CORE Impact Pro Exploits and Security Updates

When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.

Use the controls below to navigate CORE Impact exploits and other modules.

Released Date Titlesort descending Description Vulnerabilty Category Platform
05.13.2009 VUPlayer CUE Buffer Overflow Exploit VUPlayer contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error when handling .CUE files. NOCVE-9999-37025 Exploits/Client Side Windows
01.20.2009 VUPlayer M3U Buffer Overflow Exploit VUPlayer contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in VUPlayer when handling .M3U files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .M3U file. CVE-2006-6251 Exploits/Client Side Windows
01.27.2009 W3C Amaya Web Browser INPUT Tag Buffer Overflow Exploit Multiple stack buffer overflow vulnerabilities have been discovered in Amaya, which can be exploited by malicious people to compromise a users system. This module runs a web server waiting for vulnerable clients (W3C Amaya Web Browser) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. NOCVE-9999-35964 Exploits/Client Side Windows
01.29.2014 Watermark Master Buffer Overflow Exploit Watermark Master is prone to a buffer overflow vulnerability when handling WCF files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing users to open a specially crafted WCF file. NOCVE-9999-60773 Exploits/Client Side Windows
01.03.2010 WebApps Cross-Site Scripting v10.0 rev 1 This update resolves a conflict found when replacing executables links with links to OS agents. Exploits/Cross Site Scripting (XSS)
03.16.2009 WebApps Cross-Site Scripting v8.0 rev 1 This package updates WebApps' Cross-Site Scripting features to improve accuracy of detection and reporting of vulnerabilities. Exploits/Cross Site Scripting (XSS)
08.02.2009 WebApps Cross-Site Scripting v9.0 rev 1 This update resolves a conflict found when interacting with a XSS vulnerablility in HTTPS pages. Exploits/Cross Site Scripting (XSS)
09.07.2009 WebApps Cross-Site Scripting v9.0 rev 2 This update resolves a conflict created when working with more than one XSS Exploit Generator at the same time. It also brings more stability when processing deleted Web Browser Agents. Exploits/Cross Site Scripting (XSS)
03.03.2009 WebApps Exploit Generator Update v8.0 rev 1 Update solving a conflict between new XSS Exploits and XSS Exploit Generator Exploits/Cross Site Scripting (XSS)
04.17.2008 WebApps SQL Injection updates This package updates WebApps' SQL Injection features to improve detection of a SQL Agent's capabilities, fix escaping of SQL statements for Oracle and SQL Server, add a new export command to the SQL Shell and improve its handling of empty result sets. Exploits/SQL Injection
05.15.2008 WebApps SQL Injection updates v2 This package updates WebApps' SQL Injection features to fix an issue when detecting the database's version. Exploits/SQL Injection
04.19.2009 WebApps SQL Injection v8.0 rev 1 This package updates WebApps' SQL Injection features to improve accuracy of detection of vulnerabilities. Exploits/SQL Injection
11.21.2012 WebCalendar Remote Code Execution Exploit This module exploits a command injection vulnerability in WebCalendar prior to 1.2.4 in order to install an agent. CVE-2012-1495 Exploits/Remote Windows, Linux, Mac OS X
12.04.2012 WeBid converter Remote Code Execution Exploit Input passed via the "from" and "to" POST parameters to converter.php is not properly sanitised before being stored in includes/currencies.php. This can be exploited to inject and execute arbitrary PHP code. NOCVE-9999-53406 Exploits/Remote Code Execution Solaris, Linux, Windows, Mac OS X
06.11.2014 WellinTech KingSCADA AEServer Buffer Overflow Exploit The KingSCADA application has a stack-based buffer overflow vulnerability where the application overwrites the structured exception handler (SEH). An attacker could send a specially crafted packet to KingSCADA, and the application would handle the packet incorrectly, causing a stack-based buffer overflow. CVE-2014-0787 Exploits/Remote Windows
05.14.2014 WellinTech KingScada kxClientDownload ActiveX Exploit By properly setting the ProjectURL property, it is possible for an attacker to download an arbitrary dll file from a remote location and run the code in the dll in the context of the target process. CVE-2013-2827 Exploits/Client Side Windows
12.22.2008 WFTPD Server SIZE Command Buffer Overflow Exploit An internal memory buffer may be overrun while handling long "SIZE" command. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the WFTPD Server process. CVE-2006-4318 Exploits/Remote
12.10.2012 WibuKey Runtime for Windows ActiveX Exploit The vulnerability exists within the WkWin32.dll module when processing the DisplayMessageDialog() method. NOCVE-9999-55893 Exploits/Client Side Windows
01.04.2011 win32api update Update for win32api module which adds 2 new wrappers. Exploits/Local
01.31.2006 Winamp Computer Name Handling Buffer Overflow Exploit This module exploits a vulnerability in Winamp 5.12 WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. This update can be downloaded and installed by selecting 'Modules' -> 'Update modules' from IMPACT's main menu. A workspace must be opened for the operation to succeed. CVE-2006-0476 Exploits/Client Side Windows
09.22.2009 Winamp Computer Name Handling Buffer Overflow Exploit Update This module exploits a vulnerability in Winamp 5.12. This Update adds support for Impact v9 and Windows XP SP3. CVE-2006-0476 Exploits/Client Side Windows
09.27.2010 Winamp dwmapi DLL Hijacking Exploit Winamp is prone to a vulnerability that may allow execution of dwmapi.dll if this dll is located in the same folder than .CDA file. NOCVE-9999-44965 Exploits/Client Side Windows
07.02.2009 Winamp gen_ff DLL Buffer Overflow Exploit Winamp is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. CVE-2009-1831 Exploits/Client Side Windows
09.23.2009 Winamp gen_ff DLL Buffer Overflow Exploit Update Winamp is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. This update enhances support for the Impact 9. CVE-2009-1831 Exploits/Client Side Windows
03.17.2010 Winamp Impulse Tracker Sample Parsing Buffer Overflow Exploit The vulnerability is caused by a boundary error in the Module Decoder Plug-in (IN_MOD.DLL) when parsing samples and can be exploited to cause a heap-based buffer overflow via a specially crafted Impulse Tracker file. CVE-2009-3995 Exploits/Client Side Windows
01.03.2011 Winamp in_midi DLL MIDI Timestamp Buffer Overflow Exploit Winamp is prone to a buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data via a crafted .MID file. CVE-2010-4370 Exploits/Client Side Windows
06.13.2010 Winamp MP4 Processing Integer Overflow Exploit An integer overflow error exists in the processing of MP4 files. This can be exploited to cause a heap-based buffer overflow via e.g. an MP4 file containing a specially crafted "ctts" box. NOCVE-9999-43620 Exploits/Client Side Windows
01.24.2008 Winamp Ultravox Streaming Buffer Overflow Exploit This module exploits a vulnerability in Winamp Player when parsing the Ultravox Streaming metadata. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. CVE-2008-0065 Exploits/Client Side Windows
10.02.2011 WinComLPD Remote Administration Buffer Overflow Exploit A buffer overflow in WinComLPD is triggered by sending an overly long authentication packet to the remote administration service. CVE-2008-5159 Exploits/Remote Windows
04.16.2008 Windows .ANI file parsing Exploit Update An integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .BMP, .CUR, .ICO or .ANI file with a large image size field. You can force vulnerable clients to connect to the web server automatically by using this module to send them a specially designed e-mail to exploit this vulnerability by open it with Outlook or Outlook Express. When the victim reads the HTML message a .ANI file is requested to the exploit's web server. If the system is vulnerable an agent is installed exploiting a buffer overflow in the function that parses such file. CVE-2004-1049 Exploits/Client Side Windows

Pages