Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
05.14.2013 EMC AlphaStor Device Manager 0x41 Command Buffer Overflow Exploit A flaw exists within Device Manager (rrobotd.exe), which listens by default on port 3000, when parsing the 0x41 command. CVE-2013-0930 Exploits/Remote Windows
08.08.2011 IBM Lotus Domino LSUB IMAP Server Buffer Overflow Exploit Update Exploits a stack buffer overflow in the Lotus Domino IMAP Server for windows version 7.0.2FP1 after authentication. This update solves the unsupported icon target problem CVE-2007-3510 Exploits/Remote Windows
09.17.2014 Openfiler Remote Code Execution Exploit Update Insufficient sanitization in Openfile's /admin/system.html 'Hostname' field, leads to remote code execution. This update fixes the exploit category. NOCVE-9999-65590 Exploits/Remote Linux
04.06.2014 Schneider Electric Serial Modbus Driver Buffer Overflow Exploit The vulnerability is a buffer overflow in Schneider Electric OPC factory Suite which bundle the vulnerable component Schneider Electric Modbus Serial Driver (ModbusDrv.exe). CVE-2013-0662 Exploits/Remote Windows
09.29.2013 Adobe ColdFusion APSB13-03 Remote Code Execution Exploit Adobe ColdFusion is vulnerable to a remote authentication-bypass, allowing the attacker to upload an agent and execute it. The agent may have SYSTEM privileges if ColdFusion is installed as a service in Windows. CVE-2013-0625 Exploits/Remote Windows
12.09.2012 Remote Exploits File Header Update This update only modifies the description in the file header. CVE-2008-1914 Exploits/Remote Windows
03.18.2007 OpenBSD IPv6 mbuf Remote Exploit This module exploits a buffer overflow vulnerability in the OpenBSD kernel; the exploit uses fragmented ICMPv6 packets to take complete control of a target system. CVE-2007-1365 Exploits/Remote OpenBSD
10.21.2014 SolidWorks Workgroup PDM 2014 Opcode 2001 Remote Code Execution Exploit Update A stack buffer overflow occurs when copying a user supplied input to a fixed size stack buffer without boundary check leading to overwrite the SEH and the return address. The copying procedure stops when a null word is found and no size check is proceeded. NOCVE-9999-65834 Exploits/Remote Windows
09.24.2008 Alt-N Security Gateway Remote Buffer Overflow Exploit This module exploits a stack-based buffer overflow in the Alt-N Security Gateway by sending a specially crafted HTTP request to the TCP port 4000. CVE-2008-4193 Exploits/Remote Windows
07.26.2012 Simple Web Server GET Request Buffer Overflow Exploit The vulnerability is caused due to a boundary error within Simple Web Server when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. NOCVE-9999-53352 Exploits/Remote Windows
02.08.2009 CA BrightStor ARCserve Backup Media Server Exploit Update This module exploits a buffer overflow in the handling of RPC data in the Computer Associates BrightStor ARCServe Backup Media Server service (mediasvr.exe) which is a component of BrightStor ARCserve Backup Tape Engine. This update adds support for Windows 2003 SP1 and SP2, Windows Vista SP1 and Windows XP SP3. CVE-2007-1785 Exploits/Remote Windows
05.15.2014 Apache Struts ClassLoader Manipulation Remote Code Execution Exploit This module exploits a vulnerability in Apache Struts. The specific vulnerability is in the ParametersInterceptor, which allows a direct manipulation of the ClassLoader and as a result an attacker can execute arbitrary Java code in the target machine. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2014-0094 Exploits/Remote Linux
04.23.2012 LotusCMS router PHP Command Injection Exploit Input passed via the "page" parameter to index.php is not properly sanitised in the "Router()" function in core/lib/router.php before being used in an "eval()" call. This can be exploited to execute arbitrary PHP code. NOCVE-9999-51709 Exploits/Remote Solaris, Linux
10.20.2013 TP-Link Camera servetest Command Injection Exploit This module exploits an OS command injection vulnerability in the /cgi-bin/admin/servetest file of several TP-Link surveillance cameras. This vulnerability allows remote authenticated users to execute arbitrary commands on affected cameras. CVE-2013-2578 Exploits/Remote
01.05.2012 CoDeSys SCADA Webserver Buffer Overflow Exploit webserver.exe is a component in 3S CoDeSys for handling the HTTP connections on port 8080. The process is affected by a buffer overflow that copies the input URI in a limited buffer allowing code execution. NOCVE-9999-50546 Exploits/Remote Windows
06.08.2009 EMC AlphaStor Server Agent Buffer Overflow Exploit Multiple stack-based buffer overflows in the Command Line Interface process in the Server Agent in EMC AlphaStor 3.1 for Windows allow remote attackers to execute arbitrary code via crafted TCP packets to port 41025. CVE-2008-2158 Exploits/Remote Windows
07.21.2010 Asterisk T.38 buffer Overflow Exploit Update This module exploits a buffer overflow vulnerability in the T38FaxRateManagement parameter when parsing SIP/SDP requests in 1.4.x prior to 1.4.3. This update improves the reliability of the module. CVE-2007-2293 Exploits/Remote Linux
07.01.2015 Zimbra Collaboration Server skin Local File Include Exploit Zimbra is vulnerable to a Local File Inclusion vulnerability that allows attacker to get LDAP credentials which we may use for upload a JSP file allowing us to install an agent. CVE-2013-7091 Exploits/Remote Linux
02.19.2009 RealNetworks Helix DNA Server Remote Heap Overflow Exploit This module exploits a remote heap overflow in the Helix DNA Server (rmserver.exe) by sending a specially crafted RTSP packet to the 554/TCP port. CVE-2008-5911 Exploits/Remote Windows
06.06.2007 LANDesk Management Suite Alert Service Exploit This module exploits a buffer overflow vulnerability in the Alert Service (aolnsrvr.exe) component of LANDesk Management Suite 8.7 and installs an agent if successful. This vulnerability can be exploited remotely by sending a specially crafted packet to port UDP/65535. CVE-2007-1674 Exploits/Remote Windows
06.08.2011 HP Rational Quality Manager Backdoor Account Code Execution Exploit This module exploits a remote code execution vulnerability in HP Rational Quality Manager by using an undocumented user account to upload an arbitrary file. CVE-2010-4094 Exploits/Remote Windows
03.08.2011 Symantec AMS Intel Alert Handler Pin Number Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the Intel Handler Service. CVE-2010-0111 Exploits/Remote Windows
11.14.2007 HP Linux Imaging and Printing exploit for Impact 7.5 A vulnerability has been identified in HP Linux Imaging and Printing System (HPLIP), which could be exploited by local attackers to obtain elevated privileges. This issue is caused by input validation errors in the hpssd daemon that does not validate user-supplied data before being passed to a popen3() call, which could be exploited by malicious users to inject and execute arbitrary commands with root privileges. This package include local and remote versions of the exploit. CVE-2007-5208 Exploits/Remote Linux, FreeBSD
12.14.2009 HP Operations Manager Server Backdoor Account Exploit This module exploits a remote code execution vulnerability in HP Operations Manager by using an undocumented user account to upload an arbitrary file. CVE-2009-3843 Exploits/Remote Windows
06.02.2014 Dassault Systemes Catia CATV5_Backbone_Bus Buffer Overflow Exploit A stack buffer overflow occurs when copying a user supplied input to a fixed size stack buffer. The copying procedure stops when a null byte is found and no size check is proceeded. NOCVE-9999-62708 Exploits/Remote Windows
02.16.2014 IBM Director CIM Server Remote Code Execution Exploit update This update resolves an issue related to the use of Impact's WebDAV server by this module. Exploits/Remote
10.17.2010 Joomla 1.5.12 Remote Execution Exploit Update 3 A vulnerability exists in the TinyMCE editor, included in the tiny browser plugin, which allows uploading files without authentication. This can be exploited to upload files with multiple extensions and execute arbitrary PHP code. This update adds support for Solaris platforms. NOCVE-9999-39524 Exploits/Remote Solaris, Linux, Windows
06.22.2009 AIX libtt.a rpc.ttdbserver Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the ToolTalk library libtt.a. After successful exploitation an agent running as root will be installed on the target machine. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. NOCVE-9999-38844 Exploits/Remote AIX
07.18.2010 mDNSResponder buffer overflow exploit Update This module exploits a buffer overflow vulnerability in the mDNSResponder service running on certain versions of Apple Mac OS X. The vulnerability is exploited remotely by sending a specially crafted UPnP Internet Gateway Device (IGD) packet and installing an agent. This update adds port parameter. CVE-2007-2386 Exploits/Remote Mac OS X
06.23.2011 DATAC RealWin SCADA Server Login Buffer Overflow Exploit DATAC Realwin is prone to a buffer-overflow when processing On_FC_CONNECT_FCS_LOGIN packets with an overly long user name. CVE-2011-1563 Exploits/Remote Windows

Pages