Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
05.15.2008 WebApps SQL Injection updates v2 This package updates WebApps' SQL Injection features to fix an issue when detecting the database's version. Exploits/SQL Injection
04.19.2009 WebApps SQL Injection v8.0 rev 1 This package updates WebApps' SQL Injection features to improve accuracy of detection of vulnerabilities. Exploits/SQL Injection
04.17.2008 WebApps SQL Injection updates This package updates WebApps' SQL Injection features to improve detection of a SQL Agent's capabilities, fix escaping of SQL statements for Oracle and SQL Server, add a new export command to the SQL Shell and improve its handling of empty result sets. Exploits/SQL Injection
09.06.2011 OpenEMR pc_category Cross Site Scripting Exploit OpenEMR fails to sanitize the pc_category parameter in interface/main/calendar/index.php leading to a Cross-Site Scripting vulnerability. NOCVE-9999-49218 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
01.25.2010 Wordpress Google Analytics Plugin Cross-Site Scripting Exploit Input passed to the "s" parameter in index.php is not properly sanitised before being returned to the user in googleanalytics.php. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. NOCVE-9999-41354 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
06.22.2010 Microsoft Sharepoint Server 2007 Cross Site Scripting Exploit The vulnerability exists due to failure in the "/_layouts/help.aspx" script to properly sanitize user-supplied input in "cid0" variable. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. CVE-2010-0817 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
06.29.2010 Moodle blog Cross Site Scripting Exploit Some parameters were not being properly cleaned on the blog index page, allowing non-persistent cross-site scripting (XSS) attacks. NOCVE-9999-44111 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
12.06.2009 Achievo atksearch Cross Site Scripting Exploit A Reflected Cross Site Scripting vulnerability was found in the atksearch[contractnumber], atksearch_AE_customer[customer] and atksearchmode[contracttype] variables within the 'Organisation Contracts' administration page. This is because the application does not properly sanitise the users input. CVE-2009-2733 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
03.01.2010 vBulletin acuparam Cross Site Scripting Exploit Input passed via the URL is not properly sanitised before being returned to the user within the search.php, sendmessage.php, showgroups.php, usercp.php, online.php, misc.php, memberlist.php, member.php, index.php, forumdisplay.php, inlinemod.php, newthread.php, private.php, profile.php, register.php, showthread.php, subscription.php, forum.php, faq.php, and calendar.php script. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. NOCVE-9999-42237 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
04.19.2010 vBulletin query Cross Site Scripting Exploit The application is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input to the 'query' parameter of the search pages. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. vBulletin 4.0.2 is vulnerable. This issue does not affect vBulletin 3.x versions. NOCVE-9999-42681 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
11.15.2011 Tomcat orderby Cross Site Scripting Exploit The session list screen (provided by sessionList.jsp) in affected versions uses the orderBy and sort request parameters without applying filtering and therefore is vulnerable to a cross-site scripting attack. Users should be aware that Tomcat 6 does not use httpOnly for session cookies by default so this vulnerability could expose session cookies from the manager application to an attacker. CVE-2010-4172 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
08.25.2010 Oracle Business Process Management Cross Site Scripting Exploit A cross site scripting vulnerability in the context parameter in webconsole/faces/jsf/tips.jsp. CVE-2010-2370 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
11.15.2011 Xampp php_self Cross Site Scripting Exploit XAMPP suffers from multiple XSS issues in several scripts that use the 'PHP_SELF' variable. The vulnerabilities can be triggered in the 'xamppsecurity.php', 'cds.php' and 'perlinfo.pl' because there isn't any filtering to the mentioned variable in the affected scripts. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user's browser session. NOCVE-9999-50264 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
02.16.2010 Hyperic HQ GenericError Page Cross Site Scripting Exploit A reflected cross-site scripting vulnerability was found in the generic exception handler of Hyperic, located in hq/web/common/GenericError.jsp. CVE-2009-2897 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
08.02.2010 MoinMoin Template Cross-Site Scripting Exploit There is a possible reflected Cross-Site Scripting attack. An attacker able to cause a user to follow a specially crafted malicious link may be able to recover session identifiers or exploit browser vulnerabilities. The template parameter is vulnerable. NOCVE-9999-43852 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
04.27.2011 Bugtracker.net edit_comment Cross Site Scripting Exploit The application fails to sanitize the bug_id parameter in several pages such as edit_comment and edit_bug, leading to a cross site scripting vulnerability. CVE-2010-3266 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
01.31.2010 Testlink login Cross Site Scripting Exploit A cross-site scripting vulnerability is present in TestLink before 1.8.5 allowing remote attackers to inject arbitrary web script or HTML via the req parameter to login.php. CVE-2009-4237 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
09.09.2009 VirtualMin Dom Parameter Cross Site Scripting Exploit Input passed to the "dom" parameter in left.cgi and via the URL to virtual-server/link.cgi is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. NOCVE-9999-39439 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
09.23.2009 Jetty Directory Listing Cross Site Scripting Exploit A Cross-Site scripting vulnerability has been reported in Jetty. This vulnerability can be induced whenever Jetty displays a web directory listing. Client-side script code can be included in the HTTP response by appending it next to directory listing's path, preceded by a ';' character. CVE-2009-1524 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
02.04.2010 TwonkyMedia Server Error Page Cross Site Scripting Exploit Input passed via the URL is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. This update lists the module in Impact's WebApp view. NOCVE-9999-40659 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
03.07.2010 Zope standard_error_message Cross-Site Scripting Exploit Zope is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. NOCVE-9999-41980 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
09.24.2009 Drupal Forum Cross Site Scripting Exploit A Cross-Site Scripting (XSS) vulnerability in the Forum module in Drupal 6.x (proir to version 6.13) allows remote attackers to inject arbitrary web scripts or HTML by requesting a specially crafted tid. The vulnerability is present only if the Forum module is activated, this is not the default configuration but the module is shipped by default with Drupal. CVE-2009-2373 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
03.01.2009 Typo3 Cross Site Scripting Exploit This module exploits insecure randomness vulnerability in Typo3, which leads to XSS attacks. This module tries to guess the Typo3 encryptionKey by exploiting its insecure randomness. If guessed, it will install an XSS Agent. Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
04.12.2010 Wordpress NextGEN Gallery Plugin Cross Site Scripting Exploit This vulnerability results from a reflected unsanitized input that can be crafted into an attack by a malicious user by manipulating the 'mode' parameter of the xml/media-rss.php script. Version 1.5.1 is verified as vulnerable, older versions are probably vulnerable too but they were not tested at this time. CVE-2010-1186 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
05.17.2011 eyeOS callback Cross Site Scripting Exploit A reflected cross-site scripting vulnerability in eyeOS 2.3 can be exploited to execute arbitrary JavaScript. NOCVE-9999-47772 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
02.17.2011 Moodle phpcoverage_home Cross Site Scripting Exploit Moodle fails to sanitize the phpcoverage_home parameter in phpcoverage.remote.top.inc.php leading to a Cross-Site Scripting vulnerability. NOCVE-9999-46920 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
03.03.2009 WebApps Exploit Generator Update v8.0 rev 1 Update solving a conflict between new XSS Exploits and XSS Exploit Generator Exploits/Cross Site Scripting (XSS)
03.16.2009 WebApps Cross-Site Scripting v8.0 rev 1 This package updates WebApps' Cross-Site Scripting features to improve accuracy of detection and reporting of vulnerabilities. Exploits/Cross Site Scripting (XSS)
01.02.2012 Flash XSS Analyzer Log update This Update modifies the way log is shown while running Flash XSS Analizer module, to clearly reflect the target with its result Exploits/Cross Site Scripting (XSS)
08.02.2009 WebApps Cross-Site Scripting v9.0 rev 1 This update resolves a conflict found when interacting with a XSS vulnerablility in HTTPS pages. Exploits/Cross Site Scripting (XSS)

Pages