Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
10.01.2013 Openftpd Server Buffer Overflow Exploit Update The vulnerability is caused due to a boundary error within the authentication process. This can be exploited to cause a stack-based buffer overflow by sending an overly long, specially-crafted password to the affected server. This update adds CVE Number. CVE-2010-2620 Exploits/Remote Windows
11.22.2011 Tomcat Deploy Manager Default Account Code Execution Exploit Update This update enhaces the functionality of this module. CVE-2009-3548 Exploits/Remote Windows
01.10.2008 SAP MaxDB Remote Command Injection Exploit This module installs an agent using a remote command-injection vulnerability located in the database server. CVE-2008-0244 Exploits/Remote Windows
11.25.2009 MSRPC CA BrightStor ARCserve Backup ReportRemoteExecuteCML Buffer Overflow Exploit CA BrightStor ARCserve Backup is prone to a stack based buffer overflow vulnerability on the RPC interface that could permit the execution of arbitrary remote code. A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer. CVE-2008-4397 Exploits/Remote Windows
10.27.2013 Apache Struts 2 DefaultActionMapper redirect Remote Code Execution Exploit Update The DefaultActionMapper class in Apache Struts2 supports a method for short-circuit navigation state changes by prefixing parameters with "action:" or "redirect:". The information contained in these prefixes is not properly sanitized before being evaluated as OGNL expressions on the server side, which allows remote attackers to execute arbitrary Java code on the server. This module exploits the vulnerability in any web application built on top of vulnerable versions of the Apache Struts 2 framework. CVE-2013-2251 Exploits/Remote Windows, Linux, Mac OS X
08.29.2006 MailEnable IMAPD W3C Logging Buffer Overflow Exploit This module exploits a buffer overflow in the W3C logging for MailEnable Enterprise 1.1 allows remote attackers to execute arbitrary code. CVE-2005-3155 Exploits/Remote Windows
12.13.2011 Zabbix Remote Code Execution Exploit Update This module adds support for Mac OS X and Solaris platforms. NOCVE-9999-37058 Exploits/Remote Solaris, Linux, Mac OS X
09.26.2010 HP Data Protector DtbClsLogin Remote Exploit This module exploits a remote stack-based buffer overflow vulnerability in HP Data Protector, by sending a specially crafted packet to the port 3817/TCP, which will trigger a buffer overflow when processed by the DtbClsLogin function in the dpwindtb.dll module. CVE-2010-3007 Exploits/Remote Windows
02.13.2013 Sunway Force Control SCADA SMNP NetDBServer Buffer Overflow Exploit Update A stack based buffer overflow in the SNMP NetDBServer service of Sunway Forcecontrol is triggered when sending an overly long string to the listening service on port 2001. This version updates runtime value to the appropriate for this case. NOCVE-9999-51166 Exploits/Remote Windows
05.17.2012 SAP Netweaver DiagTraceR3Info Remote Buffer Overflow Exploit The DiagTraceR3Info function of the disp+work.exe component of SAP Netweaver is prone to a remote buffer overflow when the work process trace level is set to values 2 or 3 for the Dialog Processor component. This vulnerability can be exploited to execute arbitrary code on the vulnerable machine by sending a specially crafted packet containing ST_R3INFO CODEPAGE items. CVE-2012-2611 Exploits/Remote Windows
12.05.2010 Httpdx FTP Server tolog() Function Format String Exploit This module exploits a format string vulnerability in HTTPDX FTP server by sending a specially crafted FTP command, corrupting the memory and executing arbitrary code. CVE-2009-4769 Exploits/Remote Windows
01.24.2012 Goodtech Telnet Daemon Buffer Overflow Exploit There is a buffer overflow vulnerability in the administration web server for GoodTech Telnet Server which allows remote attackers to execute arbitrary code via a long string to port 2380. CVE-2005-0768 Exploits/Remote Windows
10.20.2010 Disk Pulse Server GetServerInfo Request Buffer Overflow Exploit Update A vulnerability exists in the way Disk Pulse Server v2.2.34 process a remote clients "GetServerInfo" request.The vulnerability is caused due to a boundary error in libpal.dll when handling network messages and can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 9120. This update correct typo. NOCVE-9999-45456 Exploits/Remote Windows
05.29.2005 MySQL MaxDB WebTool GET Request Buffer Overflow Exploit This module exploits a stack buffer overflow in the MySQL MaxDB WebTool Server and installs a level0 agent. CVE-2005-0684 Exploits/Remote Windows
03.03.2013 Procyon Core Server HMI Scada Coreservice Buffer Overflow Exploit Update Vulnerability in the coreservice.exe component of Procyon Core Server versions 1.13 and below. While processing a password, the application fails to do proper bounds checking before copying data into a buffer on the stack. This causes a buffer overflow and allows it to overwrite a structured exception handling record, allowing for unauthenticated remote code execution. This version updates runtime value to the appropriate for this case. CVE-2011-3322 Exploits/Remote Windows
07.04.2011 Mutable Decoder in Package and Register Mutable Decoder in Package and Register improves the randomness in executable agents generated by Impact (Package and Register, Serve Agent in WebServer, Send Agent by email and others). Exploits/Remote
05.03.2010 HP OpenView NNM OvWebHelp CGI Buffer Overflow Exploit This module exploits a vulnerability in HP OpenView NNM by sending a specially crafted request to OvWebHelp.exe. CVE-2009-4178 Exploits/Remote Windows
06.05.2008 MDaemon IMAP Fetch Exploit Update This module exploits a stack-based buffer overflow in the MDaemon Email Server 9.64. CVE-2008-1358 Exploits/Remote Windows
06.06.2012 AT TFTP Server Long Filename Buffer Overflow Exploit Update 2 The vulnerability is caused due to a boundary error during the processing of TFTP Read/Write request packet types. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet with an overly long filename field. This update ensures that the program receives all data. This update fixes an error on Impact v12.3. CVE-2006-6184 Exploits/Remote Windows
12.25.2006 MSRPC Netware Client CSNW Overflow exploit update This module exploits a buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows allows remote attackers to execute arbitrary code via crafted messages. CVE-2006-4688 Exploits/Remote Windows
07.15.2009 Mozilla Firefox Memory Corruption Exploit This module exploits a vulnerability in Mozilla Firefox 3.5 and installs an agent on the target machine. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. NOCVE-9999-39129 Exploits/Remote Windows
12.12.2005 VERITAS NetBackup BPJava Exploit NetBackup Java user-interface is affected by a remote format string vulnerability. An attacker can exploit this vulnerability by crafting a malicious request that contains format specifiers. This module exploits this vulnerability and installs an agent. CVE-2005-2715 Exploits/Remote Windows, Linux
04.18.2013 Nagios history Buffer Overflow Exploit This module exploits a remote buffer overflow in Nagios history.cgi by sending a malformed host parameter. CVE-2012-6096 Exploits/Remote Linux
07.31.2011 Blue Coat Authentication and Authorization Agent Buffer Overflow Exploit Blue Coat BCAAA is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks. This exploit bypasses DEP protection by using ROP techniques. NOCVE-9999-48688 Exploits/Remote Windows
05.26.2010 MSRPC SRVSVC NetrpPathCanonicalize Exploit (MS06-040) Update 3 This update improves reliability when it's launched against Windows XP SP1 platforms. This module exploits a remotely exploitable vulnerability in Windows' Server Service (MS06-040) over Microsoft DCERPC (ports 139 and 445). CVE-2006-3439 Exploits/Remote Windows
04.25.2011 Novell File Reporter Agent XML Tag Remote Code Execution Exploit This module exploits a buffer overflow vulnerability in Novell File Reporter. This vulnerability can be exploited remotely by sending a specially crafted packet to port TCP/3037. CVE-2011-0994 Exploits/Remote Windows
02.03.2010 Vermillion FTP Daemon Buffer Overflow Exploit The vulnerability is caused due to a boundary error with the handling of PORT commands. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted command passed to the affected server. NOCVE-9999-41966 Exploits/Remote Windows
08.06.2014 Atlassian JIRA Issue Collector Plugin Path Traversal Vulnerability Exploit A path traversal vulnerability affects the Issue Collector plugin in Atlassian JIRA. This module exploits that vulnerability to achieve remote code execution. The installed agent will have SYSTEM privileges. CVE-2014-2314 Exploits/Remote Windows
09.26.2007 MSRPC MSMQ Buffer Overflow exploit update This package updates the MSRPC MSMQ Buffer Overflow exploit module. CVE-2005-0059 Exploits/Remote Windows
05.19.2008 Debian OpenSSL Predictable Random Number Generation Exploit This module exploits the random number generator in Debian's OpenSSL package being predictable. This vulnerability is used to generate SSH keys and to install an agent into the target host. CVE-2008-0166 Exploits/Remote Linux

Pages