits Reliability Fix This update enhances the reliability of DCERPC based exploits. Exploits/Remote
10.19.2010 IBM Lotus Domino iCalendar Organizer Buffer Overflow Exploit A stack-based buffer overflow exists in the nRouter.exe component of IBM Lotus Domino when parsing the ORGANIZER field of an iCalendar invitation. This can be exploited by a remote, unauthenticated attacker to execute arbitrary code by sending a specially crafted e-mail to the Lotus Domino SMTP server. CVE-2010-3407 Exploits/Remote Windows
11.04.2008 MSRPC Server Service Remote Buffer Overflow Exploit (MS08-067) Update This module exploits a vulnerability in the Microsoft Server service sending a specially crafted RPC request. This module improves the reliability of the exploit on Windows 2000 and adds support for Windows XP SP3. CVE-2008-4250 Exploits/Remote Windows
05.22.2011 NetSupport Manager Agent Buffer Overflow Exploit This module exploits a stack based buffer overflow in Netsupport Agent via a long control hostname to TCP port 5405. CVE-2011-0404 Exploits/Remote Linux, Mac OS X
05.10.2012 PHP-CGI Argument Injection Exploit This module exploits an argument injection vulnerability in PHP up to version 5.3.12 and 5.4.2 when running as a standalone CGI processor and takes advantage of the -d flag to achieve remote code execution. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2012-1823 Exploits/Remote Windows, OpenBSD, Linux, FreeBSD
06.05.2008 MDaemon IMAP Fetch Exploit Update This module exploits a stack-based buffer overflow in the MDaemon Email Server 9.64. CVE-2008-1358 Exploits/Remote Windows
08.11.2009 Bopup Communications Server Remote Buffer Overflow Exploit The vulnerability is caused due to a boundary error and can be exploited to cause a stack-based buffer overflow via a specially crafted TCP packet sent to port 19810. Successful exploitation allows execution of arbitrary code. CVE-2009-2227 Exploits/Remote Windows
03.26.2012 Sysax Multi Server SSH Username Buffer Overflow Exploit This module exploits a stack based buffer overflow on Sysax Multi Server when parsing an overly long username at the beginning of an SSH session. NOCVE-9999-51516 Exploits/Remote Windows
01.02.2011 FreeFloat FTP Server Reply Buffer Overflow Exploit FreeFloat FTP server is prone to a buffer-overflow vulnerability when handling overly long replies. NOCVE-9999-46263 Exploits/Remote Windows
02.08.2010 WireShark LWRES Dissector Buffer Overflow Exploit Update This module exploits a stack-based buffer overflow in the WireShark LWRES dissector by sending a specially crafted LWRES packet. This update adds support for more WireShark versions. CVE-2010-0304 Exploits/Remote Windows
08.29.2005 Exchange X-LINK2STATE CHUNK Exploit This module exploits a heap based buffer overflow handling the X-LINK2STATE command in the SMTP service of Exchange Server. CVE-2005-0560 Exploits/Remote Windows
05.16.2010 HP Storage Data Protector MSG_PROTOCOL Buffer Overflow Exploit This module exploits a remote buffer overflow in the OmniInet.exe service included in the HP OpenView Storage Data Protector application by sending a malformed MSG_PROTOCOL packet. CVE-2007-2280 Exploits/Remote Windows

Pages