Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Released Date Title Description Vulnerabilty Categorysort descending Platform
10.17.2007 Sun Java Web Console format string exploit This module exploits a format string vulnerability in the Sun Java Web Console and installs an agent. CVE-2007-1681 Exploits/Remote Solaris
07.16.2013 PCMan FTP Server USER Command Buffer Overflow Exploit PCMan's FTP Server is prone to a buffer-overflow when handling an overly long USER command. NOCVE-9999-58668 Exploits/Remote Windows
04.28.2011 ProFTPD Telnet IAC Buffer Overflow Exploit This module exploits a stack overflow vulnerability in proftpd in order to install an agent. The vulnerability is within the function pr_netio_telnet_gets(). The issue is triggered when processing specially crafted Telnet IAC packets delivered to the FTP server. CVE-2010-4221 Exploits/Remote AIX, FreeBSD
12.09.2008 AT TFTP Server Long Filename Buffer Overflow Exploit The vulnerability is caused due to a boundary error during the processing of TFTP Read/Write request packet types. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet with an overly long filename field. CVE-2006-6184 Exploits/Remote Windows
01.18.2015 Kerberos Checksum Remote Privilege Escalation Exploit (MS14-068) Update A vulnerability in Microsoft's implementation of the Kerberos authentication protocol allows to modify a Kerberos ticket to remotely escalate privileges. This module exploits the vulnerability impersonating a user of the domain's Administrators group to install an agent in the domain controller with System privileges. This update improves on the information associated with the installed agent in case of success of the module. CVE-2014-6324 Exploits/Remote Windows
06.10.2008 CitectSCADA Buffer Overflow Exploit Remote exploitation of a buffer overflow vulnerability in CitectSCADA allows for the remote execution of arbitrary code by attackers. CVE-2008-2639 Exploits/Remote Windows
12.25.2006 Novell Client NWSPOOL.DLL Buffer Overflow Exploit Novell Client for Netware is prone to a buffer overflow vulnerability on the nwspool.dll that could permit the execution of arbitrary remote code. The nwspool.dll library does not properly handle long arguments to the Win32 OpenPrinter() functions. CVE-2006-5854 Exploits/Remote Windows
06.09.2008 Borland InterBase Remote Integer Overflow Exploit This module exploits a buffer overflow vulnerability in the database service (ibserver.exe) of the Borland InterBase 2007 application. The exploit triggers an integer overflow and causes a stack-based buffer overflow by sending a specially crafted packet to port 3050/TCP of the vulnerable system and installs an agent if successful. CVE-2008-2559 Exploits/Remote Windows
12.12.2013 TP-Link Camera Unauthenticated Remote Firmware Upgrade Exploit The /cgi-bin/firmwareupgrade file in TP-Link IP cameras allows remote unauthenticated attackers to perform firmware upgrades. This module tries to verify if the vulnerability is present in the target device without actually upgrading its firmware. CVE-2013-2581 Exploits/Remote
02.07.2011 Quick TFTP Server Pro Mode Remote Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in Quick TFTP Server Pro when processing a very large mode field in a read or write request. CVE-2008-1610 Exploits/Remote Windows
07.05.2011 HP Data Protector Client EXEC_SETUP Remote Code Execution Exploit This module exploits a design flaw in HP Data Protector by sending a specially crafted EXEC_SETUP request. The specific flaw exists within the implementation of the EXEC_SETUP command. This command instructs a Data Protector client to download and execute a setup file. A malicious attacker can instruct the client to access a file off of a share thus executing arbitrary code under the context of the current user. CVE-2011-0922 Exploits/Remote Windows
08.04.2013 freeSSHd SSH Server Authentication Bypass Remote Code Execution Exploit Update This update modifies the application version displayed in Quick Information CVE-2012-6066 Exploits/Remote Windows
10.25.2012 EMC NetWorker nsrd RPC Service Format String Exploit A Format string vulnerability in the nsrd RPC service within EMC NetWorker? allows remote attackers to execute arbitrary code via format string specifiers in a crafted message. CVE-2012-2288 Exploits/Remote Linux, Windows
04.13.2011 DATAC RealWin ADDTAGMS Buffer Overflow Exploit DATAC RealWin is prone to a buffer overflow vulnerability when handling On_FC_CTAGLIST_FCS_ADDTAGMS packets with an overly long string. CVE-2011-1563 Exploits/Remote Windows
03.20.2013 BigAnt Server DUPF Command Arbitrary File Upload Exploit BigAnt Server is prone to an arbitrary file upload and execute through a DUPF command. CVE-2012-6274 Exploits/Remote Windows
06.11.2009 Symantec System Center Alert Management System Command Execution Exploit The AMS2 (Alert Management Systems 2) component of multiple Symantec products is prone to a remote command-execution vulnerability because the software fails to adequately sanitize user-supplied input. CVE-2009-1429 Exploits/Remote Windows
01.29.2012 Omni-NFS Enterprise FTP Server Buffer Overflow Exploit Update This vulnerability is caused by a buffer overflow in Omni-NFS Enterprise FTP Server, due to its lack of checking of user-supplied data within FTP requests. This update add CVE. CVE-2006-5792 Exploits/Remote Windows
07.30.2014 Yokogawa CS3000 BKFSim vhfd Buffer Overflow Exploit Yokogawa CS3000 is prone to a buffer overflow when handling specially crafted packets through UDP port 20010. CVE-2014-3888 Exploits/Remote Windows
02.05.2014 HP ProCurve Manager SNAC UpdateCertificatesServlet Exploit This module exploits a path traversal vulnerability in HP ProCurve Manager. The specific flaw exists within the UpdateCertificatesServlet. This servlet improperly sanitizes the fileName argument allowing the remote attacker could upload a .jsp file and execute arbitrary code. Authentication is not required to exploit this vulnerability. CVE-2013-4812 Exploits/Remote Windows
12.27.2009 SAP GUI SAPLPD Multiple Command Buffer Overflow Exploit Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands. CVE-2008-0621 Exploits/Remote Windows
09.28.2009 Microsoft Windows SMB 2.0 Negotiate Protocol Request Remote Exploit This module exploits a vulnerability on srv2.sys via a SMB 2 malformed packet. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-3103 Exploits/Remote Windows
05.09.2013 Schneider Electric Accutech Manager Heap Overflow Exploit This module exploits a heap overflow vulnerability in the Schneider Electric Accutech Manager Server by sending a malformed packet to the 2537/TCP port to execute arbitrary code or crash the server. CVE-2013-0658 Exploits/Remote Windows
02.12.2009 Mercury SMTPD CRAM-MD5 Pre-Auth Buffer Overflow Exploit Update This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Mercury Mail Transport System. The vulnerability is caused due to a boundary error within Mercury/32 SMTP Server Module (mercurys.dll) when processing arguments to the AUTH CRAM-MD5 command. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. This update adds support for DEP (Data Execution Prevention). CVE-2007-4440 Exploits/Remote Windows
02.14.2012 CA iTechnology iGateway Debug Mode Buffer Overflow Exploit The CA iGateway component, contains a buffer overflow vulnerability due to improper bounds checking on HTTP GET requests by the iGateway component when debug mode is enabled. CVE-2005-3190 Exploits/Remote Windows
04.19.2007 IBM Lotus Domino IMAP Server Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in a Lotus Domino IMAP Server and installs an agent if successful. This vulnerability can be exploited remotely and it does not require user authentication. CVE-2007-1675 Exploits/Remote Windows, AIX
12.17.2007 IBM Lotus Domino LSUB IMAP Server Buffer Overflow Exploit Exploits a stack buffer overflow in the Lotus Domino IMAP Server for windows version 7.0.2FP1 after authentication. CVE-2007-3510 Exploits/Remote Windows
05.01.2006 Novell Messenger Server Exploit This module sends a http request at nmma.exe service producing a buffer overflow and installs an agent. CVE-2006-0992 Exploits/Remote Windows
02.28.2011 Quick n Easy FTP Server Login DoS This module shuts down the Quick 'n Easy FTP Server because it fails to properly handle user-supplied malformed packets when login. CVE-2009-1602 Exploits/Remote Windows
01.26.2010 Sun Java System Web Server Webdav Stack Overflow This module exploits a buffer overflow vulnerability in the Sun Web Server Webdav service when parsing OPTION requests. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-0361 Exploits/Remote Windows
09.29.2013 Bifrost Server Buffer Overflow Exploit Bifrost Server is prone to a buffer overflow vulnerability which can be exploited remotely by sending a specially crafted packet to port TCP/81. NOCVE-9999-58713 Exploits/Remote Windows

Pages