CORE Impact Pro Exploits and Security Updates

When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.

Use the controls below to navigate CORE Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
09.06.2011 OpenEMR pc_category Cross Site Scripting Exploit OpenEMR fails to sanitize the pc_category parameter in interface/main/calendar/index.php leading to a Cross-Site Scripting vulnerability. NOCVE-9999-49218 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
01.25.2010 Wordpress Google Analytics Plugin Cross-Site Scripting Exploit Input passed to the "s" parameter in index.php is not properly sanitised before being returned to the user in googleanalytics.php. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. NOCVE-9999-41354 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
01.02.2012 Flash XSS Analyzer Log update This Update modifies the way log is shown while running Flash XSS Analizer module, to clearly reflect the target with its result Exploits/Cross Site Scripting (XSS)
08.02.2009 WebApps Cross-Site Scripting v9.0 rev 1 This update resolves a conflict found when interacting with a XSS vulnerablility in HTTPS pages. Exploits/Cross Site Scripting (XSS)
01.03.2010 WebApps Cross-Site Scripting v10.0 rev 1 This update resolves a conflict found when replacing executables links with links to OS agents. Exploits/Cross Site Scripting (XSS)
03.03.2009 WebApps Exploit Generator Update v8.0 rev 1 Update solving a conflict between new XSS Exploits and XSS Exploit Generator Exploits/Cross Site Scripting (XSS)
03.16.2009 WebApps Cross-Site Scripting v8.0 rev 1 This package updates WebApps' Cross-Site Scripting features to improve accuracy of detection and reporting of vulnerabilities. Exploits/Cross Site Scripting (XSS)
09.07.2009 WebApps Cross-Site Scripting v9.0 rev 2 This update resolves a conflict created when working with more than one XSS Exploit Generator at the same time. It also brings more stability when processing deleted Web Browser Agents. Exploits/Cross Site Scripting (XSS)
06.09.2010 Exploit Improvements Update Package This update improves exploit functionality and exploit documentation. CVE-2009-3676 Denial of Service/Client Side Windows
02.11.2010 Microsoft Windows SMB Client Pool Corruption Vulnerability DoS (MS10-006) This module exploits a vulnerability in mrxsmb.sys when it responses to the client with a malformed SMB packet. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-0016 Denial of Service/Client Side Windows
05.07.2013 Microsoft Windows Win32k Font Parsing Vulnerability ClientSide DoS (MS13-036) This module exploits a vulnerability in Windows kernel (win32k.sys) when a crafted TTF font is open. CVE-2013-1291 Denial of Service/Client Side Windows
08.02.2010 Microsoft Windows Embedded OpenType Fonts Integer Overflow DoS (MS09-065) Update This module causes a DoS in win32k.sys when attempts are made to render a malformed embedded font. This updates improves the functionality of the module. CVE-2009-2514 Denial of Service/Client Side Windows
01.06.2012 Microsoft Windows TrueType Font Parsing Vulnerability Clientside DoS (MS11-087) When a crafted TTF file is processed by Windows kernel it produces a stack exhaustion finishing it in a BSoD. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2011-3402 Denial of Service/Client Side Windows
11.12.2009 Microsoft Windows Remote Kernel Infinite Loop DoS This module sends a malformed NetBIOS packet executing an infinite loop in the target. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-3676 Denial of Service/Client Side Windows
01.13.2010 Microsoft Windows Remote Kernel Infinite Loop DoS Update This module sends a malformed NetBIOS packet which causes the execution of an infinite loop in the target system. This update adds support to Microsoft Windows 2008 and more Microsoft Windows 7 versions. This update adds support to Microsoft Windows as source agent spoofing a network address. Denial of Service/Client Side Windows
06.22.2010 Microsoft Windows SMB Client Transaction DoS (MS10-020) This module exploits a remote vulnerability in Microsoft Windows SMB client allowing the attacker to cause a DoS in the remote host. CVE-2010-0270 Denial of Service/Client Side Windows
11.16.2009 Microsoft Windows Embedded OpenType Fonts Integer Overflow DoS (MS09-065) This module causes a DoS in win32k.sys when attempts to render an embedded font. WARNING: This is an early release module. CVE-2009-2514 Denial of Service/Client Side Windows
04.07.2009 Microsoft Windows NtGdiFastPolyPolyline memory corruption DoS (MS09-006) This module exploits a kernel memory corruption on NtGdiFastPolyPolyline function via a malformed EMF file. CVE-2009-0081 Denial of Service/Client Side Windows
04.12.2009 pPim Remote File Inclusion Exploit This module exploits a vulnerability in pPIM's upload.php script that allows attackers to upload arbitrary scripts of any type to the target server. NOCVE-9999-36557 Exploits/Remote File Inclusion/Known Vulnerabilities
07.06.2009 FCKeditor CurrentFolder Parameter Arbitrary File Upload Exploit FCKeditor is prone to an arbitrary-file-upload vulnerability because it fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-2265 Exploits/Remote File Inclusion/Known Vulnerabilities
05.25.2009 Mambo output Remote File Inclusion Exploit A remote file inclusion vulnerability is present in Mambo. /includes/Cache/Lite/Output.php doesn't sanitize the $mosConfig_absolute_path before using it in an include. CVE-2008-2905 Exploits/Remote File Inclusion/Known Vulnerabilities
10.13.2009 osCommerce Arbitrary File Upload Exploit osCommerce Online Merchant 2.2 RC2a is vulnerable to an Arbitrary File Upload without the need to be authenticated. This leads to arbitrary PHP code execution in the context of the webserver. This module tries to install a RFI agent if the Web Application is vulnerable. It will fail if the webserver is not allowed to write on the document root of the vulnerable web application. NOCVE-9999-40096 Exploits/Remote File Inclusion/Known Vulnerabilities
08.19.2010 nuBuilder Remote File Inclusion Exploit Report.php fails to sanitize user input data on StartingDirectory parameter when used in an include. NOCVE-9999-44562 Exploits/Remote File Inclusion/Known Vulnerabilities
06.11.2009 Wordpress Weak Authentication Exploit An attacker, able to register a specially crafted username on a Wordpress 2.5 installation, will also be able to generate authentication cookies for other chosen accounts. This vulnerability exists because it is possible to modify authentication cookies without invalidating the cryptographic integrity protection. The proper way to exploit this vulnerability is to use a Wordpress account which its username starts with the word "admin", for example "admin99". This exploit will not be shown on WebApps reports. CVE-2008-1930 Exploits/Authentication Weakness
08.27.2009 Wordpress Password Reset Exploit A weakness has been reported in WordPress which can be exploited to bypass certain security restrictions. The weakness is due to a bug within the password reset functionality when verifying the secret key. This can be exploited to reset the password of the first user without a key in the database (usually administrator) without providing the correct secret key. NOCVE-9999-39525 Exploits/Authentication Weakness
04.13.2009 OpenSite 2.1 Weak Authentication Exploit This module exploits an authentication vulnerability in OpenSite 2.1. The function init in origin/libs/user.php checks for a matching origin_hash cookie. However, this cookie can be bruteforced in at most 2^32 tries for a known username. Actually, the number of attempts could be significantly reduced knowing that we do not have to check for time in the future, and long past. This works for OpenSite 2.1 and below. NOCVE-9999-36572 Exploits/Authentication Weakness
06.29.2009 MyBB Privilege Escalation Exploit A vulnerability has been reported in MyBB, which can be exploited by malicious users to conduct SQL injection attacks. Input passed via the "birthdayprivacy" parameter to inc/datahandlers/user.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires a valid user account. The vulnerability is reported in MyBB 1.4.x versions prior to 1.4.7. NOCVE-9999-38921 Exploits/Authentication Weakness
02.09.2010 Oracle Secure Backup Remote Command Execution Exploit Update This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. User interaction is not required to exploit this vulnerability. The specific flaw exists in the logic used to authenticate a user to the administration server running on port 443. The script login.php does not properly sanitize the 'username' variable before using it in a database query. A specially crafted 'username' allows unauthorized attackers to log in with full administrative capabilities. This update adds Solaris support. CVE-2009-1977 Exploits/Remote Code Execution Windows, Solaris
12.04.2012 WeBid converter Remote Code Execution Exploit Input passed via the "from" and "to" POST parameters to converter.php is not properly sanitised before being stored in includes/currencies.php. This can be exploited to inject and execute arbitrary PHP code. NOCVE-9999-53406 Exploits/Remote Code Execution Solaris, Linux, Windows, Mac OS X
12.04.2012 OP5 license Remote Code Execution Exploit op5 Appliance contains an input validation flaw related to the system-portal component that allows a remote attacker to execute arbitrary shell commands via command injection. CVE-2012-0261 Exploits/Remote Code Execution

Pages