Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
04.28.2008 Arkeia Network Backup buffer overflow exploit update This package updates the Arkeia Network Backup exploit. CVE-2005-0491 Exploits/Remote Windows, Linux
01.28.2013 BigAnt IM Server AntDS Buffer Overflow Exploit BigAnt IM Server is prone to a buffer-overflow within AntDS.exe component when handling a specially crafted filename header. CVE-2012-6275 Exploits/Remote Windows
04.06.2010 Symantec Veritas VRTSweb Remote Exploit This module exploits a code execution vulnerability in the Veritas Web Server service by sending a specially crafted authentication request to the 14300/TCP port. CVE-2009-3027 Exploits/Remote Windows
11.04.2008 MSRPC Server Service Remote Buffer Overflow Exploit (MS08-067) Update This module exploits a vulnerability in the Microsoft Server service sending a specially crafted RPC request. This module improves the reliability of the exploit on Windows 2000 and adds support for Windows XP SP3. CVE-2008-4250 Exploits/Remote Windows
05.16.2012 CA Total Defense UNCWS Web Service deleteReportFilter Remote Code Execution Exploit The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The deleteReportFilter method makes use of the uncsp_DeleteFilter stored procedure, which is vulnerable to SQL Injection. CVE-2011-1653 Exploits/Remote Windows
11.28.2013 Zavio Camera NTP Server OS Command Injection Exploit The Zavio F3105 IP camera is vulnerable to OS command injection when the /opt/cgi/view/param binary parses the General.Time.NTP.Server configuration parameter. This vulnerability allows authenticated users to execute arbitrary code on the affected cameras. CVE-2013-2570 Exploits/Remote
01.05.2012 Telnetd encrypt_keyid Remote Buffer Overflow Exploit Buffer overflow in libtelnet/encrypt.c in various implementations of telnetd allows remote attackers to execute arbitrary code with root permissions via a long encryption key. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2011-4862 Exploits/Remote FreeBSD, Linux
02.22.2013 EMC AlphaStor Device Manager Command Injection Exploit The Device Manager service (rrobotd.exe) in EMC AlphaStor is prone to an OS command injection vulnerability when processing DCP commands. A remote unauthenticated attacker can exploit this in order to execute arbitrary code with SYSTEM privileges on the vulnerable machine. CVE-2013-0928 Exploits/Remote Windows
11.15.2007 MSRPC Samba Command Injection exploit update 2 for IMPACT 7.5 This update adds support for FreeBSD and OpenBSD. This module exploits a command injection vulnerability in the function AddPrinterW in Samba 3, reached through an AddPrinter remote request. CVE-2007-2447 Exploits/Remote Linux, OpenBSD, FreeBSD, Mac OS X
05.04.2010 RealNetworks Helix Server AgentX Remote Buffer Overflow Exploit This module exploits a remote stack-based buffer overflow vulnerability in AgentX++, as distributed with Helix Server, by sending multiple blocks of data to the port 705/TCP. CVE-2010-1318 Exploits/Remote Windows
10.09.2012 TurboFTP Server PORT Command Buffer Overflow Exploit TurboFTP Server is prone to a buffer-overflow when processing a malformed PORT command. NOCVE-9999-54992 Exploits/Remote Windows
07.02.2014 AVTECH DVR Camera Administration Login Console Captcha Bypass Exploit The /cgi-bin/nobody/VerifyCode.cgi file in AVTECH DVR cameras allows remote attackers to perform administration login console captcha bypass by using an arbitrary hardcoded captcha and its matching verification code. This module tries to verify if the vulnerability is present in the target device. CVE-2013-4982 Exploits/Remote
05.31.2012 HP Data Protector EXEC_CMD Exploit This module exploits a buffer overflow vulnerability in HP Data Protector by sending a specially crafted EXEC_CMD request. CVE-2011-1866 Exploits/Remote Windows
01.05.2011 Mantis Manage_proj_page Remote Code Execution Exploit Update 5 This module exploits a Remote Code Execution vulnerability in Mantis version 1.1.3 when handling the sort parameter in manage_proj_page without the proper validation that leads to a remote code execution on Mantis' Web server. This update adds support for the OSX platform. CVE-2008-4687 Exploits/Remote Solaris, Linux, Windows, AIX, Mac OS X
01.24.2012 Omni-NFS Server NFSD Stack Buffer Overflow Exploit A buffer overflow exist in nfsd.exe in XLink Omni-NFS Server and allows remote attackers to execute arbitrary code via a crafted TCP packet to port 2049 (nfsd). CVE-2006-5780 Exploits/Remote Windows
04.03.2007 IIS HTR ChunkedEncoding exploit update This update adds support for Windows 2000 SP0 and fixes a reliability issue. The module exploits a vulnerability in the .HTR ISAPI filter in early versions of IIS. CVE-2002-0079 Exploits/Remote Windows
07.09.2009 Zabbix 1.6.2 Remote Code Execution Exploit A Remote Code Execution issue has been found in Zabbix version 1.6.2 and no authentication is required in order to exploit this vulnerability. Magic Quotes must be turned off in order to exploit this vulnerability. NOTE: Magic quotes is no longer supported by PHP starting with PHP 6.0 NOCVE-9999-37058 Exploits/Remote Linux
04.18.2012 Miniserv Perl Format String Exploit Update This update fixes an issue with the SSL support in the exploit for Usermin's and Webmin's perl format string vulnerability (CVE-2005-3912). CVE-2005-3912 Exploits/Remote Linux
04.09.2013 Apple Mac OS X Samba NetWkstaTransportEnum Request Remote Buffer Overflow Exploit This module exploits a vulnerability in Mac OS X Samba server. When a specially crafted call to "NetWkstaTransportEnum" RPC function is processed by the Samba server, it produces a heap overflow. CVE-2012-1182 Exploits/Remote Mac OS X
07.13.2011 Novell File Reporter Engine RECORD Tag Parsing Exploit This module exploits a buffer overflow in Novell File Reporter by sending a specially crafted packet. CVE-2011-2220 Exploits/Remote Windows
05.31.2010 HP OpenView NNM getnnmdata CGI Buffer Overflow Exploit This module exploits a stack-based buffer overflow in HP OpenView Network Node Manager by sending a specially crafted request to getnnmdata.exe. CVE-2010-1553 Exploits/Remote Windows
01.28.2010 Net Transport eDonkey Protocol Buffer Overflow Exploit The vulnerability is caused due to a boundary error in the processing of eDonkey "OP_LOGINREQUEST" packets. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet to the ed2k port of an affected system. NOCVE-9999-41933 Exploits/Remote Windows
08.04.2014 Easy File Management Web Server UserID Cookie Handling Buffer Overflow Exploit The vulnerability is caused due to a boundary error when parsing the "UserID" value in the session cookie, which can be exploited to cause a stack-based buffer overflow. NOCVE-9999-65448 Exploits/Remote Windows
02.10.2014 HP ProCurve Manager SNAC UpdateDomainControllerServlet Exploit This module exploits a path traversal vulnerability in HP ProCurve Manager. The specific flaw exists within the UpdateDomainControllerServlet. This servlet improperly sanitizes the adCert argument allowing the remote attacker could upload a .jsp file and execute arbitrary code. Authentication is not required to exploit this vulnerability. CVE-2013-4811 Exploits/Remote Windows
02.06.2012 Traq Command Injection Exploit Traq is vulnerable to an authentication bypass vulnerability, this module exploits this vulnerability in order to install a plugin hook to ultimately install an agent in the target host. NOCVE-9999-50813 Exploits/Remote Windows, Solaris, Linux, Mac OS X
08.11.2009 Bopup Communications Server Remote Buffer Overflow Exploit The vulnerability is caused due to a boundary error and can be exploited to cause a stack-based buffer overflow via a specially crafted TCP packet sent to port 19810. Successful exploitation allows execution of arbitrary code. CVE-2009-2227 Exploits/Remote Windows
11.30.2011 Xoops mydirname Remote Code Execution Exploit Update This update adds support for Solaris platform. NOCVE-9999-38580 Exploits/Remote Solaris, Linux
05.14.2013 EMC AlphaStor Device Manager 0x41 Command Buffer Overflow Exploit A flaw exists within Device Manager (rrobotd.exe), which listens by default on port 3000, when parsing the 0x41 command. CVE-2013-0930 Exploits/Remote Windows
08.08.2011 IBM Lotus Domino LSUB IMAP Server Buffer Overflow Exploit Update Exploits a stack buffer overflow in the Lotus Domino IMAP Server for windows version 7.0.2FP1 after authentication. This update solves the unsupported icon target problem CVE-2007-3510 Exploits/Remote Windows
09.17.2014 Openfiler Remote Code Execution Exploit Update Insufficient sanitization in Openfile's /admin/system.html 'Hostname' field, leads to remote code execution. This update fixes the exploit category. NOCVE-9999-65590 Exploits/Remote Linux

Pages