CORE Impact Pro Exploits and Security Updates

When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.

Use the controls below to navigate CORE Impact exploits and other modules.

Released Date Titlesort descending Description Vulnerabilty Category Platform
11.22.2009 Autodesk 3D Studio Max Embedded Maxscript Exploit Autodesk 3D Studio Max allows users to bind script to application callbacks. This functionality could be exploited by an attacker by making a victim open a seemingly innocuous .MAX file with malicious script embedded. CVE-2009-3577 Exploits/Client Side Windows
11.22.2009 Autodesk Maya ScriptNode Exploit This module abuses the scripting functionality in Autodesk Maya to trigger remote code execution via a specially crafted file. CVE-2009-3578 Exploits/Client Side Windows, Mac OS X, Linux
11.22.2009 Autodesk Softimage Embedded Script Exploit This module abuses the scripting functionality in Autodesk Softimage to trigger remote code execution via a project with an embedded script. CVE-2009-3576 Exploits/Client Side Linux, Windows
04.08.2014 AV Shell improvement This update is to increase the realiability of AV shell module. Post Exploitation
02.24.2011 Avahi NULL UDP Packet DoS avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty IPv4 or IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2011-1002 Denial of Service/Remote Linux
09.29.2009 Avast Antivirus ASWMON.SYS Privilege Escalation Exploit This module exploits a vulnerability in Avast Antivirus ASWMON.SYS driver when handling a specially crafted IOCTL request. The vulnerability allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. CVE-2009-3522 Exploits/Local Windows
08.08.2010 Avast Internet Security aswFW.sys Driver IOCTL Handling Local DoS Avast! Internet Security is prone to a local denial-of-service vulnerability. Local attackers can exploit this issue to cause denial-of-service conditions. NOCVE-9999-44673 Denial of Service/Local Windows
11.18.2012 Avaya IP Office Customer Call Reporter ImageUpload Exploit The specific flaw exists because Avaya IP Office Customer Call Reporter allows to upload files to the webserver through ImageUpload.ashx. The uploaded files will not be stripped of their file extensions and the directory where they are saved has no scripting restrictions. CVE-2012-3811 Exploits/Remote Windows
06.12.2011 Avaya Windows Portable Device Manager (WinPDM) Buffer Overfow Exploit A boundary error in the Unite Host Router service (UniteHostRouter.exe) when processing certain requests can be exploited to cause a stack-based buffer overflow. NOCVE-9999-48394 Exploits/Remote Windows
01.12.2012 AVID Media Composer Phonetic Indexer Buffer Overflow Exploit Avid Media Composer is prone to a remote stack-based buffer-overflow vulnerability within the Phonetic Indexer (AvidPhoneticIndexer.exe) because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. CVE-2011-5003 Exploits/Remote Windows
01.29.2012 Aviosoft DTV Player PLF File Buffer Overflow This module exploits a buffer overflow in Aviosoft DTV Player which allows attackers to execute arbitrary code via a crafted .plf (aka playlist) file. CVE-2011-4496 Exploits/Client Side Windows
08.26.2009 Awingsoft Awakening Remote Command Execution Exploit Awingsoft Awakening (aka Winds3D) Viewer, which runs as a plugin within most popular web browsers, is vulnerable to a remotely exploitable arbitrary command execution vulnerability which can be triggered by making the user visit a malicious link/website. CVE-2009-2386 Exploits/Client Side Windows
12.01.2011 AWStats migrate Remote Code Execution Exploit The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter. CVE-2006-2237 Exploits/Remote Solaris, Linux, Mac OS X
11.21.2012 AzeoTech DAQFactory NETB Datagram Parsing Buffer Overflow Exploit A Buffer Overflow exist in DAQFactory service who listens on the UDP port 20034 when logs the informations of the incoming NETB packets. CVE-2011-3492 Exploits/Remote Windows
12.17.2008 BadBlue HTTP GET Request Buffer Overflow Exploit The vulnerability is caused due to a boundary error in ext.dll when processing an overly long PassThru command. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. CVE-2007-6377 Exploits/Remote Windows
06.05.2011 BakBone NetVault SmartDisk Integer Overflow DoS This module hangs the BakBone NetVault SmartDisk Server because it fails to properly handle user-supplied malformed packets. NOCVE-9999-48284 Denial of Service/Remote Windows
08.25.2009 Baofeng Storm OnBeforeVideoDownload Exploit BaoFeng Storm ActiveX control is prone to a buffer-overflow vulnerability because the application fails to adequately check boundaries on user-supplied input. CVE-2009-1612 Exploits/Client Side Windows
04.05.2011 Barcodewiz BarcodeWiz.dll LoadProperties ActiveX Exploit This module exploits a vulnerability in the BarcodeWiz.dll module included in the Barcodewiz application. The exploit is triggered when the LoadProperties() method processes a malformed argument resulting in a memory corruption. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. CVE-2010-2932 Exploits/Client Side Windows
04.12.2011 Barcodewiz BarcodeWiz.dll LoadProperties ActiveX Exploit Update This module exploits a vulnerability in the BarcodeWiz.dll module included in the Barcodewiz application. The exploit is triggered when the LoadProperties() method processes a malformed argument resulting in a memory corruption. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This version fixes a bug in the classname of the onelink feature. CVE-2010-2932 Exploits/Client Side Windows
12.03.2012 Basilic diff PHP Code Execution Exploit This module abuses a metacharacter injection vulnerability in the diff.php script. This flaw allows an unauthenticated attacker to execute arbitrary commands as the www-data user account. NOCVE-9999-53067 Exploits/Remote Solaris, Linux, Mac OS X
04.29.2009 Belkin BullDog Plus UPS-Service Buffer Overflow Exploit The UPS management software contains a built-in web server which allows for remote management of the UPS. The management interface is protected by a username and password and the authentication is performed via Basic authentication. There is a small stack-based overflow in the base64 decoding routine which handles the Basic authentication data. NOCVE-9999-37026 Exploits/Remote Windows
12.05.2010 Bentley Microstation wintab32 DLL Hijacking Exploit Bentley Microstation is prone to a vulnerability that may allow the execution of any library file named wintab32.dll, if this dll is located in the same folder than a .HLN file. NOCVE-9999-46101 Exploits/Client Side Windows
09.29.2013 Bifrost Server Buffer Overflow Exploit Bifrost Server is prone to a buffer overflow vulnerability which can be exploited remotely by sending a specially crafted packet to port TCP/81. NOCVE-9999-58713 Exploits/Remote Windows
01.28.2013 BigAnt IM Server AntDS Buffer Overflow Exploit BigAnt IM Server is prone to a buffer-overflow within AntDS.exe component when handling a specially crafted filename header. CVE-2012-6275 Exploits/Remote Windows
05.02.2013 BigAnt IM Server DDNF Username Buffer Overflow Exploit BigAnt IM Server is vulnerable to a buffer-overflow within the AntDS.exe component when handling an overly long username. NOCVE-9999-57633 Exploits/Remote Windows
12.01.2008 BigAnt IM Server HTTP GET Request Remote Buffer Overflow Exploit This module exploits a vulnerability in the AntServer Module (AntServer.exe), this can be exploited to cause a stack-based buffer overflow by sending a specially crafted, overly long HTTP GET request to default port 6080/TCP. CVE-2008-1914 Exploits/Remote Windows
11.08.2009 BigAnt IM Server HTTP GET Request Remote Buffer Overflow Exploit Update This module exploits a vulnerability in the AntServer Module (AntServer.exe) that can be exploited to cause a stack-based buffer overflow by sending a specially crafted, overly long HTTP GET request to default port 6660/TCP. This update adds support for the latest version of the software, which is still vulnerable to the attack. CVE-2008-1914 Exploits/Remote Windows
01.12.2010 BigAnt IM Server USV Request Remote Buffer Overflow Exploit This module exploits a vulnerability in the AntServer Module (AntServer.exe) to cause a stack-based buffer overflow, by sending a specially crafted, overly long "USV" request to the TCP port where the server is listening. NOCVE-9999-41693 Exploits/Remote Windows
03.20.2013 BigAnt Server DUPF Command Arbitrary File Upload Exploit BigAnt Server is prone to an arbitrary file upload and execute through a DUPF command. CVE-2012-6274 Exploits/Remote Windows
11.19.2008 BitTorrent Created By Tag Buffer Overflow Exploit The vulnerability is caused due to a boundary error in the processing of .TORRENT files. This can be exploited to cause a stack-based buffer overflow by tricking the user into opening a .TORRENT file containing an overly long Created By field. CVE-2008-4434 Exploits/Client Side

Pages