CORE Impact Pro Exploits and Security Updates
When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.
Use the controls below to navigate CORE Impact exploits and other modules.
|06.13.2011||Microsoft Windows Hyper-V VMBus Non Responsiveness Vulnerability DoS (MS11-047)||This module exploits a vulnerability on Microsoft Hyper-V sending a crafted packet from the "guest OS" to the "host OS" through the vmbus mechanism producing a non responsiveness effect in the all virtual machines running at the time.||CVE-2011-1872||Denial of Service/Local||Windows|
|10.13.2011||Microsoft Windows Font Library File Vulnerability DoS (MS11-077)||This module causes a BSOD in Microsoft Windows when parsing a specially crafted .FON font file. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.||CVE-2011-2003||Denial of Service/Local||Windows|
|05.31.2011||Network Post Exploitation improvements v11 rev1||This update improves reliability of "Pass The Hash", "Who is There" and "Remote Desktop Access" modules, which happened to have problems when executed in the context of an agent running as SYSTEM user.||Post Exploitation|
|04.08.2014||AV Shell improvement||This update is to increase the realiability of AV shell module.||Post Exploitation|
|11.06.2011||Remote Network Interface Performance Enhancements v12 Rev 1||Added some performance enhancements for the Remote Network Interface module.||Post Exploitation|
|10.26.2011||iPhone Buffer Overflow Exploit Update||This module updates the platform names and adds the CVE references for the iPhone Exploit.||CVE-2011-0227||Exploits/Client Side/Mobile|
|03.07.2012||Android Webkit Floating Point Datatype Exploit||WebKit in Android 2.1 does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation.||Exploits/Client Side/Mobile|
|10.22.2012||SQL Injection Analyzer Update 2||Test a web page's parameters trying to detect potential SQL Injection vulnerabilities. this update is for 12.5.||Exploits/SQL Injection/Analyzer|
|08.01.2012||SQL Injection Analyzer Update||Test a web page's parameters trying to detect potential SQL Injection vulnerabilities. The module can be configured to look for vulnerabilities in GET & POST parameters and cookies. This update adds an additional trigger to the FAST set of SQL injection triggers for the SQL Injection analyzer to use.||Exploits/SQL Injection/Analyzer|
|06.03.2013||HP Intelligent Management FaultDownloadServlet Directory Traversal Exploit||This module exploits a directory traversal vulnerability in HP Intelligent Management Center. Due to a lack of authentication and a directory traversal vulnerability in the FaultDownloadServlet component, an attacker can retrieve arbitrary files.||CVE-2012-5202||Exploits/Remote File Disclosure||Windows|
|06.03.2013||HP Intelligent Management IctDownloadServlet Directory Traversal Exploit||This module exploits a directory traversal vulnerability in HP Intelligent Management Center. Due to a lack of authentication and a directory traversal vulnerability in the IctDownloadServlet component, an attacker can retrieve arbitrary files.||CVE-2012-5204||Exploits/Remote File Disclosure||Windows|