Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
09.26.2011 Iphone SSH Default Password Exploit This module exploits a default password vulnerability in jailbroken Iphone iOS. NOCVE-9999-49570 Exploits/Remote
07.21.2010 Evinco CamShot GET Request Buffer Overflow Exploit This module exploits a vulnerability in the CamShot Module (camshot.exe) that can be exploited to cause a stack-based buffer overflow by sending a specially crafted, overly long HTTP GET request to TCP port where the server is listening. NOCVE-9999-44333 Exploits/Remote Windows
07.26.2012 Simple Web Server GET Request Buffer Overflow Exploit The vulnerability is caused due to a boundary error within Simple Web Server when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. NOCVE-9999-53352 Exploits/Remote Windows
07.25.2011 HP OpenView Performance Insight Server Backdoor Account Code Execution Exploit This module exploits a hidden account in the com.trinagy.security.XMLUserManager Java class. When using this account, an attacker can abuse the com.trinagy.servlet.HelpManagerServlet class and write arbitary files to the system allowing the execution of arbitary code. CVE-2011-0276 Exploits/Remote Windows
04.23.2012 LotusCMS router PHP Command Injection Exploit Input passed via the "page" parameter to index.php is not properly sanitised in the "Router()" function in core/lib/router.php before being used in an "eval()" call. This can be exploited to execute arbitrary PHP code. NOCVE-9999-51709 Exploits/Remote Solaris, Linux
07.02.2014 AVTECH DVR Camera Administration Login Console Captcha Bypass Exploit The /cgi-bin/nobody/VerifyCode.cgi file in AVTECH DVR cameras allows remote attackers to perform administration login console captcha bypass by using an arbitrary hardcoded captcha and its matching verification code. This module tries to verify if the vulnerability is present in the target device. CVE-2013-4982 Exploits/Remote
10.20.2013 TP-Link Camera servetest Command Injection Exploit This module exploits an OS command injection vulnerability in the /cgi-bin/admin/servetest file of several TP-Link surveillance cameras. This vulnerability allows remote authenticated users to execute arbitrary commands on affected cameras. CVE-2013-2578 Exploits/Remote
01.05.2012 CoDeSys SCADA Webserver Buffer Overflow Exploit webserver.exe is a component in 3S CoDeSys for handling the HTTP connections on port 8080. The process is affected by a buffer overflow that copies the input URI in a limited buffer allowing code execution. NOCVE-9999-50546 Exploits/Remote Windows
12.05.2010 PSOProxy GET Request Buffer Overflow Exploit The vulnerability is caused due to a boundary error within PSOProxy when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. CVE-2004-0313 Exploits/Remote Windows
06.06.2007 LANDesk Management Suite Alert Service Exploit This module exploits a buffer overflow vulnerability in the Alert Service (aolnsrvr.exe) component of LANDesk Management Suite 8.7 and installs an agent if successful. This vulnerability can be exploited remotely by sending a specially crafted packet to port UDP/65535. CVE-2007-1674 Exploits/Remote Windows
05.04.2010 SAP MaxDB Malformed Handshake Request Exploit Update This module exploits a stack buffer overflow vulnerability in SAP MaxDB by sending a specially crafted packet to 7210/TCP port. This update improves reliability. CVE-2010-1185 Exploits/Remote Windows
09.02.2008 CA BrightStor ARCserve Backup LGServer Service Exploit This module exploits a buffer overflow vulnerability in the LGServer Service (LGServer.exe) component of CA BrightStor ARCserve Backup for Laptops and Desktops and installs an agent if successful. This vulnerability can be exploited remotely by sending a specially crafted packet to port TCP/1900. CVE-2008-1328 Exploits/Remote Windows
08.04.2014 Easy File Management Web Server UserID Cookie Handling Buffer Overflow Exploit The vulnerability is caused due to a boundary error when parsing the "UserID" value in the session cookie, which can be exploited to cause a stack-based buffer overflow. NOCVE-9999-65448 Exploits/Remote Windows
06.08.2009 EMC AlphaStor Server Agent Buffer Overflow Exploit Multiple stack-based buffer overflows in the Command Line Interface process in the Server Agent in EMC AlphaStor 3.1 for Windows allow remote attackers to execute arbitrary code via crafted TCP packets to port 41025. CVE-2008-2158 Exploits/Remote Windows
04.05.2011 Kingview SCADA HMI HistorySvr Heap Overflow Exploit KingView Scada is vulnerable to a buffer overflow error in the "HistorySvr.exe" module when processing malformed packets sent to port 777/TCP. CVE-2011-0406 Exploits/Remote Windows
02.10.2014 HP ProCurve Manager SNAC UpdateDomainControllerServlet Exploit This module exploits a path traversal vulnerability in HP ProCurve Manager. The specific flaw exists within the UpdateDomainControllerServlet. This servlet improperly sanitizes the adCert argument allowing the remote attacker could upload a .jsp file and execute arbitrary code. Authentication is not required to exploit this vulnerability. CVE-2013-4811 Exploits/Remote Windows
08.29.2006 MailEnable IMAPD W3C Logging Buffer Overflow Exploit This module exploits a buffer overflow in the W3C logging for MailEnable Enterprise 1.1 allows remote attackers to execute arbitrary code. CVE-2005-3155 Exploits/Remote Windows
12.14.2009 HP Operations Manager Server Backdoor Account Exploit This module exploits a remote code execution vulnerability in HP Operations Manager by using an undocumented user account to upload an arbitrary file. CVE-2009-3843 Exploits/Remote Windows
10.14.2012 Samba LsarSetInformationPolicy Request Remote Buffer Overflow Exploit Update This update adds support to Debian 6.0.0 and adds support for attacking IPv6 targets. This module exploits a heap overflow bug in Samba Server by sending a crafted request packet via DCERPC call. CVE-2012-1182 Exploits/Remote Linux
06.25.2009 Mantis Manage_proj_page Remote Code Execution Exploit Update This update gives this exploit support for Windows platforms. CVE-2008-4687 Exploits/Remote Linux, Windows
10.23.2011 e107 Install Script Command Injection Exploit e107 CMS is vulnerable to a command injection in its installation script due to a lack of sanitization on the MySQL server parameter. CVE-2011-1513 Exploits/Remote Windows, Solaris, Linux, Mac OS X
02.24.2009 PHPMyAdmin Server_databases Remote Code Execution Exploit This module exploits a vulnerability in PHPMyAdmin. server_databases.php fails when it attemps to sanitize the sort_by parameter. It allows an attacker to inject code, and execute it on the web server with www-data privileges. CVE-2008-4096 Exploits/Remote Linux
11.30.2008 Easy File Sharing FTP Server PASS Buffer Overflow Exploit The vulnerability is caused due to a boundary error with the handling of passwords. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted passwords passed to the affected server. CVE-2006-3952 Exploits/Remote Windows
08.31.2011 Cisco NX-OS CDP Remote Exploit A vulnerability has been reported as Cisco Bug ID CSCtf08873 which states that a CDP packet with a long Device ID crashes CDPD on N7k. Our research indicated that the vulnerability corrupts the state of the heap, leading to an exploitable scenario, which allows to gain administrator privileges. This module exploits such vulnerability in order to install an agent. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. NOCVE-9999-48401 Exploits/Remote
10.21.2014 SolidWorks Workgroup PDM 2014 Opcode 2001 Remote Code Execution Exploit Update A stack buffer overflow occurs when copying a user supplied input to a fixed size stack buffer without boundary check leading to overwrite the SEH and the return address. The copying procedure stops when a null word is found and no size check is proceeded. NOCVE-9999-65834 Exploits/Remote Windows
02.12.2012 Trend Micro Control Manager CmdProcessor.exe AddTask Remote Buffer Overflow Exploit The CmdProcessor.exe service of Trend Micro Control Manager is prone to a stack-based buffer overflow, which can be exploited by remote unauthenticated attackers to execute arbitrary code by sending a specially crafted IPC packet to the vulnerable service. CVE-2011-5001 Exploits/Remote Windows
05.15.2014 Apache Struts ClassLoader Manipulation Remote Code Execution Exploit This module exploits a vulnerability in Apache Struts. The specific vulnerability is in the ParametersInterceptor, which allows a direct manipulation of the ClassLoader and as a result an attacker can execute arbitrary Java code in the target machine. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2014-0094 Exploits/Remote Linux
09.04.2013 Graphite Pickle Remote Code Execution Exploit This module exploits an unsafe pickle operation of Graphite in order to install an agent. CVE-2013-5093 Exploits/Remote Linux
12.01.2011 PHPMyAdmin Setup Config Remote Code Execution Exploit Update This update adds support for Solaris and Mac OS X platforms. CVE-2009-1151 Exploits/Remote Solaris, Linux, Mac OS X
12.25.2006 Novell eDirectory HTTP Protocol exploit update This module exploits a buffer overflow in Novell eDirectory HTTP Protocol. CVE-2006-5478 Exploits/Remote Windows

Pages