Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
10.18.2007 Windows Macrovision (SECDRV.SYS) Memory Corruption Exploit This module exploits a vulnerability in Windows XP when the 0xCA002813 function is invoked with a specially crafted parameter. The IOCTL 0xCA002813 handler in the SECDRV.SYS device driver in Macrovision products, installed by default in Windows XP and Windows 2003, allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. CVE-2007-5587 Exploits/Local Windows
10.30.2011 Microsoft Windows AFD AfdConnect Privilege Escalation Exploit (MS11-046) Update The Ancillary Function Driver (AFD.sys) present in Microsoft Windows is vulnerable to an arbitrary pointer overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL to the vulnerable driver. This update adds support for Windows 2003. CVE-2011-1249 Exploits/Local Windows
09.01.2010 Microsoft Windows Tracing Registry Key ACL Privilege Escalation Exploit (MS10-059) An elevation of privilege vulnerability exists when Windows places incorrect access control lists (ACLs) on the registry keys for the Tracing Feature for Services. The vulnerability allows local attackers running code under an account with impersonation rights, like NETWORK SERVICE, to gain SYSTEM privileges. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-2554 Exploits/Local Windows
06.21.2010 Mac OS X CUPS lppasswd Local Privilege Escalation Exploit This module exploits a format string vulnerability in CUPS lppasswd in Apple Mac OS X 10.5.6 that allows local users to get code execution with elevated privileges. CVE-2010-0393 Exploits/Local Mac OS X
09.06.2009 Microsoft Windows Telnet Credential Reflection (MS09-042) This module exploits a vulnerability on telnet.exe using SMB relay attack. Warning: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-1930 Exploits/Tools Windows
09.28.2005 Sun Solaris Printd Arbitrary File Deletion Exploit Sun Solaris printd is affected by an arbitrary file deletion vulnerability. This module exploits this vulnerability. CVE-2005-4797 Exploits/Tools Solaris
04.23.2013 PHP Parsing Variant Buffer Overflow Exploit A Buffer overflow against the com_print_typeinfo function in PHP running on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types. CVE-2012-2376 Exploits/Tools Windows
11.18.2009 NetBIOS Cache Corruption Update Corrupts the NetBIOS Cache to allow redirection of NetBIOS and DNS names to an arbitrary IP Address. This update fixes a problem when closing the local udp port used by the module, in cases where the execution was stopped manually. CVE-2000-1079 Exploits/Tools Windows
05.28.2006 RealVNC 4.1.1 Authentication Exploit Proxy This exploit proxies TCP connections to a remote (or local) VNC server and monitors the list of supported authentication methods of the server. Connecting clients will receive a dummy list consisting of only one authentication method (no password). CVE-2006-2369 Exploits/Tools Windows
11.12.2014 DHCP Server with Bash Variables Injection Exploit This update includes a module implementing a DHCP server that'll attack querying hosts using the GNU Bash Environment Variables Injection vulnerability. CVE-2014-6271 Exploits/Tools Linux
02.01.2012 Oracle Java SSL Chosen Plain Text Exploit The SSL protocol encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack on an HTTPS session. This module attacks the SSLv3 implementation in the Oracle Java Runtime Enviroment. The module is capable of obtaining encrypted cookies from browsers running the affected Java Runtimes. CVE-2011-3389 Exploits/Tools Windows, Linux
08.15.2013 UPnP Vulnerability Checker This module checks for vulnerabilities in UPnP-enabled systems. It sends a SSDP "M-SEARCH" packet to the multicast group (239.255.255.250) and checks for known banners corresponding to vulnerable UPnP SDK versions. CVE-2012-5958 Exploits/Tools
07.04.2011 MutableDecoder Enhance fixed egg SimpleXorEgg with a new one which have no fixed code. Exploits/Tools
06.06.2011 NewStealthWrapper This update adds a wrapper to any agent that is created to be directly deployed and run on target systems. This wrapper helps evade detection of the agent by Anti Virus programs. Exploits/Tools
06.07.2009 SSDT Cleaner for IMPACT SDT Cleaner is a tool that intends to clean the SSDT (system service descriptor table) from hooks. The SDT Cleaner allows you to clean hooks installed by Anti-Virus and Firewalls. Exploits/Tools Windows
11.03.2014 Drupal core - SQL injection Exploit This update is to add the exploit in order to attack Drupal core CMS 7.x versions prior to 7.32 using default configuration (CVE-2014-3704). CVE-2014-3704 Exploits/SQL Injection Windows, Linux
04.19.2009 WebApps SQL Injection v8.0 rev 1 This package updates WebApps' SQL Injection features to improve accuracy of detection of vulnerabilities. Exploits/SQL Injection
04.17.2008 WebApps SQL Injection updates This package updates WebApps' SQL Injection features to improve detection of a SQL Agent's capabilities, fix escaping of SQL statements for Oracle and SQL Server, add a new export command to the SQL Shell and improve its handling of empty result sets. Exploits/SQL Injection
05.15.2008 WebApps SQL Injection updates v2 This package updates WebApps' SQL Injection features to fix an issue when detecting the database's version. Exploits/SQL Injection
03.01.2009 Typo3 Cross Site Scripting Exploit This module exploits insecure randomness vulnerability in Typo3, which leads to XSS attacks. This module tries to guess the Typo3 encryptionKey by exploiting its insecure randomness. If guessed, it will install an XSS Agent. Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
04.12.2010 Wordpress NextGEN Gallery Plugin Cross Site Scripting Exploit This vulnerability results from a reflected unsanitized input that can be crafted into an attack by a malicious user by manipulating the 'mode' parameter of the xml/media-rss.php script. Version 1.5.1 is verified as vulnerable, older versions are probably vulnerable too but they were not tested at this time. CVE-2010-1186 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
05.17.2011 eyeOS callback Cross Site Scripting Exploit A reflected cross-site scripting vulnerability in eyeOS 2.3 can be exploited to execute arbitrary JavaScript. NOCVE-9999-47772 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
02.17.2011 Moodle phpcoverage_home Cross Site Scripting Exploit Moodle fails to sanitize the phpcoverage_home parameter in phpcoverage.remote.top.inc.php leading to a Cross-Site Scripting vulnerability. NOCVE-9999-46920 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
09.06.2011 OpenEMR pc_category Cross Site Scripting Exploit OpenEMR fails to sanitize the pc_category parameter in interface/main/calendar/index.php leading to a Cross-Site Scripting vulnerability. NOCVE-9999-49218 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
01.25.2010 Wordpress Google Analytics Plugin Cross-Site Scripting Exploit Input passed to the "s" parameter in index.php is not properly sanitised before being returned to the user in googleanalytics.php. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. NOCVE-9999-41354 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
06.22.2010 Microsoft Sharepoint Server 2007 Cross Site Scripting Exploit The vulnerability exists due to failure in the "/_layouts/help.aspx" script to properly sanitize user-supplied input in "cid0" variable. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. CVE-2010-0817 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
06.29.2010 Moodle blog Cross Site Scripting Exploit Some parameters were not being properly cleaned on the blog index page, allowing non-persistent cross-site scripting (XSS) attacks. NOCVE-9999-44111 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
12.06.2009 Achievo atksearch Cross Site Scripting Exploit A Reflected Cross Site Scripting vulnerability was found in the atksearch[contractnumber], atksearch_AE_customer[customer] and atksearchmode[contracttype] variables within the 'Organisation Contracts' administration page. This is because the application does not properly sanitise the users input. CVE-2009-2733 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
03.01.2010 vBulletin acuparam Cross Site Scripting Exploit Input passed via the URL is not properly sanitised before being returned to the user within the search.php, sendmessage.php, showgroups.php, usercp.php, online.php, misc.php, memberlist.php, member.php, index.php, forumdisplay.php, inlinemod.php, newthread.php, private.php, profile.php, register.php, showthread.php, subscription.php, forum.php, faq.php, and calendar.php script. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. NOCVE-9999-42237 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities
04.19.2010 vBulletin query Cross Site Scripting Exploit The application is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input to the 'query' parameter of the search pages. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. vBulletin 4.0.2 is vulnerable. This issue does not affect vBulletin 3.x versions. NOCVE-9999-42681 Exploits/Cross Site Scripting (XSS)/Known Vulnerabilities

Pages