CORE Impact Pro Exploits and Security Updates

When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.

Use the controls below to navigate CORE Impact exploits and other modules.

Released Datesort ascending Title Description Vulnerabilty Category Platform
01.03.2007 VBE Object ID Buffer Overflow Exploit This module exploits a heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3, via a document with a long ID parameter. CVE-2003-0347 Exploits/Client Side Windows
01.02.2007 VERITAS NetBackup BPJava Exploit update NetBackup Java user-interface is affected by a remote format string vulnerability. An attacker can exploit this vulnerability by crafting a malicious request that contains format specifiers. This module exploits this vulnerability and installs an agent. This update adds support for Linux. CVE-2005-2715 Exploits/Remote Windows, Linux
12.25.2006 Novell Client NWSPOOL.DLL Buffer Overflow Exploit Novell Client for Netware is prone to a buffer overflow vulnerability on the nwspool.dll that could permit the execution of arbitrary remote code. The nwspool.dll library does not properly handle long arguments to the Win32 OpenPrinter() functions. CVE-2006-5854 Exploits/Remote Windows
12.25.2006 ProFTPD Controls Buffer Overflow Exploit update The internal stack may be overrun using the controls module with a special crafted control sequence. This condition can be exploited by attackers to ultimately execute instructions with the privileges of the ProFTPD process, typically administrator or system. CVE-2006-6563 Exploits/Local Linux
12.25.2006 MSRPC Netware Client CSNW Overflow exploit update This module exploits a buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows allows remote attackers to execute arbitrary code via crafted messages. CVE-2006-4688 Exploits/Remote Windows
12.25.2006 Novell eDirectory HTTP Protocol exploit update This module exploits a buffer overflow in Novell eDirectory HTTP Protocol. CVE-2006-5478 Exploits/Remote Windows
12.25.2006 Mac OS X Mach Exception Handling exploit update An error handling mechanism in the kernel of Mac OS X, provides the ability to control programs when certain types of errors are encountered. This module uses this mechanism to execute arbitrary code in privileged programs if an error is encountered. This update adds support for Mac OS X (i386) CVE-2006-4392 Exploits/Local
12.25.2006 CA BrightStor ARCserve Backup Discovery Service exploit This module exploits a vulnerability in BrightStor ARCserve/Enterprise Backup, which can be leveraged by an attacker to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the Discovery Service when processing received network traffic. This can be exploited to cause a buffer overflow by sending an overly large TCP data stream to port 41523. CVE-2006-5143 Exploits/Remote Windows
12.14.2006 ProFTPD Controls Buffer Overflow Exploit The internal stack may be overrun using the controls module with a special crafted control sequence. This condition can be exploited by attackers to ultimately execute instructions with the privileges of the ProFTPD process, typically administrator or system. CVE-2006-6563 Exploits/Local Linux
12.13.2006 Novell eDirectory HTTP Protocol exploit This module exploits a buffer overflow in Novell eDirectory HTTP Protocol. CVE-2006-5478 Exploits/Remote Windows
12.12.2006 MSRPC Netware Client CSNW Overflow exploit This module exploits a buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows allows remote attackers to execute arbitrary code via crafted messages. CVE-2006-4688 Exploits/Remote Windows
12.06.2006 IE XML HTTP Exploit update This module exploits a vulnerability in Microsoft XML Core Services. This update improves the stability of the exploit. CVE-2006-5745 Exploits/Client Side Windows
11.28.2006 MSRPC WKSSVC NetpManageIPCConnect exploit A remote code execution vulnerability exists in the Workstation service that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. CVE-2006-4691 Exploits/Remote Windows
11.23.2006 IE VML buffer overflow exploit update 2 This module exploits a buffer overflow in the Microsoft Internet Explorer via a Stack-based buffer overflow in Microsoft Internet Explorer 6.0 allowing remote attackers to execute arbitrary code via a long fill parameter within a rect tag in a Vector Markup Language (VML) file. This update adds support for Lotus Notes. CVE-2006-4868 Exploits/Client Side Windows
11.13.2006 McAfee ePolicy Orchestrator - Protection Pilot HTTP exploit This module exploits a buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126. CVE-2006-5156 Exploits/Remote Windows
11.09.2006 IE XML HTTP Exploit This module exploits a vulnerability in Microsoft XML Core Services. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2006-5745 Exploits/Client Side Windows
10.31.2006 Netscape Portable Runtime Environment log file overwrite exploit This module exploits a design error vulnerability in version 4.6.1 of NSPR, as included with Sun Microsystems Solaris 10, and allows attackers to create or overwrite arbitrary files on the system. CVE-2006-4842 Exploits/Local Solaris
10.29.2006 SQL Server Hello exploit update This module exploits a vulnerability in Microsoft SQL Server. This update improves the exploit reliability and adds support for Windows 2003 CVE-2002-1123 Exploits/Remote Windows
10.29.2006 MSRPC SRVSVC NetrpPathCanonicalize (MS06-040) exploit update 2 This module exploits a remotely exploitable vulnerability in Windows' Server Service (MS06-040) over Microsoft DCERPC (ports 139 and 445). This update adds support for windows 2003 sp0. CVE-2006-3439 Exploits/Remote Windows
10.22.2006 Windows IE Webview Setslice exploit update 2 This module exploits a buffer overflow in WebViewFolderIcon ActiveX control of Microsoft Internet Explorer and installs an agent. This update fixes a bug introduced by Mach Exception Handling exploit. CVE-2006-3730 Exploits/Client Side Windows
10.19.2006 Mac OS X Mach Exception Handling exploit An error handling mechanism in the kernel of Mac OS X, provides the ability to control programs when certain types of errors are encountered. This module uses this mechanism to execute arbitrary code in privileged programs if an error is encountered. Exploits/Local OpenBSD, Solaris, Linux, Mac OS X
10.18.2006 QuickTime JPEG Exploit Update 2 This module exploits a vulnerability in Apple QuickTime PictureViewer and installs an agent. This update improve the exploit reliability in Mac OS X. CVE-2005-2340 Exploits/Client Side Windows
10.18.2006 WS_FTP 5.05 XMD5 buffer overflow exploit This module exploits a stack overflow in WS_FTP 5.05 in XMD5 command and installs an agent. CVE-2006-5000 Exploits/Remote Windows
10.16.2006 AIX update_flash PATH usage exploit This module exploits a untrusted search path vulnerability in update_flash for IBM AIX. CVE-2006-2647 Exploits/Local AIX
10.10.2006 MDaemon POP3 exploit This module exploits a heap buffer overflow vulnerability in MDaemon POP3 service and installs an agent into the target host. CVE-2006-4364 Exploits/Remote Windows
10.08.2006 Windows IE Webview Setslice exploit update This module exploits a buffer overflow in WebViewFolderIcon ActiveX control of Microsoft Internet Explorer and installs an agent. This update adds support for more platforms. CVE-2006-3730 Exploits/Client Side Windows
10.03.2006 Windows IE Webview Setslice exploit This module exploits a buffer overflow in WebViewFolderIcon ActiveX control of Microsoft Internet Explorer and installs an agent. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2006-3730 Exploits/Client Side Windows
10.02.2006 QuickTime JPEG Exploit Update This module exploits a vulnerability in Apple QuickTime PictureViewer and installs an agent. This update adds support for Mac OS X CVE-2005-2340 Exploits/Client Side Windows
09.26.2006 IE VML buffer overflow exploit update This module exploits a buffer overflow in the Microsoft Internet Explorer via a Stack-based buffer overflow in Microsoft Internet Explorer 6.0 allowing remote attackers to execute arbitrary code via a long fill parameter within a rect tag in a Vector Markup Language (VML) file. This update adds support for Windows XP and Windows 2003. CVE-2006-4868 Exploits/Client Side Windows
09.21.2006 IE VML buffer overflow exploit This module exploits a buffer overflow in the Microsoft Internet Explorer via a Stack-based buffer overflow in Microsoft Internet Explorer 6.0 allowing remote attackers to execute arbitrary code via a long fill parameter within a rect tag in a Vector Markup Language (VML) file. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2006-4868 Exploits/Client Side Windows

Pages